Sophos XGÄ~©Ó¦ÛCyberoam¦³´£¨Ñ²³æªºDoS¨¾Å@³]©w¡C



³o²³æªºDoS¨¾Å@¤À¬°SYN/UDP/TCP/ICMP¥|¤jÃþªºflood»Ö­È³]©w¡A
¥u­n¶W¥X³]©w­È¡A¦h¾lªº«Ê¥]´N·|³Q¥á±ó¡C
¦Ó³Q¥á±óªº«Ê¥]¼Æ¶q«h·|¥X²{¦b²Ä¤@­Ó­¶­±ªºDoS Attacks²Î­pªí¤¤¡C



¤£¹L³o­ÓWebUIªºDoS¨¾Å@¨ä¹ê¬Û·í¶§¬K¡A«h¤F¿ï¾Ü¨Ó·½ºÝ©Î¥ØªººÝªº±Ò¥Î»P§_»P»Ö­È¥~¡A
µLªk°µ¨ì¨ä¥¦½Ñ¦p¬Y­Ó¤¶­±©ÎZone¨ì¥t¤@­Ó°Ï°ìªº²Ó¶µ³]©w¡C

¦b¤W¤FSophos XGªºArchitect½Òµ{«á¡Aµo²{­ì¨ÓDoS¥\¯à¦³¨ä¥¦¶i¶¥²Ó¶µ³]©w¡A
¥u¤£¹L³o¨Ç²Ó¶µ³]©w¥²»Ý¦bConsole Mode¤U³z¹L«ü¥O¨Ó¤U¹F¡C


Sophos XG DoSªº¶i¶¥³]©w¥]§t¨â­Ó¥D­n¦¨­ûDoS Policy»PDoS Rule¡C
´N¦p¦P¨ä¥¦¨¾¤õÀð³W«h¤@¼Ë¡A¥ý¦bDoS Policy©w¸q¦n­n¹LÂoªºProtocol»P»Ö­È¡A
µM«á¦bDoS Rule¤¤©w¸q¦n­n®M¥ÎªºDoS Policy»P¨Ó·½/¥Øªº°Ï°ì¡A³o¼Ë´N§¹¦¨¤F¡ã

DoS Policy«ü¥O¦p¤U¡C

Dos Rule«ü¥O¦p¤U¡C

system dos-config add dos-rule rule-name <name> [options] [rule-position <position>] dos-policy <policy-name>

Á|¨Ò¨Ó»¡¡A­Y§Ú­Ì·Q³]©w¨C¬í¤£¯à¶W¹L100­ÓUDP«Ê¥]ªºDoS Policy¡A
µM«á®M¥Î¦bLAN to DMZªº¤è¦V¤W¡A¹ï¨C­Ó¨Ó·½ºÝ°µ­­¨î¡A
¨ä«ü¥O¦p¤U¡C(DMZºô¬q¬°10.1.1.0/24)

system dos-config add dos-policy policy-name UDP-Test UDP-Flood 100 pps per-src
system dos-config add dos-rule rule-name LAN-to-DMZ-UDP src-zone LAN dstip 10.1.1.0 netmask 255.255.255.0 protocol udp dos-policy UDP-Test

·í®M¥Î§¹³]©w¡A±qLANºÝ¥´¥X¤j¶qUDP«Ê¥]¨ìDMZºÝ®É¡A¤j©ó100 ppsªº«Ê¥]´N·|³QXGµ¹Äd¤U¡A¦ÓÅã¥Ü¦bDoS Attacks²Î­p­¶­±¤¤¡C





°Ñ¦Ò¸ê®Æ
¶¶¤l¥Î¨Ó¥´¤j¶q«Ê¥]ªº¤u¨ã¬OLOIC¡A¥i¦b ³oùØ ¤U¸ü¡C

¤W¤å½d¨Ò¬°LAN to DMZªºUDP flood³]©w¡A
¦pªG¬O­n¨¾Å@¨Ó¦ÛWAN to DMZªºTCP flood¤S¸Ó¦p¦ó³]©w©O¡H

¥Ñ©ó¨Ó¦ÛWANºÝªº¥~³¡IP¬OµLªkª½±µ³s¨ì¦ì¦bXG¤º³¡ªºServer¡A
³oÃþ³s½u»Ý¨D¥²»Ý³z¹LXGªºbusiness application rule¶i¦æDNATÂà§}«á¤~¯à¿ì¨ì¡A
¦]¦¹³]©wWAN to DMZªºflood¨¾Å@®É¡AÁöµM³Ì²×¥Øªº¬O¤º³¡ServerªºµêÀÀIP¡A
¦ý¦b³]©w®É¡AÁÙ¬O­n§â¥Ø¼ÐIP³]©w¬°XG¤Wmappingµ¹¤º³¡Serverªº¥~³¡IP¡C

¨Ò¦pXG¤WªºWAN°t¸m¤F¤@­Ó¥~³¡IP 123.123.123.1¡A
¨Ã§â³o­ÓIPªºTCP 8080 port¾É¦V¤º³¡web server 172.16.16.1¡C
¨º§Ú­Ì­n¹ï³o¥xweb server¶i¦æTCP flood¨¾Å@®É¡A
´N¸Ó¶i¦æ¦p¤Uªº°t¸m¡C