TIL about MS Office Protocol Discovery Networking

---

• TIL about MS Office Protocol Discovery
• Nornir Python Automation framework Introduction with Cisco and Arista Device examples
• Best Layer 7 WAF for Reverse Proxy? Automatic string modeling and analytics?
• Connecting PA Subnet between data center
• Is anyone using SolarWinds with single-subnet HA?
• Firewalls - Need your input
• Buying some items for my toolkit. Need guidance.
• My website is under DOS attack, what to do?

TIL about MS Office Protocol Discovery Posted: 17 Aug 2019 10:58 AM PDT I was looking at some logs, when I found some HEAD requests to an internal server, with User-Agent "Microsoft Office Excel". I was like: WTF? Turns out, when you click on a hyperlink in a spreadsheet, Excel first sends 2/3 HEAD requests in order to... find out stuff. Didn't know that. What other weird, obscure protocols have you accidentally discovered? submitted by /u/youngeng [link] [comments]

Nornir Python Automation framework Introduction with Cisco and Arista Device examples Posted: 17 Aug 2019 01:27 PM PDT I have created a video explaining Nornir automation framework with Cisco device configuration in Python Learning Series for Network Engineers. Please have a look and share the feedback https://www.youtube.com/watch?v=5sW1xpNoju8&list=PLOocymQm7YWakdZkBfCRIC06fv7xQE85N&index=37 I am in process of adding more videos about Nornir Thank you submitted by /u/networkevolution_dev [link] [comments]

Best Layer 7 WAF for Reverse Proxy? Automatic string modeling and analytics? Posted: 17 Aug 2019 02:31 PM PDT Looking for recommendations for a Layer 7 filter that I can run as a reverse proxy, that actually makes it easy to exclude patterns without writing regexes. I want to go to some sort of graphical interface, select a pattern with a mouse, and then just choose exclude or rewrite. Even better, I really want to run analytics on data such as sentiment analysis, so that I can rewrite or block packets based on a model, rather than the exact string. Any suggestions? It doesn't need to be entirely on premise. If I could use an ipsec tunnel to a service and then manipulate egress, that would be ok (perhaps even ideal). ​ Only needing to handle about 10 MBps. ​ #Edit: I have used Palo Alto and Juniper boxes to accomplish this and they're not very smart. They're still essentially regex pattern matching. If they don't provide then signature then I spend a lot of time building the string patterns. They take a lot of continuous work. I'm hoping to find something more automated or intelligent that can learn my traffic and develop new patterns on its own. submitted by /u/tbochristopher [link] [comments]

Connecting PA Subnet between data center Posted: 17 Aug 2019 11:52 AM PDT Hello Currently, I have a Server in a Data Center with an associated PA Subnet. I would now like to create a Tunnel to another Data Center to use the same PA Subnet. I already tried to do this with a OpenVPN Point-to-Point configuration with TAP interfaces. This seems to work quite well. So did I already find the perfect way to solve this issue? Or is there maybe a better solution to this problem? submitted by /u/berkutta [link] [comments]

Is anyone using SolarWinds with single-subnet HA? Posted: 16 Aug 2019 07:35 PM PDT I am having one hell of a time getting NCM to connect to Cisco switches via SSH for config backup. It's not a problem with the credentials I entered in NCM. It's not a problem with the Cisco switches - I can access them via SSH (SecureCRT) with no issues. I've been running packet captures on our 3850 switches and using the NCM connection tool that comes with SolarWinds. I'm stumped by the problems with ssh connecting to switches. SNMP polling of those switches seems to work fine. I'm starting to suspect our SolarWinds HA setup is the root cause for the issues. When I read the SolarWinds article that describes how the poller chooses which IP address to use (own physical IP vs. a VIP), I almost soiled myself. I've never seen a software use "which of my IP addresses are closer to the address for the gateway of the subnet I'm on? I'll use the closer IP as the source for traffic leaving the poller." How much ganja was consumed when that Solarwinds code was written? Anyway, SolarWinds folks running single-subnet HA for pollers, throw me a line. How did you get it to work reliability? submitted by /u/OleColonelAngus [link] [comments]

Firewalls - Need your input Posted: 17 Aug 2019 01:46 PM PDT Good afternoon/evening, I am currently looking at multiple Firewalls for the district I work for (K-12 education) and was wanting some input from you guys! Basically looking to see what your experience is using or what you have sold to a school/business similar to my size and I am looking for pros and cons of each. We currently have a content filter (iBoss physical appliance) but if the Firewall can be granular enough to take its spot that is a plus. It would have to support offsite filtering somehow if that is the case. I have heard it being done with a Palo Alto but have not seen how granular it gets. These are the current Firewalls that are being spec'd for us by the companies engineer. This would be for a small 5A school with 5-6,000 users. Basically, I just want to hear your input on what firewall you are using and why/how has it been since you owned it. Currently, have 2 ISPs both are providing 1Gbps each. We would like to future proof for 10Gbps even tho the max we will ever use will be 2Gbps. Also only have about 5-10 VPN users total. We are also an iPad school 1:1. Barracuda F900 (I like barracuda but have not heard of a school using it) Fortinet 1100E (Heard several schools use Fortinet, but no experience with it) SonicWall 6650 (Heard some schools using it, but no experience with it) Watchguard M5600 (Can't find a K-12 school using it, I liked the stats/interface but very little K12 programs using it) Palo Alto (Has not been spec'd this but was looking at 5220 but also very pricey) submitted by /u/iWazbe [link] [comments]

Buying some items for my toolkit. Need guidance. Posted: 17 Aug 2019 12:01 PM PDT Ordering another USB serial adapter and want to make sure I have the right type of DB9 cables to go with it. Do I need a straight through cable or null modem (crossover) to connect to a switch? (I.e. mikrotik, Dell, Cisco SG) I have the Cisco db9 to rj45 already for switches that use that type of console. Edit: looks like it's a mixed bag depending on manufacturer. So I'm thinking a M/F and F/F straight through and a null M/F adapter. That should cover all 4 possible combos. submitted by /u/luger718 [link] [comments]

My website is under DOS attack, what to do? Posted: 16 Aug 2019 05:55 PM PDT Hi there so for the past 3 days my website is heavily attacked. My hosting company are not doing much 😔 I have Cloudflare activated I have activated I am under attack, Waf, firewall rules applied but this is most likely not enough... How to proceed as this cannot continue. According to the attack it is around 150gb/s. Any ideas or recommendation would be great. submitted by /u/xh3k [link] [comments]

You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States