Too Many TCP Resets

So, recently we enforced some firewall rules on a new environment, we did testing of the environment and everything was working as expected. In about 24 hours a lot of traffic from the web infrastructure was being denied and it continued, at first glance it looked like return traffic was being dropped, the web servers were sourcing at port 443 and the destination ports were using dynamic ports (RFC 6335)

No user or application problems were reported when we enforced rules, and we waited additional days to see if anything came up. Nothing came up, the only thing was a spike in amount of syslog messages of dropped traffic coming from the web servers. So from that point it really wasn’t an issue, but I thought it would be interesting to see what was going on. Continue reading

Advertisements

VLAN Access Lists (VACLs)

VACLs are another good layer of security to help control who can talk to who, much like  access control lists that are in firewalls and routers, however the difference is VACLs operate at layer two of the OSI model. There could be situations where you have multiple hosts on the same LAN and want to block traffic from reaching certain hosts within that same network, how would you go about blocking that type of traffic without using a router or firewall? (Hint: Create a VACL)

Continue reading

Install RSYSLOG & LogAnalyzer on CentOS 6.5

rsyslog-loganalyzerI am looking at rsyslog which is fast syslog system and Loganalyzer as an upfront web GUI for those logs. The Loganalyzer application offers searching of various syslogs, all of which is open source and available to download. In this guide I will go through the steps to get these two applications to work together and in the end of this tutorial we should have a working syslog system ready to take logs! The operating system I am using is the latest CentOS 6.5 minimal. Let’s get started. Continue reading

The Three Tiers

Working towards the CCNA Cisco talks about a hierarchical network there are three layers to this design. Access Layer, distribution layer and the core layer. Each of them have their own set of functions and is also considered to be a best practice when the network continues to grow and for redundancy along with just a better way to manage it. Continue reading

How to Configure SSH on Dell Power-Connect

Although not dealing with Cisco directly Dell switches are around in network closets and with my limited experience with them I thought this would be a perfect blog post to show the differences between Dell and Cisco. I like to think of Dell CLI like a dumb downed version of the Cisco CLI so I had some time to play around with a Dell 6248P switch and wanted to figure out how to get SSH working in the thing. Couple searches around the web and some guess and check methods I was able to get SSH working and disable telnet sessions from connecting to the switch. Compared to a Cisco switch dell has few commands when configuring SSH. This switch was configured with an IP address and user name and passwords before I touched it but I don’t think would too hard to figure out. 🙂 Continue reading