How to list firewall flow sessions table in juniper srx

Education, Juniper, Telecom, Tutorial, Uncategorized
Juniper SRX is a stateful firewall, it keeps a memory table of all traffic sessions passing through and that have been allowed by security policies. To dump session table, use "show security flow session" operational command with filters to get information only about specific type of traffic, i.e.: only ipv4 or only ipv6 traffic, only tcp or udp or going in/out one interface: Code: srx > show security flow session Session ID: 28, Policy name: trust-to-untrust/6, Timeout: 1164, Valid In: 2001:471:7994:3:2011:8641:ae84:6a30/54843 --> 2607:f8b0:4004:80d::2003/443;tcp, If: vlan.2, Pkts: 2, Bytes: 144 Out: 2607:f8b0:4004:80d::2003/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/54843;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0Session ID: 64, Policy name: trust-to-untrust/6, Timeout: 72, Valid In: 2001:471:7994:3:2011:8641:ae84:6a30/53446 --> 2607:f8b0:4004:80d::200e/443;tcp, If: vlan.2, Pkts: 1, Bytes: 72 Out: 2607:f8b0:4004:80d::200e/443 --> 2001:471:7994:3:2011:8641:ae84:6a30/53446;tcp, If: ip-0/0/0.0, Pkts: 0, Bytes: 0   Show a…
Read More

Shortcut for Juniper CLI

Education, Juniper, Tutorial, Uncategorized
There are some following shortcut command for JUNOS CLI:- • Ctrl+b: Moves the cursor left one character; • Ctrl+a: Moves the cursor to the beginning of the command line; • Ctrl+f: Moves the cursor right one character; • Ctrl+e: Moves the cursor to the end of the command line; • Delete and Backspace: Deletes the character before the cursor; • Ctrl+d: Deletes the character over the cursor; • Ctrl+k: Deletes from the cursor to the end of the line; • Ctrl+u: Deletes all characters and negates the current command; • Ctrl+w: Deletes the entire word to the left of the cursor; • Ctrl+l: Redraws the current line; • Ctrl+p, Ctrl+n: Repeats the previous and next command in the command history, respectively; • Esc+d: Deletes the word to the right; •…
Read More

TearDrop Attack

Computer, Education, Tutorial, Uncategorized
Teardrop is a program that sends IP fragments to a machine connected to the Internet or a network. Teardrop exploits an overlapping IP fragment bug present in Windows 95, Windows NT and Windows 3.1 machines. The bug causes the TCP/IP fragmentation re-assembly code to improperly handle overlapping IP fragments. This attack has not been shown to cause any significant damage to systems, and a simple reboot is the preferred remedy. It should be noted, though, that while this attack is considered to be non-destructive, it could cause problems if there is unsaved data in open applications at the time that the machine is attacked. The primary problem with this is a loss of data. This DoS attack affects Windows 3.1, 95 and NT machines. It also affects Linux versions previous…
Read More