Configuring TCP SYN and RST Attack Screen
This topic describes how to configure TCP packet with the SYN and RST flags are set.
To configure the TCP SYN and RST attack:
- Configure interfaces and assign IP address to interfaces.user@host# set interfaces xe-0/0/1 unit 0 family inet address 1.1.1.1/24user@host# set interfaces xe-0/0/3 unit 0 family inet address 2.2.2.1/24
- Configure security zones “trustZone” and “untrustZone”
and assign interfaces.user@host# set security zones security-zone trustZone host-inbound-traffic system-services alluser@host# set security zones security-zone trustZone host-inbound-traffic protocols alluser@host# set security zones security-zone trustZone interfaces xe-0/0/1.0user@host# set security zones security-zone untrustZone host-inbound-traffic system-services alluser@host# set security zones security-zone untrustZone host-inbound-traffic protocols alluser@host# set security zones security-zone untrustZone interfaces xe-0/0/3.0
- Configure IDP custom-attack signatures.user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match from-zone anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match source-address anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match to-zone anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match destination-address anyuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match application defaultuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 match attacks custom-attacks syn_rstuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 then action no-actionuser@host# set security idp idp-policy idpengine rulebase-ips rule 1 then notification log-attacksuser@host# set security idp active-policy idpengineuser@host# set security idp custom-attack syn_rst severity infouser@host# set security idp custom-attack syn_rst attack-type signature context packetuser@host# set security idp custom-attack syn_rst attack-type signature patternuser@host# set security idp custom-attack syn_rst attack-type signature direction anyuser@host# set security idp custom-attack syn_rst attack-type signature protocol tcp tcp-flags rstuser@host# set security idp custom-attack syn_rst attack-type signature protocol tcp tcp-flags syn
- Configure security policies from "untrustZone" to "trustZone".user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match source-address anyuser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match destination-address anyuser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match application anyuser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then permit application-services idpuser@host# set security policies default-policy deny-all
- Configure security tcp-session options in flow.user@host# set security flow tcp-session no-syn-checkuser@host# set security flow tcp-session no-sequence-check
- Configuring syslog.user@host# set system syslog file syslog any anyuser@host# set system syslog file syslog archive size 10000000user@host# set system syslog file syslog explicit-priorityuser@host# set system syslog file syslog structured-datauser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-inituser@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-close
- To allow the traffic to reach destination, configure below tcp-session option.user@host# set security flow tcp-session relax-check