In this weekend, WannaCry swept Europe and Asia quickly, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, several universities in China and other businesses and institutions around the world. Once infected, the infected computer denies access, and demands the equivalent of around $300 in bitcoin for decryption.
In this post, I would introduce the important tips to block WannaCry attack.
1. Install Security Patches. Microsoft has released security patches that fix SMB flaw currently being exploited by the WannaCry ransomware, with most version of Windows supported — including Windows XP, Vista, Windows 8, Server 2003 and 2008.
2. Block incoming connections on TCP port 445 in your router/firewall. This rule blocks attacks from internet.
3. For windows DMZ hosts, you also need to block TCP port 445 in firewall settings.
4. To protect VLANs being attacked by an infected VLAN, you can block TCP port 445 in VLAN ACL rules of your core switch.
Using the “network health checker” extension of WFilter, you also can check whether there are “Suspicious Hosts ” in your LAN network. Hosts with massive connections will be identified as “Suspicious”.
As a network professional, when things go wrong in your network, the right tools are required to minimize network downtime.
In this post, I will reveal you the extension system in WFilter, a powerful tool sets for networking issues.
At a first galance
All WFilter systems have an “extension” library, which contains a powerful free tool sets for IT administrators. Most extensions are free. Even supported in WFilter free, a freeware for network internet filtering and monitoring.
Now let’s see what we can do with WFilter extensions:
1. Scan client devices in network
With “network scan” extension, you can get a complete list of network clients, including IP, MAC, manufactor and open ports…
2. Discover and scan DHCP services in network
The “Network DHCP discover plugin” of WFilter can scan DHCP services in your network by a single click. It will list all dhcp servers ip addresses, MAC addresses and MAC manufactures.
3. Detect NAT sharing services in network
Detect illegal NAT sharing in network.
4. Check network health of availability, IP conflict, ARP spoof and broadcast storm
This extension can:
- check availability and ping performance of dns servers.
- check availability and ping performance of internet sites.
- check availability and ping performance of local network hosts.
- check whether there is ip conflict in local network.
- check whether there is arp spoof running in local network.
- check whether there is broadcast storm in local network.
5. Scan proxy servers in network
6. Graph ping performance of multiple hosts
With this plugin, you can get ping performance and graph reports for multiple hosts in a period of time.
A complete extesions list can be found at here: WFilter extensions. And more will come. The most important thing is that most extension are free, supported in “WFilter internet content filter(commercial)”, “WFilter NG firewall” and “WFilter Free”.
Isn’t it exicting? Download WFilter Now!
In this post, I will bring you a bandwidth monitoring solution based on your cisco switch. In case your router/firewall does not have bandwidth monitoring features, or you need more detailed reports, this solution can help you.
First, the network topology diagram:
Most cisco switch supports “port mirroring(SPAN)” feature. You may use below commands to enable it:
1. Set source port
Switch(config)#monitor session 1 source interface Fa0/23
2. Set target port
Switch(config)#monitor session 1 destination interface Fa0/22 ingress vlan 1
Then, you need to install a passby filtering program(ie: WFilter internet content filter) in a windows PC, and connect this PC to the “target port”. So you can monitor internet bandwidth and live connections of network clients.
The new diagram:
Now let’s check what you can monitor with WFilter:
1. Clients List
2. Live Connections
3. Bandwidth Reports