![\"\"](\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/TCPUDP6.jpg\")
<\/p>\nTCP SYN Flood, Established Bit, TCP Intercept<\/b><\/p>\n
Ki\u1ec3u t\u1ea5n c\u00f4ng TCP SYN flood l\u00e0 m\u1ed9t ki\u1ec3u t\u1ea5n c\u00f4ng tr\u1ef1c ti\u1ebfp v\u00e0o m\u00e1y ch\u1ee7 b\u1eb1ng c\u00e1ch t\u1ea1o ra m\u1ed9t s\u1ed1 l\u01b0\u1ee3ng l\u1edbn c\u00e1c k\u1ebft n\u1ed1i TCP nh\u01b0ng kh\u00f4ng ho\u00e0n th\u00e0nh c\u00e1c k\u1ebft n\u1ed1i n\u00e0y.<\/p>\n
Ph\u00eda k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd kh\u1edfi t\u1ea1o nhi\u1ec1u TCP, trong m\u1ed7i k\u1ebft n\u1ed1i ch\u1ec9 \u0111\u1ec3 c\u1edd TCP SYN. M\u00e1y ch\u1ee7 s\u1ebd g\u1eedi l\u1ea1i tr\u1ea3 l\u1eddi v\u1edbI TCP SYN v\u00e0 ACK. Nh\u01b0ng sau \u0111\u00f3 m\u00e1y t\u1ea5n c\u00f4ng \u0111\u01a1n gi\u1ea3n l\u00e0 kh\u00f4ng tr\u1ea3 l\u1eddi th\u00f4ng \u0111i\u1ec7p th\u1ee9 ba nh\u01b0 mong \u0111\u1ee3i c\u1ee7a server theo ti\u1ebfn tr\u00ecnh b\u1eaft tay ba chi\u1ec1u. Server l\u00fac n\u00e0y s\u1ebd t\u1ed1n b\u1ed9 nh\u1edb v\u00e0 t\u00e0i nguy\u00ean trong khi ch\u1edd c\u00e1c phi\u00ean TCP timeouts ho\u1eb7c tr\u01b0\u1edbc khi c\u00e1c k\u1ebft n\u1ed1i \u0111ang thi\u1ebft l\u1eadp dang d\u1edf \u0111\u01b0\u1ee3c d\u1ecdn d\u1eb9p.<\/p>\n
M\u00e1y server l\u00fac n\u00e0y c\u00f3 th\u1ec3 t\u1eeb ch\u1ed1i c\u00e1c k\u1ebft n\u1ed1i TCP kh\u00e1c v\u00e0 c\u00e1c thi\u1ebft b\u1ecb c\u00e2n b\u1eb1ng t\u1ea3i trong c\u00e1c server farm l\u00fac n\u00e0y c\u00f3 th\u1ec3 chia t\u1ea3i kh\u00f4ng c\u00e2n b\u1eb1ng. C\u00e1c firewall c\u00f3 h\u1ed7 tr\u1ee3 c\u01a1 ch\u1ebf stateful c\u00f3 th\u1ec3 ng\u0103n ng\u1eeba ki\u1ec3u t\u1ea5n c\u00f4ng TCP SYN attack n\u00e0y.<\/p>\n
Ki\u1ec3u t\u1ea5n c\u00f4ng SYN flood v\u1eabn hi\u1ec7u qu\u1ea3 ng\u00e0y nay l\u00e0 nh\u1edd ba nguy\u00ean nh\u00e2n:<\/p>\n
– C\u00e1c g\u00f3i tin SYN l\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a l\u01b0u l\u01b0\u1ee3ng b\u00ecnh th\u01b0\u1eddng, h\u00e0ng ng\u00e0y. V\u00ec v\u1eady r\u1ea5t kh\u00f3 cho c\u00e1c thi\u1ebft b\u1ecb c\u00f3 th\u1ec3 l\u1ecdc ki\u1ec3u l\u01b0u l\u01b0\u1ee3ng n\u00e0y.
\n– C\u00e1c g\u00f3i tin SYN th\u01b0\u1eddng kh\u00f4ng y\u00eau c\u1ea7u nhi\u1ec1u b\u0103ng th\u00f4ng \u0111\u1ec3 kh\u1edfi \u0111\u1ed9ng t\u1ea5n c\u00f4ng b\u1edfi v\u00ec k\u00edch th\u01b0\u1edbc kh\u00e1 nh\u1ecf.
\n– C\u00e1c g\u00f3i tin SYN c\u00f3 th\u1ec3 b\u1ecb spoofed b\u1edfi v\u00ec kh\u00f4ng c\u1ea7n c\u00e1c th\u00f4ng \u0111i\u1ec7p tr\u1ea3 l\u1eddi g\u1eedi ng\u01b0\u1ee3c v\u1ec1 \u0111\u00edch. K\u1ebft qu\u1ea3 l\u00e0, b\u1ea1n c\u00f3 th\u1ec3 ch\u1ecdn c\u00e1c \u0111\u1ecba ch\u1ec9 IP ng\u1eabu nhi\u00ean \u0111\u1ec3 kh\u1edfi \u0111\u1ed9ng t\u1ea5n c\u00f4ng, l\u00e0m cho c\u00e1c tay qu\u1ea3n tr\u1ecb c\u00e0ng kh\u00f3 l\u1ecdc b\u1ecf c\u00e1c g\u00f3i tin n\u00e0y.<\/p>\n
Ph\u00e1t hi\u1ec7n ki\u1ec3u t\u1ea5n c\u00f4ng DoS<\/b><\/p>\n
Vi\u1ec7c ph\u00e1t hi\u1ec7n ki\u1ec3u t\u1ea5n c\u00f4ng DoS th\u00ec th\u01b0\u1eddng d\u1ec5 th\u1ea5y, nh\u01b0ng c\u00e1c ki\u1ec3u t\u1ea5n c\u00f4ng n\u00e0y th\u01b0\u1eddng kh\u00f3 ph\u00e1t hi\u1ec7n l\u00fac \u0111\u1ea7u. C\u00e1c tri\u1ec7u ch\u1ee9ng th\u01b0\u1eddng l\u00e0:<\/p>\n
– C\u00e1c ho\u1ea1t \u0111\u1ed9ng m\u1ea1ng t\u0103ng cao.
\n– CPU c\u1ee7a router t\u0103ng cao.
\n– Kh\u00f4ng tr\u1ea3 l\u1eddi t\u1eeb c\u00e1c host.
\n– C\u00e1c m\u00e1y b\u1ecb treo \u1edf v\u00e0i th\u1eddi \u0111i\u1ec3m.<\/p>\n
M\u1ed9t c\u00e1ch \u0111\u1ec3 ng\u0103n ng\u1eeba ki\u1ec3u t\u1ea5n c\u00f4ng SYN attack l\u00e0 \u0111\u01a1n gi\u1ea3n lo\u1ea1i b\u1ecf c\u00e1c g\u00f3i TCP header trong \u0111\u00f3 ch\u1ec9 c\u00f3 c\u1edd SYN \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp. N\u00f3i c\u00e1ch kh\u00e1c, lo\u1ea1i b\u1ecf t\u1ea5t c\u1ea3 c\u00e1c g\u00f3i tin \u0111\u1ea7u ti\u00ean trong m\u1ed9t k\u1ebft n\u1ed1i TCP m\u1edbi. Trong nhi\u1ec1u tr\u01b0\u1eddng h\u1ee3p, m\u1ed9t router kh\u00f4ng n\u00ean cho ph\u00e9p c\u00e1c k\u1ebft n\u1ed1i TCP \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp b\u1edfi client. Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, vi\u1ec7c l\u1ecdc c\u00e1c TCP segment ban \u0111\u1ea7u gi\u00fap ng\u0103n ng\u1eeba SYN attack.<\/p>\n
<\/p>\n
Cisco IOS ACLs kh\u00f4ng th\u1ec3 match tr\u1ef1c ti\u1ebfp c\u1edd TCP SYN. Tuy nhi\u00ean m\u1ed9t ACL c\u00f3 th\u1ec3 d\u00f9ng t\u1eeb kh\u00f3a establised \u0111\u1ec3 t\u00ecm ra nh\u1eefng tcp segment c\u00f3 c\u1edd ACK \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp. T\u1eeb kh\u00f3a established c\u00f3 th\u1ec3 match t\u1ea5t c\u1ea3 c\u00e1c TCP segment ngo\u1ea1i tr\u1eeb TCP segment \u0111\u1ea7u ti\u00ean trong m\u1ed9t k\u1ebft n\u1ed1i m\u1edbi. C\u1ea5u h\u00ecnh d\u01b0\u1edbi \u0111\u00e2y s\u1ebd d\u00f9ng tr\u00ean R1 \u0111\u1ec3 t\u1eeb ch\u1ed1i nh\u1eefng y\u00eau c\u1ea7u k\u1ebft n\u1ed1i m\u1edbi t\u1eeb Internet \u0111i v\u00e0o m\u1ea1ng b\u00ean trong ASN1.<\/p>\n
D\u00f2ng ACE \u0111\u1ea7u ti\u00ean s\u1ebd l\u1ef1a ra c\u00e1c ph\u00e2n \u0111o\u1ea1n TCP kh\u00f4ng ph\u1ea3I l\u00e0 segment \u0111\u1ea7u ti\u00ean v\u00e0 cho ph\u00e9p c\u00e1c segment n\u00e0y. D\u00f2ng ACE th\u1ee9 hai s\u1ebd l\u1ef1a ra t\u1ea5t c\u1ea3 c\u00e1c TCP segment, nh\u01b0ng v\u00ec t\u1ea5t c\u00e1c c\u00e1c segment kh\u00f4ng ph\u1ea3il\u00e0 \u0111\u1ea7u ti\u00ean \u0111\u00e3 d\u00ednh v\u1edbI d\u00f2ng \u0111\u1ea7u ti\u00ean, d\u00f2ng th\u1ee9 hai n\u00e0y s\u1ebd ch\u1ec9 so tr\u00f9ng v\u1edbI c\u00e1c segment \u0111\u1ea7u ti\u00ean.
\n
\nip access-list extended prevent-syn
\npermit tcp any 1.0.0.0 0.255.255.255 established
\ndeny tcp any 1.0.0.0 0.255.255.255
\npermit (whatever)
\n!
\ninterface s0\/0
\nip access-group prevent-syn in<\/i><\/p>\n
ACL ho\u1ea1t \u0111\u1ed9ng t\u1ed1t khi client n\u1eb1m b\u00ean ngo\u00e0i m\u1ea1ng kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p t\u1ea1o k\u1ebft n\u1ed1i TCP v\u00e0o m\u1ea1ng b\u00ean trong. Tuy nhi\u00ean trong nh\u1eefng tr\u01b0\u1eddng h\u1ee3p c\u00e1c k\u1ebft n\u1ed1i TCP v\u00e0o b\u00ean trong l\u00e0 \u0111\u01b0\u1ee3c ph\u00e9p, ACL n\u00e0y kh\u00f4ng th\u1ec3 \u0111\u01b0\u1ee3c d\u00f9ng. M\u1ed9t \u0111\u1eb7c \u0111i\u1ec3m kh\u00e1c c\u1ee7a CiscoIOS \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 TCP intercept cho ph\u00e9p c\u00e1c k\u1ebft n\u1ed1i TCP \u0111i v\u00e0o m\u1ea1ng nh\u01b0ng gi\u00e1m s\u00e1t c\u00e1c k\u1ebft n\u1ed1i n\u00e0y \u0111\u1ec3 ch\u1ed1ng ki\u1ec3u t\u1ea5n c\u00f4ng TCP SYN. TCP Intercept ho\u1ea1t \u0111\u1ed9ng trong hai ch\u1ebf \u0111\u1ed9. Trong ch\u1ebf \u0111\u1ed9 watch, n\u00f3 theo d\u00f5i th\u00f4ng tin tr\u1ea1ng th\u00e1i c\u1ee7a k\u1ebft n\u1ed1I TCP match v\u1edbi m\u1ed9t ACL. N\u1ebfu k\u1ebft n\u1ed1i TCP kh\u00f4ng ho\u00e0n b\u1eaft tay hai chi\u1ec1u trong m\u1ed9t kho\u1ea3ng th\u1eddi gian, TCP intercepts s\u1ebd g\u1eedi m\u1ed9t th\u00f4ng \u0111i\u1ec7p TCP reset \u0111\u1ebfn m\u00e1y server, d\u1ecdn d\u1eb9p k\u1ebft n\u1ed1i. N\u00f3 c\u0169ng s\u1ebd \u0111\u1ebfn s\u1ed1 k\u1ebft n\u1ed1i m\u1edbi trong m\u1ed9t kho\u1ea3ng th\u1eddi gian v\u00e0 n\u1ebfu c\u00f3 m\u1ed9t s\u1ed1 l\u1edbn k\u1ebft n\u1ed1i trong m\u1ed9t gi\u00e2y (\u201cl\u1edbn\u201d c\u00f3 gi\u00e1 tr\u1ecb m\u1eb7c \u0111\u1ecbnh l\u00e0 1100), router s\u1ebd t\u1ea1m th\u1eddi l\u1ecdc c\u00e1c y\u00eau c\u1ea7u thi\u1ebft l\u1eadp TCP m\u1edbi.<\/p>\n
Trong ch\u1ebf \u0111\u1ed9 intercept, router s\u1ebd tr\u1ea3 l\u1eddi \u0111\u1ebfn c\u00e1c y\u00eau c\u1ea7u thi\u1ebft l\u1eadp TCP thay v\u00ec chuy\u1ec3n c\u00e1c y\u00eau c\u1ea7u n\u00e0y v\u1ec1 server. Sau \u0111\u00f3, n\u1ebfu qu\u00e1 tr\u00ecnh b\u1eaft tay 3 l\u1ea7n ho\u00e0n th\u00e0nh, router s\u1ebd t\u1ea1o ra m\u1ed9t k\u1ebft n\u1ed1i gi\u1eefa n\u00f3 v\u00e0 server. \u1ede th\u1eddi \u0111i\u1ec3m n\u00e0y, router \u0111\u00e3 n\u1ed1i ch\u1eb7t hai k\u1ebft n\u1ed1i v\u1edbi nhau. Ch\u1ebf \u0111\u1ed9 n\u00e0y l\u00e0m t\u1ed1n nhi\u1ec1u t\u1ea3i nh\u01b0ng b\u1ea3o v\u1ec7 t\u1ed1t h\u01a1n cho server.<\/p>\n
C\u00e1c l\u1ec7nh d\u01b0\u1edbi \u0111\u00e2y s\u1ebd b\u1eadt c\u01a1 ch\u1ebf TCP intercept cho nh\u1eefng g\u00f3i tin so tr\u00f9ng v\u1edbi ACL match-tcp-from-internet. Ngo\u00e0i ra, ch\u1ebf \u0111\u1ed9 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp l\u00e0 ch\u1ebf \u0111\u1ed9 watch, c\u00f2n ch\u1ebf \u0111\u1ed9 m\u1eb7c \u0111\u1ecbnh l\u00e0 intercept. Cu\u1ed1i c\u00f9ng, l\u1ec7nh watch timeout \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u01b0a v\u1ec1 ch\u1ebf \u0111\u1ed9 m\u1eb7c \u0111\u1ecbnh l\u00e0 30 gi\u00e2y. N\u1ebfu k\u1ebft n\u1ed1i TCP v\u1eabn trong t\u00ecnh tr\u1ea1ng kh\u00f4ng ho\u00e0n t\u1ea5t, c\u01a1 ch\u1ebf TCP intercept s\u1ebd kh\u1edfi \u0111\u1ed9ng vi\u1ec7c h\u1ee7y k\u1ebft n\u1ed1i.<\/p>\n
ip tcp intercept-list match-tcp-from-internet
\nip tcp intercept mode watch
\nip tcp intercept watch-timeout 20<\/i><\/p>\n
ACL s\u1ebd l\u1ef1a ra t\u1ea5t c\u1ea3 c\u00e1c g\u00f3i tin g\u1eedi \u0111\u1ebfn \u0111\u1ecba ch\u1ec9 1.0.0.0\/8 v\u00e0 d\u00f9ng TCP. ACL n\u00e0y s\u1ebd tham chi\u1ebfu \u0111\u1ebfn c\u00e1c l\u1ec7nh ip tcp intercept-list \u1edf tr\u00ean.<\/p>\n
ip access-list extended match-tcp-from-internet
\npermit tcp any 1.0.0.0 0.255.255.255<\/i>
\nCh\u00fa \u00fd r\u1eb1ng ACL kh\u00f4ng \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng v\u00e0o b\u1ea5t k\u1ef3 c\u1ed5ng n\u00e0o.<\/p>\n
interface s0\/0
\n! Note: there is no ACL enabled on the interface!<\/i><\/p>\n
\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
TCP SYN Flood, Established Bit, TCP Intercept Ki\u1ec3u t\u1ea5n c\u00f4ng TCP SYN flood l\u00e0 m\u1ed9t ki\u1ec3u t\u1ea5n c\u00f4ng tr\u1ef1c ti\u1ebfp […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[29,25,16,27,21,6],"tags":[],"class_list":["post-568","post","type-post","status-publish","format-standard","hentry","category-ccie-rs","category-cisco","category-courses","category-jncie","category-juniper","category-networking"],"_links":{"self":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=568"}],"version-history":[{"count":0,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/568\/revisions"}],"wp:attachment":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}