Got it

Recommended Solution for ARs to Defend Against GlobeImposter 3.0

572 0 0 0

Recommended Solution for ARs to Defend Against GlobeImposter 3.0


 

Solution for ARs to defend against GlobeImposter 3.0

Product Family: Enterprise network products

Product Model: Enterprise gateway AR

Release Date: 2019-03-11

Severity: Major

Versions Involved: V200R005, V200R006, V200R007, V200R008, V200R009, and V200R010


Note: Before the configuration, ensure that no service is using ports 135, 137, 139, 445, and 3389. Otherwise, the services are affected.


1. Create ACL rules for high-risk ports.
acl number 3000
 rule 5 permit tcp destination-port eq 135
 rule 10 permit tcp destination-port eq 137
 rule 15 permit tcp destination-port eq 139
 rule 20 permit tcp destination-port eq 445
 rule 25 permit udp destination-port eq 135
 rule 30 permit udp destination-port eq 137
 rule 35 permit udp destination-port eq 139
 rule 40 permit udp destination-port eq 445
 rule 45 permit tcp destination-port eq 3389
 rule 50 permit udp destination-port eq 3389


2. Create a traffic policy.

traffic classifier virus operator or
 if-match acl 3000
traffic behavior virus
 deny
traffic policy virus
 classifier virus behavior virus


3. Apply the traffic policy to the interface connecting to the intranet.

 interface VlanifXXX           //The intranet gateway uses a VLANIF interface.

   traffic-policy virus outbound     //Apply the traffic policy to the outbound direction.


 interface GigabitEthernetX/X/X  //The intranet gateway uses a physical interface.

   traffic-policy virus outbound    //Apply the traffic policy to the outbound direction.


If there are multiple intranet interfaces, apply the traffic policy one by one.

 


  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.