本主题介绍如何配置 UDP 端口扫描攻击检测。
这些攻击使用目标协议或端口号的明显(顺序编号)模式,以一个或多个目标 IP 地址上的多个协议或端口为目标,从而扫描目标 IP 地址中的开放、侦听或响应式服务。这些模式是通过随机化协议或端口号以及随机化传输之间的时间延迟来得出的。
- 配置接口并为接口分配 IP 地址。
[edit]
user@host# set interfaces ge-0/0/1 unit 0 family inet address 192.0.2.0/24
user@host# set interfaces ge-0/0/3 unit 0 family inet address 198.51.100.0/24
- 配置安全区域
trustZone 并为 untrustZone 其分配接口。
[edit]
user@host# set security zones security-zone trustZone host-inbound-traffic system-services all
user@host# set security zones security-zone trustZone host-inbound-traffic protocols all
user@host# set security zones security-zone trustZone interfaces ge-0/0/1.0
user@host# set security zones security-zone untrustZone host-inbound-traffic system-services all
user@host# set security zones security-zone untrustZone host-inbound-traffic protocols all
user@host# set security zones security-zone untrustZone interfaces ge-0/0/3.0
- 配置从
untrustZone 到 trustZone的安全策略。
[edit]
user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match source-address any
user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match destination-address any
user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match application any
user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then permit
user@host# set security policies default-policy deny-all
- 配置安全屏幕并将其附加到
untrustZone。
[edit]
user@host# set security screen ids-option untrustScreen udp port-scan
user@host# set security screen ids-option untrustScreen alarm-without-drop
user@host# set security zones security-zone untrustZone screen untrustScreen
- 配置 syslog。
[edit]
user@host# set system syslog file syslog any any
user@host# set system syslog file syslog archive size 10000000
user@host# set system syslog file syslog explicit-priority
user@host# set system syslog file syslog structured-data
user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-init
user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-close
- 提交配置。
