Cisco routers ip accounting to see most bandwidth abusing connections

First of all, Happy New year everyone ! As I promised before (last year :) I'll look at ip accounting in Cisco world. I'll say it at the start - accounting being with us since IOS 10.0 is getting pushed aside by the powerful Netflow feature. And while it is nowhere being …



Finding the station/IP using/abusing most of the bandwidth – PIX/ASA

Here is a short how-to I wrote some (well ,long) time ago for the newcomers to our department. It was written for the PIX , but applies to ASA as well in most cases,see for ASA notes for differences. Usually it starts with client complaining about slow internet, or users …



Clear ARP table in Checkpoint

Yesterday my colleague asked how to clear all entries in the ARP table of the NGX in question (Splat). I thought the arp command of the Linux would include some switch for that case too - but it didn't. To delete ARP entry from the ARP cache you use #arp -d …



Prevent brute force attack on VTY in Cisco IOS

Cisco starting IOS 12.3 introduced a simple but powerful feature to guard against brute force password guessing attack on remote access. The usual template followed when configuring VTY access is: 1. Configure ACL containing management IPs to be allowed to access the router through VTY 2. (Optional) Restrict VTY …



'Manage VPN tunnels smartly: forget vpn tu,enter the vpn shell'

Deleting IKE/IPsec security associations of established VPNs is inevitable part of any VPN related debug. The standard tool promoted by Checkpoint (take CCSA,CCSE etc.,) is vpn tu that neveretheless has always had a very annoying bug (feature?) - you can delete ALL VPN tunnels at a time and none …



Autologin Expect scripts for telnet/ssh

Tired of typing over and over your username/password when using telnet/ssh ? Here are Expect https://core.tcl-lang.org/expect/index scripts to autologin by Telnet and ssh. Note: Yes, it is not secure to keep you username/password saved somewhere, so know what you do . In my opinion …



SSH session timeout in Checkpoint Firewall

It is no fun when in the middle of fw monitor / debug session you get abruptly disconnected on SSH session timeout. Here is how to prevent it in the Checkpoint firewall. The session timeout is defined in cat /etc/bashrc: # By default, log out the user after three minutes of …



Telnet from inside Checkpoint firewall

Yesterday I saw a strange problem - connection from outside to Exchange in a LAN times out, while in Tracker all connections to port 25 are in green. Strange was that through VPN client-to-site and from inside LAN all worked prefectly well. So I wasn't sure 100% it wasn't a firewall …



Aladdin Esafe defaults and some debug commands

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



find tool patterns

These are few find patterns I find useful in a daily work. The ones below were of great help when I had to clean Esafe that had more than 100,000 files in the spool ! So usual shell wild-card expansion didn't work (try to do ls in a folder with …