Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Configuring TCP SYN and RST Attack Screen
This topic describes how to configure TCP packet when the SYN and RST flags are set.
To enable detection of a TCP SYN and RST attack:
- Configure interfaces and assign an IP address to interfaces.user@host# set interfaces ge-0/0/1 unit 0 family inet address 192.0.2.0/24user@host# set interfaces ge-0/0/3 unit 0 family inet address 198.51.100.0/24
- Configure security zones trustZone the untrustZone and assign interfaces to them.user@host# set security zones security-zone trustZone host-inbound-traffic system-services alluser@host# set security zones security-zone trustZone host-inbound-traffic protocols alluser@host# set security zones security-zone trustZone interfaces ge-0/0/1.0user@host# set security zones security-zone untrustZone host-inbound-traffic system-services alluser@host# set security zones security-zone untrustZone host-inbound-traffic protocols alluser@host# set security zones security-zone untrustZone interfaces ge-0/0/3.0
- Configure the IDP custom-attack signatures.user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match from-zone anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match source-address anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match to-zone anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match destination-address anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match application defaultuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match attacks custom-attacks syn_rstuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 then action no-actionuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 then notification log-attacksuser@host# set security idp active-policy idpengineuser@host# set security idp custom-attack syn_rst severity infouser@host# set security idp custom-attack syn_rst attack-type signature context packetuser@host# set security idp custom-attack syn_rst attack-type signature pattern user@host# set security idp custom-attack syn_rst attack-type signature direction anyuser@host# set security idp custom-attack syn_rst attack-type signature protocol tcp tcp-flags rstuser@host# set security idp custom-attack syn_rst attack-type signature protocol tcp tcp-flags syn
- Configure security policies from untrustZone to trustZone.user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match source-address anyuser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match destination-address anyuser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match application anyuser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then permit application-services idpuser@host# set security policies default-policy deny-all
- Configure security tcp-session option in flow.user@host# set security flow tcp-session no-syn-checkuser@host# set security flow tcp-session no-sequence-check
- Configure syslog.user@host# set system syslog file syslog any anyuser@host# set system syslog file syslog archive size 10000000user@host# set system syslog file syslog explicit-priorityuser@host# set system syslog file syslog structured-datauser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-inituser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-close
- To allow the traffic to reach the destination, configure
the tcp-session option.user@host# set security flow tcp-session relax-check
- Commit the configuration.user@host# commit
