Differences

This shows you the differences between two versions of the page.

--- workbook:jno-332:332_screen [2017/06/06 13:54] – k
+++ workbook:jno-332:332_screen [2021/08/12 08:35] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-=====332 Screen=====
+===== JN0-332: Screen=====
-----
+**Необходимые знания по Screens:**
-Необходимые знания по Screens:
   *Identify the concepts, benefits and operation of Screens
     *Attack types and phases
@@ Line 399: / Line 397: @@
 Можно задать следующие пороги:
   * Alarm threshold - порог, syn пакетов в секунду (half-complete TCP connection requests), после которого пишется запись в лог.
-  * Alarm threshold - порог, после включается механизм проксирования syn пакетов.
+  * Attak threshold - порог, после включается механизм проксирования syn пакетов.
   * Source threshold - порог, syn пакетов в секунду, с одного адреса источника после достижения которого пакеты начинают тихо дропаться.
   * Destination threshold - порог, syn пакетов в секунду, в сторону одного адреса назначения после достижения которого пакеты начинают тихо дропаться.
@@ Line 522: / Line 520: @@
 	 }
 {
+</code>
+----
+==== Настройка ====
+<code>
+{primary:node0}[edit security screen]
+admin@msk-02-srx3-n0# set ids-option TEST ?
+Possible completions:
+  alarm-without-drop   Do not drop packet, only generate alarm
++ apply-groups         Groups from which to inherit configuration data
++ apply-groups-except  Don't inherit configuration data from these groups
+  description          Text description of screen
+> icmp                 Configure ICMP ids options
+> ip                   Configure IP layer ids options
+> limit-session        Limit sessions
+> tcp                  Configure TCP Layer ids options
+> udp                  Configure UDP layer ids options
+</code>
+<code>
+{primary:node0}[edit security screen]
+admin@msk-02-srx3-n0# set ids-option TEST tcp ?
+Possible completions:
++ apply-groups         Groups from which to inherit configuration data
++ apply-groups-except  Don't inherit configuration data from these groups
+  fin-no-ack           Enable Fin bit with no ACK bit ids option
+  land                 Enable land attack ids option
+> port-scan            Configure port scan ids option
+> syn-ack-ack-proxy    Configure syn-ack-ack proxy ids option
+  syn-fin              Enable SYN and FIN bits set attack ids option
+> syn-flood            Configure SYN flood ids option
+  syn-frag             Enable SYN fragment ids option
+  tcp-no-flag          Enable TCP packet without flag ids option
+> tcp-sweep            Configure TCP sweep ids option
+  winnuke              Enable winnuke attack ids option
+</code>
+<code>
+{primary:node0}[edit security screen]
+admin@msk-02-srx3-n0# set ids-option TEST icmp ?
+Possible completions:
++ apply-groups         Groups from which to inherit configuration data
++ apply-groups-except  Don't inherit configuration data from these groups
+> flood                Configure icmp flood ids option
+  fragment             Enable ICMP fragment ids option
+  icmpv6-malformed     Enable icmpv6 malformed ids option
+> ip-sweep             Configure ip sweep ids option
+  large                Enable large ICMP packet (size > 1024) ids option
+  ping-death           Enable ping of death ids option
+</code>
+<code>
+{primary:node0}[edit security screen]
+admin@msk-02-srx3-n0# set ids-option TEST ip ?
+Possible completions:
++ apply-groups         Groups from which to inherit configuration data
++ apply-groups-except  Don't inherit configuration data from these groups
+  bad-option           Enable ip with bad option ids option
+  block-frag           Enable ip fragment blocking ids option
+> ipv6-extension-header  Configure ipv6 extension header ids option
+  ipv6-extension-header-limit  Enable ipv6 extension header limit ids option (0..32)
+  ipv6-malformed-header  Enable ipv6 malformed header ids option
+  loose-source-route-option  Enable ip with loose source route ids option
+  record-route-option  Enable ip with record route option ids option
+  security-option      Enable ip with security option ids option
+  source-route-option  Enable ip source route ids option
+  spoofing             Enable IP address spoofing ids option
+  stream-option        Enable ip with stream option ids option
+  strict-source-route-option  Enable ip with strict source route ids option
+  tear-drop            Enable tear drop ids option
+  timestamp-option     Enable ip with timestamp option ids option
+  unknown-protocol     Enable ip unknown protocol ids option
+</code>
+<code>
+{primary:node0}[edit security screen]
+admin@msk-02-srx3-n0# set ids-option TEST limit-session ?
+Possible completions:
++ apply-groups         Groups from which to inherit configuration data
++ apply-groups-except  Don't inherit configuration data from these groups
+  destination-ip-based  Limit sessions to the same destination IP (1..50000)
+  source-ip-based      Limit sessions from the same source IP (1..50000)
+</code>
+<code>
+{primary:node0}[edit security screen]
+admin@msk-02-srx3-n0# set ids-option TEST udp ?
+Possible completions:
++ apply-groups         Groups from which to inherit configuration data
++ apply-groups-except  Don't inherit configuration data from these groups
+> flood                Configure UDP flood ids option
+> udp-sweep            Configure UDP sweep ids option
 </code>
@@ Line 528: / Line 619: @@
 ===== Полезные ссылки =====
   * [[https://ru.wikipedia.org/wiki/SYN_cookies|SYN cookies]]
+{{tag>juniper jn0-332 exam}}