Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1329016
  • 博文数量: 464
  • 博客积分: 9399
  • 博客等级: 中将
  • 技术积分: 6364
  • 用 户 组: 普通用户
  • 注册时间: 2011-02-19 09:15
文章分类

全部博文(464)

文章存档

2014年(12)

2013年(123)

2012年(173)

2011年(156)

我的朋友

分类: 系统运维

2011-12-26 15:31:09

Netscreen行下限BT
可供参考:
Setp 1 --- Define service  
========================== 
set service "BitComet_Handshake" protocol tcp src-port 0-65535 dst-port 1025-65535  
set service "http8080" protocol tcp src-port 0-65535 dst-port 8080-8080  


Sept 2 --- Define Signature for tracker query 
============================================== 

set attack "CS:BT-TRACK:1" http-url-variable-parsed ".*\[attachmentid\].*" severity info 
set attack "CS:BT-TRACK:2" stream256 ".*\[announce\].*" severity info 
set attack "CS:BT-TRACK:3" http-url-parsed ".*\[torrent\].*" severity info 

--- Define some signature that will match HTTP request to download "*.torrent" file. 
--- This will apply to HTTP or customized HTTP service port, such as tcp port 8080. 


Sept 3 --- Define Signature for Handshake 
========================================== 

set attack "CS:Bitcomet:HandShake" stream256 ".*\[BitTorrent protocol\].*" severity info 
--- Define attack signature for blocking BitTorrent handshake. 


Stpe 4 --- Define tracker query attack group for referenced in policy 
================================================================== 
set attack group "CS:Bitcomet:Track" 
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:2" 
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:3" 
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:1" 


Stpe 5 --- Define Handshake attack group for referenced in policy 
================================================================== 
set attack group "CS:BitComet:HandShake" 
set attack group "CS:BitComet:HandShake" add "CS:Bitcomet:HandShake" 


Step 6 --- Policy for tracker query for standard HTTP service 
============================================================== 
set policy id 3 from "Trust" to "Untrust" "Any" "Any" "HTTP" permit log  
set policy id 3 attack "CS:Bitcomet:Track" action close 
set policy id 3  
exit 


Step 7 --- Policy for tracker query for customized HTTP service 
================================================================= 
set policy id 4 from "Trust" to "Untrust" "Any" "Any" "http8080" permit  
set policy id 4 attack "CS:Bitcomet:Track" action close 
set policy id 4 application "http" ---- ? option 
set policy id 4  
exit 


Step 8 --- Policy peer Handshake 
================================================================= 
set policy id 5 from "Trust" to "Untrust" "Any" "Any" "BitComet_Handshake" permit  
set policy id 5 application "TALK"
set policy id 5 attack "CS:BitComet:HandShake" action close 
set policy id 5  
exit



CCIE Security 2009 IOS防火墙合集



阅读(732) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~