TCP SYN および RST 攻撃画面の設定
このトピックでは、SYNフラグとRSTフラグが設定されている場合のTCPパケットの設定方法について説明します。
TCP SYNおよびRST攻撃の検出を有効にするには:
- インターフェイスを設定し、インターフェイスにIPアドレスを割り当てます。
[edit] user@host# set interfaces ge-0/0/1 unit 0 family inet address 192.0.2.0/24 user@host# set interfaces ge-0/0/3 unit 0 family inet address 198.51.100.0/24
untrustZonetrustZoneセキュリティゾーンを設定し、インターフェイスを割り当てます。[edit] user@host# set security zones security-zone trustZone host-inbound-traffic system-services all user@host# set security zones security-zone trustZone host-inbound-traffic protocols all user@host# set security zones security-zone trustZone interfaces ge-0/0/1.0 user@host# set security zones security-zone untrustZone host-inbound-traffic system-services all user@host# set security zones security-zone untrustZone host-inbound-traffic protocols all user@host# set security zones security-zone untrustZone interfaces ge-0/0/3.0
- IDPカスタム攻撃シグネチャを設定します。
[edit] user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match from-zone any user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match source-address any user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match to-zone any user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match destination-address any user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match application default user@host# set security idp idp-policy idpengine rulebase-ips rule 1 match attacks custom-attacks syn_rst user@host# set security idp idp-policy idpengine rulebase-ips rule 1 then action no-action user@host# set security idp idp-policy idpengine rulebase-ips rule 1 then notification log-attacks user@host# set security idp active-policy idpengine user@host# set security idp custom-attack syn_rst severity info user@host# set security idp custom-attack syn_rst attack-type signature context packet user@host# set security idp custom-attack syn_rst attack-type signature pattern user@host# set security idp custom-attack syn_rst attack-type signature direction any user@host# set security idp custom-attack syn_rst attack-type signature protocol tcp tcp-flags rst user@host# set security idp custom-attack syn_rst attack-type signature protocol tcp tcp-flags syn
- セキュリティポリシーを
untrustZoneからtrustZoneまで設定します。[edit] user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match source-address any user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match destination-address any user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 match application any user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then permit application-services idp user@host# set security policies default-policy deny-all
- フローでセキュリティ
tcp-sessionオプションを設定します。[edit] user@host# set security flow tcp-session no-syn-check user@host# set security flow tcp-session no-sequence-check
- syslogを設定します。
[edit] user@host# set system syslog file syslog any any user@host# set system syslog file syslog archive size 10000000 user@host# set system syslog file syslog structured-data user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-init user@host# set security policies from-zone untrustZone to-zone trustZone policy policy1 then log session-close
- トラフィックが宛先に到達できるようにするには、
tcp-sessionオプションを設定します。[edit] user@host# set security flow tcp-session relax-check
- 設定をコミットします。
[edit] user@host# commit