Banda Ancha EU

Comunidad de usuarios
de fibra, móvil y ADSL

hosting en interdominios
58 lecturas y 3 respuestas
  • Cerrado

    Alguna informacion del Xavi 7028R

    Para el que le interese configurar la seguridad en el Xavi 7028R (Firewall y e IDS) os comento una informacion que igual os interese.

    En primer lugar, en Windows hay un "truco" para acceder a un modo extendido de la aplicacion de configuracion de Telefonica, que incorpora un apartado para configurar el Firewall y los Firewall Triggers.

    Para ello debeis añadir al registro la clave alfanumerica "optFirewall" con valor "true" en HKEY_LOCAL_MACHINE\SOFTWARE\Telefonica\Kit Inalambrico\Instalacion, esto hara que aparezca la opcion "Gestìon de puertos y cortafuegos".

    Ojo, esta opcion requiere saber lo que uno se hace. No vale luego quejarse a Telefonica ya que ellos NO proporcionan esta opcion a los usuarios (y eso que yo tengo bastante mania a Telefonica).

    Acerca de los parametros del IDS, para el que no sepa os pongo la siguiente informacion, esta en ingles asi que el que no sepa ingles...ya sabe que traduzca :) :

    14.16 firewall set IDS blacklist
    14.16.1 Syntax
    firewall set IDS blacklist {enable | disable | clear}
    14.16.2 Description
    This command sets the blacklist IDS (Intrusion Detection Setting).
    Blacklisting denies an external host access to the system if IDS has
    detected an intrusion from that host. Access to the network is denied for
    ten minutes.
    Note - This CLI command is case-sensitive. You must type the
    command attributes exactly as they appear in the syntax section
    on this page. If you do not use the same case-sensitive syntax,
    the command fails and the CLI displays a syntax error message.

    14.17 firewall set IDS DOSattackblock
    14.17.1 Syntax
    firewall set IDS DOSattackblock
    14.17.2 Description
    This command sets the DOS (Denial of Service) attack block duration
    Intrusion Detection Setting (IDS). A DOS attack is an attempt by an
    attacker to prevent legitimate users from using a service. If a DOS
    attack is detected, all suspicious hosts are blocked by the firewall for
    a
    set time limit. This command allows you to specify the duration of the
    block time limit.

    14.18 firewall set IDS MaxICMP
    14.18.1 Syntax
    firewall set IDS MaxICMP
    14.18.2 Description
    This command sets the maximum number of ICMP packets per second
    that are allowed by firewall before an ICMP Flood is detected. An
    ICMP Flood is a DOS (Denial of Service) attack. An attacker tries to
    flood the network with ICMP packets in order to prevent transportation
    of legitimate network traffic.
    Once the maximum number of ICMP packets per second is reached, an
    attempted ICMP Flood is detected. The firewall blocks the suspected
    attacker for the time limit specified in the firewall set IDS
    DOSattackblock command.

    14.19 firewall set IDS MaxPING
    14.19.1 Syntax
    firewall set IDS MaxPING
    14.19.2 Description
    This command sets the maximum number of pings per second that are
    allowed by firewall before an Echo Storm is detected. Echo Storm is a
    DOS (Denial of Service) attack. An attacker sends oversized ICMP
    datagrams to the system using the 'ping' command. This can cause the
    system to crash, freeze or reboot, resulting in denial of service to
    legitimate users.
    Once the maximum number of pings per second is reached, an
    attempted DOS attack is detected. The firewall blocks the suspected
    attacker for the time limit specified in the firewall set IDS
    DOSattackblock command.

    14.20 firewall set IDS MaxTCPopenhandshake
    14.20.1 Syntax
    firewall set IDS MaxTCPopenhandshake
    14.20.2 Description
    This command sets the maximum number of unfinished TCP
    handshaking sessions per second that are allowed by firewall before a
    SYN Flood is detected. SYN Flood is a DOS (Denial of Service) attack.
    When establishing normal TCP connections, three packets are
    exchanged:
    1 A SYN (synchronize) packet is sent from the host to the network
    server
    2 A SYN/ACK packet is sent from the network server to the host
    3 An ACK (acknowledge) packet is sent from the host to the network
    server
    If the host sends unreachable source addresses in the SYN packet, the
    server sends the SYN/ACK packets to the unreachable addresses and
    keeps resending them. This creates a backlog queue of unacknowledged
    SYN/ACK packets. Once the queue is full, the system will ignore all
    incoming SYN requests and no legitimate TCP connections can be
    established.
    Once the maximum number of unfinished TCP handshaking sessions is
    reached, an attempted DOS attack is detected. The firewall blocks the
    suspected attacker for the time limit specified in the firewall set IDS
    DOSattackblock command.

    14.21 firewall set IDS SCANattackblock
    14.21.1 Syntax
    firewall set IDS SCANattackblock
    14.21.2 Description
    This command allows you to set the scan attack block duration Intrusion
    Detection Setting (IDS). The firewall detects when the system is being
    scanned by a suspicious host attempting to identify any open ports. If
    scan activity is detected, all suspicious hosts are blocked by the
    firewall
    for a set time limit. This command allows you to specify the duration of
    the block time limit.

    14.22 firewall set IDS victimprotection
    14.22.1 Syntax
    firewall set IDS victimprotection {enable | disable}
    14.22.2 Description
    This command enables/disables the victim protection Intrusion
    Detection Setting (IDS). Enabling this command protects the victim
    from an attempted spoofing attack.
    Web spoofing allows an attacker to create a 'shadow' copy of the World
    Wide Web. All access to the shadow Web goes through the attacker's
    machine, so the attacker can monitor all of the victim's activities and
    send false data to or from the victim's machine.
    If victim protection is enabled, packets destined for the victim host of
    a
    spoofing style attack are blocked. The command allows you to specify
    the duration of the block time limit.

    14.23 firewall show IDS
    14.23.1 Syntax
    firewall show IDS
    14.23.2 Description
    This command displays the following information about the Firewall
    IDS settings:
    ? IDS enabled status (true or false)
    ? Blacklist status (true or false)
    ? Use Victim Protection status (true or false)
    ? DOS attack block duration (in seconds)
    ? Scan attack block duration (in seconds)
    ? Victim protection block duration (in seconds)
    ? Maximum TCP open handshaking count allowed (per second)
    ? Maximum ping count allowed (per second)
    ? Maximum ICMP count allowed (per second)

    En fin nada mas solo recordar que respecto al firewall los permisos se dan a IP's y a puertos por separado. Esto es con los Validators puedes dar permiso o no al trafico de una determinada IP pero aun asi el firewall no permitira el trafico hasta que indiqueis a que puertos permite la entrada o salida el firewall para todas las IP's que tengan permiso.

    Nada mas, espero que os sirva de ayuda. Saludos.

    Este tema es antiguo y puede contener información obsoleta. Abre un nuevo tema para publicar tu mensaje.
    1
    • Cerrado

      BocaDePez BocaDePez
      6

      Estaba buscando información sobre el xavi y veo esto. Podrias…

      Estaba buscando información sobre el xavi y veo esto.

      Podrias indicar la fuente de este documento?

      tienes mas información de este tipo sobre el xavi?

      gracias

      • Cerrado

        BocaDePez BocaDePez
        6

        mirando en otros hilos de esta sección:…

        mirando en otros hilos de esta sección:

        http://www.bandaancha.st/foros.php?temid=187145

        de donde puedes encontrar una de los mas completos hilos con direcciones webs que he visto sobre el xavi 7028r:

        http://www.adslayuda.com/modules.php?op=modload&name=XForum&file=viewthread&tid=14531

    • Cerrado

      BocaDePez BocaDePez
      6

      Hola: Acabo de probar la entrada que indicas, pero en mi…

      Hola:

      Acabo de probar la entrada que indicas, pero en mi ordenador (Windows XP) está situada en:

      /HKEY_LOCAL_MACHINE/SOFTWARE/Terra/Kit Terra ADSL/Instalacion

      El caso es que al entrar en la aplicación aparece la entrada que mencionas, con un asistente que te permite configurar el firewall de la manera más sencilla. Pues bien: AL ACTIVARLO ME SALTA EL NORTON ANTIVIRUS INDICANDO QUE DICHO PROGRAMA CONTIENE UN SCRIPT DAÑINO. Conclusión: no lo he habilitado. ¿Que hace dicho programa? Ni flowers, el que tenga huevos que se los proteja y que lo compruebe... Ale ahí queda eso.