IDP isn’t a job, it’s a profession

Originally Posted on the Juniper Champion Community There are network engineers, there are security engineers, and then there are IDP (intrusion detection and prevention) engineers. Or at least there should be. I can’t count the number of times I’ve told enterprises during an IDP integration, “The configuration and setup I’m giving you is a good … Continue Reading

Denial of Service @JuniperNetworks SRX Firewalls #whitehat

So my job as a Network Security Engineer is to test networks and devices for stress and vulnerability.  I haven’t ever uncovered anything that hasn’t already been discovered, but there seems to be a pretty serious design flaw in the traffic handling on high-end Juniper SRX firewalls. The high-end Juniper SRX firewalls are massive stateful … Continue Reading

Juniper SRX Status (High End) #Juniper

If you want to capture the full status of an SRX, here are the commands I run to get a good baseline of what’s going on in a high end Juniper SRX. If you’re running routing-instances, make sure to update the protocol statuses with “routing-instance xyz”   show arp no-resolve | no-more show bgp summary … Continue Reading

(D)DoS Script and How to Block with an SRX #antisec

In the spirit of all of the #antisec fun on twitter, here is a TCP SYN Flood perl script to test your intrusion detection solutions… PS> How to block it with a Juniper SRX is below the script.. Perl Script #!/usr/bin/perl # USAGE: sudo perl synflooder.pl source_ip destination_ip destination_port # # Find your source_ip with … Continue Reading

Juniper SRX Troubleshooting Library

After extensive and exhaustive troubleshooting of Juniper SRX’s and realizing there really isn’t a comprehensive “go to manual” for command information, I decided to create one!   Click Here to Download the SRX Troubleshooting Command Library.v3