{"id":501,"date":"2018-06-30T11:40:41","date_gmt":"2018-06-30T04:40:41","guid":{"rendered":"https:\/\/lagonet.vn\/?p=501"},"modified":"2018-06-30T11:40:41","modified_gmt":"2018-06-30T04:40:41","slug":"cau-hinh-tcp-intercept-watch-mode-phong-chong-tan-cong-dos","status":"publish","type":"post","link":"https:\/\/kb.lagonet.vn\/?p=501","title":{"rendered":"C\u1ea4U H\u00ccNH TCP INTERCEPT WATCH MODE PH\u00d2NG CH\u1ed0NG T\u1ea4N C\u00d4NG DOS"},"content":{"rendered":"

M\u1ee5c ti\u00eau<\/b>: C\u1ea5u h\u00ecnh \u0111\u1ec3 router gi\u00e1m s\u00e1t c\u00e1c k\u1ebft n\u1ed1i TCP ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng DOS
\nM\u00f4 h\u00ecnh<\/b>:<\/p>\n

\n
\"\"<\/div>\n<\/div>\n

M\u00f4 t\u1ea3<\/b>:
\n– C\u1ea5u h\u00ecnh NAT t\u0129nh
\n– T\u1ea1o ACL 199 v\u00e0 match c\u00e1c k\u1ebft n\u1ed1i TCP port 80 v\u00e0o server.
\n– C\u1ea5u h\u00ecnh TCP intercept s\u1eed d\u1ee5ng ACL 199 v\u00e0 d\u00f9ng mode random-drop
\n– Router s\u1ebd reset c\u00e1c k\u1ebft n\u1ed1i n\u1ebfu ch\u00fang \u1edf trong t\u00ecnh tr\u1ea1ng half-open h\u01a1n 15 gi\u00e2y.
\n– B\u1eaft \u0111\u1ea7u resetting half-open sessions khi s\u1ed1 session l\u00ean \u0111\u1ebfn 1500
\n– D\u1eebng resetting half-open sessions khi s\u1ed1 session gi\u1ea3m d\u1ea7n xu\u1ed1ng c\u00f2n 1200<\/p>\n

C\u1ea5u h\u00ecnh tham kh\u1ea3o<\/b>
\nB\u01b0\u1edbc 1<\/b>: \u0110\u1eb7t \u0111\u1ecba ch\u1ec9 IP, \u0111\u1ecbnh tuy\u1ebfn, c\u1ea5u h\u00ecnh NAT t\u0129nh
\nRouter 4<\/i>
\n!
\n!
\ninterface Loopback0
\nip address 150.1.4.4 255.255.255.0
\n!
\ninterface FastEthernet0\/0
\nip address 155.1.45.4 255.255.255.0
\nip nat outside
\nip virtual-reassembly
\nduplex auto
\nspeed auto
\n!
\ninterface FastEthernet0\/1
\nip address 10.0.0.4 255.255.255.0
\nip nat inside
\nip virtual-reassembly
\nduplex auto
\nspeed auto
\n!
\ninterface Serial0\/2\/0
\nno ip address
\nshutdown
\nno fair-queue
\nclockrate 2000000
\n!
\nrouter ospf 1
\nlog-adjacency-changes
\nnetwork 150.1.4.0 0.0.0.255 area 0
\nnetwork 155.1.45.0 0.0.0.255 area 0
\n!
\nip classless
\n!
\n!
\nip http server
\nno ip http secure-server
\nip nat inside source static 10.0.0.1 150.1.4.4
\n!
\n!<\/p>\n

Router1<\/i>
\n!
\ninterface FastEthernet0\/0
\nip address 10.0.0.1 255.255.255.0
\nduplex auto
\nspeed auto
\n!
\nip classless
\nip route 0.0.0.0 0.0.0.0 10.0.0.4
\n!
\n!<\/p>\n

Router5<\/i>
\n!
\n!
\n!
\n!
\ninterface FastEthernet0\/0
\nip address 155.1.45.5 255.255.255.0
\nduplex auto
\nspeed auto
\n!
\ninterface FastEthernet0\/1
\nip address 150.1.5.5 255.255.255.0
\nduplex auto
\nspeed auto
\nno keepalive
\n!
\n!
\nrouter ospf 1
\nlog-adjacency-changes
\nnetwork 150.1.5.0 0.0.0.255 area 0
\nnetwork 155.1.45.0 0.0.0.255 area 0
\n!
\nip classless
\nno ip http server
\n!
\n!
\n!<\/p>\n

B\u01b0\u1edbc 2<\/b>: C\u1ea5u h\u00ecnh TCP intercept \u1edf watch mode
\nRouter 4<\/i><\/p>\n

!
\nip tcp intercept list 199
\nip tcp intercept mode watch
\nip tcp intercept watch-timeout 15
\nip tcp intercept max-incomplete high 1500
\nip tcp intercept max-incomplete low 1200
\nip tcp intercept connection-timeout 3600
\nip tcp intercept drop-mode random
\n!
\n!
\naccess-list 199 permit tcp any any eq 80
\n!
\n!<\/p>\n

B\u01b0\u1edbc 3<\/b>: Ki\u1ec3m tra.
\nR4#debug ip tcp intercept<\/b>
\nTCP intercept debugging is on<\/p>\n

R5#telnet 150.1.4.4 80
\nTrying 150.1.4.4, 80 … Open<\/p>\n

[Connection to 150.1.4.4 closed by foreign host]<\/p>\n

R4#
\nMar 8 10:10:58.783: INTERCEPT: new connection (155.1.45.5:53353 SYN -> 10.0.0.1:80)
\nMar 8 10:10:59.099: INTERCEPT: client packet passed in SYNSENT (155.1.45.5:53353 -> 10.0.0.1:80)
\nMar 8 10:10:59.103: INTERCEPT: client packet passed in SYNSENT (155.1.45.5:53353 -> 10.0.0.1:80)
\nMar 8 10:11:13.787: INTERCEPT: SYNSENT timing out (155.1.45.5:53353 <-> 10.0.0.1:80)
\nMar 8 10:11:13.791: INTERCEPT(*): (155.1.45.5:53353 RST -> 10.0.0.1:80) => (1)
\nR4#<\/p>\n

(1) K\u1ebft n\u1ed1i \u0111\u00e3 qu\u00e1 th\u1eddi gian timeout, router s\u1ebd g\u1eedi c\u1edd RST t\u1edbi server.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

M\u1ee5c ti\u00eau: C\u1ea5u h\u00ecnh \u0111\u1ec3 router gi\u00e1m s\u00e1t c\u00e1c k\u1ebft n\u1ed1i TCP ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng DOS M\u00f4 h\u00ecnh: M\u00f4 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[25,19,6],"tags":[],"class_list":["post-501","post","type-post","status-publish","format-standard","hentry","category-cisco","category-issues","category-networking"],"_links":{"self":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=501"}],"version-history":[{"count":0,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/501\/revisions"}],"wp:attachment":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}