{"id":498,"date":"2018-06-30T11:38:42","date_gmt":"2018-06-30T04:38:42","guid":{"rendered":"https:\/\/lagonet.vn\/?p=498"},"modified":"2018-06-30T11:38:42","modified_gmt":"2018-06-30T04:38:42","slug":"phong-chong-tan-cong-dos-voi-tcp-intercept","status":"publish","type":"post","link":"https:\/\/kb.lagonet.vn\/?p=498","title":{"rendered":"PH\u00d2NG CH\u1ed0NG T\u1ea4N C\u00d4NG DOS V\u1edaI TCP INTERCEPT"},"content":{"rendered":"<div align=\"center\">\n<div style=\"text-align: left;\" align=\"center\">\n<p><b><i>TCP intercept<\/i><\/b>\u00a0l\u00e0 m\u1ed9t trong nh\u1eefng \u0111\u1eb7c t\u00ednh c\u1ee7a b\u1ed9 Cisco IOS Firewall, th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng TCP SYN flood. Trong t\u1ea5n c\u00f4ng TCP SYN flood attack, attacker s\u1ebd g\u1eedi tr\u00e0n ng\u1eadp TCP SYN segments m\u00e0 kh\u00f4ng ho\u00e0n t\u1ea5t qu\u00e1 tr\u00ecnh b\u1eaft tay 3 b\u01b0\u1edbc cho m\u1ed7i k\u1ebft n\u1ed1i TCP. Th\u00f4ng th\u01b0\u1eddng, trong c\u00e1ch t\u1ea5n c\u00f4ng n\u00e0y, attacker s\u1ebd k\u1ebft h\u1ee3p v\u1edbi t\u1ea5n c\u00f4ng IP spoofing, trong \u0111\u00f3 \u0111\u1ecba ch\u1ec9 source c\u1ee7a g\u00f3i tin l\u00e0 1 \u0111\u1ecba ch\u1ec9 kh\u00f4ng h\u1ee3p l\u1ec7 ho\u1eb7c l\u00e0 \u0111\u1ecba ch\u1ec9 m\u1ed9t ng\u01b0\u1eddi n\u00e0o \u0111\u00f3. V\u00ec nh\u1eefng \u0111\u1ecba ch\u1ec9 source n\u00e0y kh\u00f4ng th\u1ec3 t\u1edbi \u0111\u01b0\u1ee3c n\u00ean TCP server b\u1ecb t\u1ea5n c\u00f4ng s\u1ebd b\u1ecb treo v\u1edbi half-open connection, server ph\u1ea3i \u0111\u1ee3i h\u1ebft kho\u1ea3ng th\u1eddi gian timeout \u0111\u1ec3 xo\u00e1 connection n\u00e0y kh\u1ecfi b\u1ea3ng local connection. Nh\u01b0 th\u1ebf th\u00ec t\u00e0i nguy\u00ean c\u1ee7a TCP server s\u1ebd b\u1ecb s\u1eed d\u1ee5ng h\u1ebft, v\u00e0 bu\u1ed9c ph\u1ea3i t\u1eeb ch\u1ed1i c\u00e1c TCP connections h\u1ee3p l\u1ec7 kh\u00e1c.<\/p>\n<p>TCP Intercep s\u1ebd gi\u00fap h\u1ea1n ch\u1ebf ki\u1ec3u t\u1ea5n c\u00f4ng tr\u00ean v\u1edbi 2 mode: intercept v\u00e0 watch.<br \/>\n<u>Intercept mode<\/u><br \/>\nTrong mode n\u00e0y, router s\u1ebd ch\u1eb7n t\u1ea5t c\u1ea3 c\u00e1c TCP connections requests, nh\u01b0 trong h\u00ecnh b\u00ean d\u01b0\u1edbi. User \u1edf b\u00ean ngo\u00e0i d\u00f9ng TCP connection mu\u1ed1n truy c\u1eadp v\u00e0o server \u1edf m\u1ea1ng b\u00ean trong, router s\u1ebd ch\u1eb7n c\u00e1c requests n\u00e0y v\u00e0 gi\u1ea3 v\u1edd n\u00f3 ch\u00ednh l\u00e0 server b\u00ean trong, v\u00e0 ho\u00e0n t\u1ea5t qu\u00e1 tr\u00ecnh b\u1eaft tay 3 b\u01b0\u1edbc v\u1edbi external user. Xong khi ho\u00e0n th\u00e0nh qu\u00e1 tr\u00ecnh k\u1ebft n\u1ed1i v\u1edbi user (b\u01b0\u1edbc 1\u00e03), sau \u0111\u00f3 router m\u1edbi thi\u1ebft l\u1eadp m\u1ed9t k\u1ebft n\u1ed1i TCP th\u1ee9 hai \u0111\u1ebfn server (b\u01b0\u1edbc 4\u00e06). Router sau \u0111\u00f3 s\u1ebd k\u1ebft h\u1ee3p 2 k\u1ebft n\u1ed1i n\u00e0y l\u1ea1i t\u1ea1o th\u00e0nh 1 k\u1ebft n\u1ed1i duy nh\u1ea5t (b\u01b0\u1edbc 7).<\/p>\n<div align=\"center\">\n<div align=\"center\"><img decoding=\"async\" class=\"bbcode-attachment\" src=\"http:\/\/img717.imageshack.us\/img717\/5858\/image001brj.jpg\" alt=\"\" border=\"0\" \/><\/div>\n<\/div>\n<p>Trong t\u1ea5t c\u1ea3 c\u00e1c b\u01b0\u1edbc, router trong su\u1ed1t v\u1edbi user v\u00e0 server. V\u1edbi c\u00e1ch ti\u1ebfp c\u1eadn n\u00e0y n\u1ebfu c\u00f3 t\u1ea5n c\u00f4ng TCP SYN x\u1ea3y ra, router s\u1ebd cung c\u1ea5p 1 v\u00f9ng \u0111\u1ec7m cho server, server s\u1ebd kh\u00f4ng b\u1ecb \u1ea3nh h\u01b0\u1edfng g\u00ec b\u1edfi flood: router b\u1eaft tay v\u1edbi c\u00e1c half-open connections, v\u00e0 sau kho\u1ea3ng th\u1eddi gian timeout router s\u1ebd xo\u00e1 t\u1ea5t c\u1ea3 c\u00e1c k\u1ebft n\u1ed1i n\u00e0y ra kh\u1ecfi b\u1ea3ng TCP connection table c\u1ee7a n\u00f3. Tr\u00ean th\u1ef1c t\u1ebf th\u00ec nh\u1eefng request h\u1ee3p l\u1ec7 s\u1ebd \u0111\u01b0\u1ee3c cho ph\u00e9p k\u1ebft n\u1ed1i t\u1edbi router b\u00ean trong ngay sau khi ho\u00e0n th\u00e0nh ti\u1ebfn tr\u00ecnh b\u1eaft tay 3 b\u01b0\u1edbc v\u1edbi router.<\/p>\n<p><u>Watch mode<\/u><br \/>\nTrong mode n\u00e0y, router ch\u1ec9 xem c\u00e1c phi\u00ean k\u1ebft n\u1ed1i gi\u1eefa user v\u00e0 server. Router ki\u1ec3m tra c\u00e1c k\u1ebft n\u1ed1i n\u00e0y, theo d\u00f5i c\u00e1c k\u1ebft n\u1ed1i ch\u01b0a \u0111\u01b0\u1ee3c ho\u00e0n t\u1ea5t. Sau \u0111\u00f3 n\u00f3 s\u1ebd so s\u00e1nh v\u1edbi gi\u00e1 tr\u1ecb timeout \u0111\u00e3 c\u1ea5u h\u00ecnh tr\u01b0\u1edbc (m\u1eb7c \u0111\u1ecbnh l\u00e0 30s). N\u1ebfu m\u1ed9t k\u1ebft n\u1ed1i TCP ch\u01b0a ho\u00e0n t\u1ea5t qu\u00e1 tr\u00ecnh b\u1eaft tay 3 b\u01b0\u1edbc v\u00e0 qu\u00e1 kho\u1ea3ng th\u1eddi gian timeout th\u00ec router s\u1ebd g\u1eedi c\u1edd TCP reset \u0111\u1ebfn server \u0111\u1ec3 h\u1ee7y b\u1ecf k\u1ebft n\u1ed1i. N\u1ebfu c\u00f3 tr\u01b0\u1eddng h\u1ee3p t\u1ea5n c\u00f4ng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn server b\u00ean trong th\u00ec router s\u1ebd lo\u1ea1i b\u1ecf c\u00e1c half-open connections, v\u00ec v\u1eady h\u1ea1n ch\u1ebf \u0111\u01b0\u1ee3c s\u1ef1 qu\u00e1 t\u1ea3i tr\u00ean server v\u00e0 v\u1eabn cho ph\u00e9p c\u00e1c k\u1ebft n\u1ed1i h\u1ee3p l\u1ec7 k\u1ebft n\u1ed1i \u0111\u1ebfn.<\/p>\n<\/div>\n<p style=\"text-align: left;\">Tham kh\u1ea3o th\u00eam t\u1ea1i:\u00a0https:\/\/ccie-or-null.net\/2012\/08\/27\/configuring-tcp-intercept\/<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>TCP intercept\u00a0l\u00e0 m\u1ed9t trong nh\u1eefng \u0111\u1eb7c t\u00ednh c\u1ee7a b\u1ed9 Cisco IOS Firewall, th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[19,6],"tags":[95,100,115,116,117,118],"class_list":["post-498","post","type-post","status-publish","format-standard","hentry","category-issues","category-networking","tag-no-ip-directed-broadcast","tag-phong-chong-syn-flood","tag-tan-cong-dos-co-the-phong-chong-triet-de","tag-tan-cong-tu-choi-dich-vu-dos-dac-diem-cach-ngan-chan-phong-chong","tag-tcp-intercept-asa","tag-tcp-intercept-default-mode"],"_links":{"self":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=498"}],"version-history":[{"count":0,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/498\/revisions"}],"wp:attachment":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}