Thursday, December 16, 2010

FECN, BECN and DE bits

The FECN, BECN and DE bits are used for network congestion control.


The Forward Explicit Congestion Notification (FECN) and Backward Explicit Congestion Notification (BECN) bits can be used to notify an end station, such as a router, of network congestion.

FECN bits notifies devices downstream that congestion is occurring. Downstream means destination.

BECN bits indicates to routers that could be contributing to congestion that they should slow down transmission.

Discard Eligible (DE) bits indicate that the frame is eligible for discard if congestion occurs.
Most routers set frames to be discards  eligible if the traffic exceeds the PVC's Commited Information Rate (CIR).
The CIR is the transmission rate guaranteed by the service provider.

Tuesday, December 7, 2010

Screenos: Anti-Spam: Adding custom SBL

The anti-spam portion uses a Spam Block List (SBL) which is more commonly known as a Relay Block List (RBL). The SBL/RBL that Juniper offers is updated and maintained by Symantec and contains the Top 100 known spammers.

G1S1-> set anti-spam profile ns-profile
G1S1(anti-spam:ns-profile)-> unset sbl msgsecurity.juniper.net
G1S1(anti-spam:ns-profile)-> set sbl sbl.spamhaus.org input-type ip
G1S1(anti-spam:ns-profile)-> set sbl dnsbl.sorbs.net input-type ip
G1S1(anti-spam:ns-profile)-> set sbl bl.spamcop.net input-type ip
G1S1(anti-spam:ns-profile)-> set sbl msgsecurity.juniper.net input-type ip

G1S1(anti-spam:ns-profile)-> get sbl
  *SBL Blacklist Server:
    sbl.spamhaus.org
    dnsbl.sorbs.net
    bl.spamcop.net
    msgsecurity.juniper.net
G1S1(anti-spam:ns-profile)-> exit

View the Status:


G1S1-> get anti-spam

  profile: ns-profile
  *Whitelists (0):
  *Blacklist (1): baddomain.com;
  *Blacklist[ip range] (0):
  *SBL Blacklist Server:
    sbl.spamhaus.org
  *Default setting:
    *Action: tag mail subject as ***SPAM***


DNS Server:
  Primary  :          10.1.75.111, Src Interface: Null
  Secondary:        172.16.165.22, Src Interface: Null
  Tertiary  :              0.0.0.0, Src Interface: Null


  Total connections:    8
  Total greetings:      8
  Total emails:         8

  Total permit emails:  1
  Total deny actions:   0
  Total tag emails:     7

  errors:               8
  timeouts:             8

  Statistics start time: 12/07/2010 09:43:21

With it with string:

G1S1-> exec anti-spam testscan baddomain.com
AS: anti spam result: action Tag email subject, reason: Match local blacklist

With IP:

G1S1-> exec anti-spam testscan 192.203.178.57
Please wait for a few seconds.
If the result does not display, please check the debug buffer with the "get dbuf stream" command.
G1S1->  anti spam result: action Pass, reason: Timeout
 

View the config: