wanderer/fastnetmon-rewritten
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-23 09:12:14 +01:00
Code Issues Releases Activity

Merge pull request #552 from ericchou1/master

Browse Source 
Updated TPS Config README and DDoS DST Zone Config Templates
This commit is contained in:
Pavel Odintsov 2016-08-23 22:51:50 +03:00 committed by GitHub
commit 86c9db02e3
6 changed files with 960 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/a10_plugin/configs/README.md Normal file
View File

@ -0,0 +1,24 @@
#A10 Networks Thunder TPS Appliance Configs
##Base Config v1 Functionality
1. Assumes TPS receives inbound traffic only (from the Internet to the protected service)
2. Rate Limiters (GLID) for 10gbps, 1gbps, and 100mbps provided for use
3. Basic TCP and UDP templates provided (syn-auth, UDP-auth, and low src port filter)
4. BGP configuration for auto mitigation announcements (ddos-advertise route map)
5. Base sFlow export configuration
6. All events logged in CEF format
##Basic Zone Config v1 Functionality
1. Filters L2, L3, L4 packet anomalies (consult A10 documentation for specifics
2. Drops ICMPv4, ICMPv6, and all fragments
3. Performs TCP SYN Auth for TCP dest ports 21,22,25,53,80,110,143,443,587,993,995,5060,5061
4. Filters well-known UDP SRC ports
5. Performs UDP Auth for UDP dest port 53
6. blocks all other traffic
7. Creates a "incident" in the TPS GUI when seeing any packets to these dest ports.
## These are just examples. Current plugin does not receive rate info from FNM. Future revisions will
Author: Eric Chou ericc@a10networks.com, Rich Groves rgroves@a10networks.com
Feedback and Feature Requests are Appreciated and Welcomed.

119
src/a10_plugin/configs/tps_base_config_v1.txt
View File

@ -1,91 +1,76 @@
system anomaly log
system attack log
system ddos-attack log
system anomaly log
system attack log
system ddos-attack log
!
hostname tps-fastnetmon
hostname A10TPS-Fastnetmon
!
interface management
ip address x.x.x.x x.x.x.x
ip control-apps-use-mgmt-port
ip default-gateway x.x.x.x
enable
interface management
ip address x.x.x.x x.x.x.x
ip control-apps-use-mgmt-port
ip default-gateway x.x.x.x
enable
!
interface ethernet 1
name Inbound
enable
ddos outside
#Mitigation traffic comes in the "outside" port
interface ethernet 1
name Inbound
enable
!
interface ethernet 2
name Outbound
interface ethernet 2
name Outbound
!
!
#optional rate limiters to latch to zones if you know the highest aggregate rate
glid 1
description "10gbps rate limiter"
bit-rate-limit 10000000
glid 1
description "10gbps rate limiter"
bit-rate-limit 10000000
!
glid 2
description "1gbps rate limiter"
bit-rate-limit 1000000
glid 2
description "1gbps rate limiter"
bit-rate-limit 1000000
!
glid 3
description "100mbps rate limiter"
bit-rate-limit 100000
glid 3
description "100mbps rate limiter"
bit-rate-limit 100000
!
ddos protection enable
ddos protection rate-interval 1sec
!
ddos resource-tracking cpu enable
ddos protection enable
ddos protection rate-interval 1sec
!
#template to allow CEF logging toward a receiver such as ELK
ddos zone-template logging cef-logger
log-format-cef
enable-action-logging
ddos resource-tracking cpu enable
!
#template for basic TCP SYN authentication
ddos zone-template tcp tcp-protect1
syn-authentication send-rst
syn-authentication pass-action authenticate-src
syn-authentication fail-action drop
ddos zone-template logging cef-logger
log-format-cef
enable-action-logging
!
#template for UDP "authentication" and low ports filtering
ddos zone-template udp udp-protect1
spoof-detect timeout 5
spoof-detect min-delay 2
spoof-detect pass-action authenticate-src
spoof-detect fail-action drop
known-resp-src-port action drop
ddos zone-template tcp tcp-protect1
syn-authentication send-rst
syn-authentication pass-action authenticate-src
syn-authentication fail-action drop
!
ddos src default ip
ddos zone-template udp udp-protect1
spoof-detect timeout 5
spoof-detect min-delay 2
spoof-detect pass-action authenticate-src
spoof-detect fail-action drop
known-resp-src-port action drop
!
ddos src default ipv6
!
logging syslog information
logging syslog information
!
logging host x.x.x.x
logging host x.x.x.x use-mgmt-port
!
router bgp 2
bgp log-neighbor-changes
bgp router-id x.x.x.x
neighbor x.x.x.x remote-as 1
router bgp x
bgp log-neighbor-changes
bgp router-id x.x.x.x
neighbor x.x.x.x remote-as x
neighbor x.x.x.x description upstream
#you must have this route map applied for auto announcements to work
neighbor x.x.x.x route-map ddos-advertise out
neighbor x.x.x.x route-map ddos-advertise out
!
#auto announcement route map enabled using "bgp advertised" in the zone config
route-map ddos-advertise permit 1
route-map ddos-advertise permit 1
!
sflow setting max-header 128
sflow setting packet-sampling-rate 1000
sflow setting max-header 128
sflow setting packet-sampling-rate 1000
!
#set this to the IP of the FNM host
sflow collector ip x.x.x.x 6343 use-mgmt-port
sflow collector ip x.x.x.x 6343 use-mgmt-port
!
sflow agent address x.x.x.x
sflow agent address x.x.x.x
!
#This turns on packet sampling on the "outside" interface
sflow sampling ethernet 1
!
!
end

132
src/a10_plugin/configs/tps_zone_config_v1.txt
View File

@ -1,8 +1,7 @@
ddos dst zone xxxx
ddos dst zone xxxxxxx
ip x.x.x.x
operational-mode monitor
bgp advertised
#instructs ACOS to announce prefixes bound to the zone
zone-template logging cef-logger
log enable periodic
ip-proto tcp
@ -15,18 +14,52 @@ ddos dst zone xxxx
ip-proto icmp-v6
deny
detection-enable
port other tcp
#catch all for all ports. add more specific ports if you know the specifics of the service under attack
port 20 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
#This allows TPS to create an incident automatically upon receiving the first packet for the zone
level 1
zone-template tcp tcp-protect1
port other udp
port 21 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 22 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 25 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 53 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 53 udp
detection-enable
level 0
zone-escalation-score 10
@ -35,3 +68,90 @@ ddos dst zone xxxx
zone-threshold 1
level 1
zone-template udp udp-protect1
port 80 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 110 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 143 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 443 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 587 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 993 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 995 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 5060 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port 5061 tcp
detection-enable
level 0
zone-escalation-score 10
indicator pkt-rate
score 20
zone-threshold 1
level 1
zone-template tcp tcp-protect1
port other tcp
detection-enable
deny
port other udp
detection-enable
deny

472
src/a10_plugin/json_configs/ddos_dst_zone.py
View File

@ -3,99 +3,425 @@ ddos_dst_zone_path = '/axapi/v3/ddos/dst/zone/'
def ddos_dst_zone(zone_name, ip_addr):
ddos_dst_zone_payload = {
"zone-list": [
"zone-list": [
{
"zone-name":zone_name,
"ip": [
{
"zone-name":zone_name,
"ip": [
{
"ip-addr":ip_addr
}
],
"operational-mode":"monitor",
"advertised-enable":1,
"zone-template": {
"logging":"cef-logger"
"ip-addr": ip_addr,
}
],
"operational-mode":"monitor",
"advertised-enable":1,
"zone-template": {
"logging":"cef-logger"
},
"log-enable":1,
"log-periodic":1,
"ip-proto": {
"proto-tcp-udp-list": [
{
"protocol":"tcp",
"drop-frag-pkt":1,
},
"log-enable":1,
"log-periodic":1,
"ip-proto": {
"proto-tcp-udp-list": [
{
"protocol":"udp",
"drop-frag-pkt":1,
}
],
"proto-name-list": [
{
"protocol":"icmp-v4",
"deny":1,
"detection-enable":1,
},
{
"protocol":"icmp-v6",
"deny":1,
"detection-enable":1,
}
]
},
"port": {
"zone-service-list": [
{
"port-num":20,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"protocol":"tcp",
"drop-frag-pkt":1,
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"protocol":"udp",
"drop-frag-pkt":1,
}
],
"proto-name-list": [
{
"protocol":"icmp-v4",
"deny":1,
"detection-enable":1,
},
{
"protocol":"icmp-v6",
"deny":1,
"detection-enable":1,
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
"port": {
"zone-service-other-list": [
{
"port-num":21,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"port-other":"other",
"protocol":"tcp",
"detection-enable":1,
"level-list": [
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"port-other":"other",
"protocol":"udp",
"detection-enable":1,
"level-list": [
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":22,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"udp":"udp-protect1"
},
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":25,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":53,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":53,
"protocol":"udp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"udp":"udp-protect1"
},
}
]
},
{
"port-num":80,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":110,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":143,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":443,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":587,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":993,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":995,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":5060,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":5061,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
}
}
]
],
"zone-service-other-list": [
{
"port-other":"other",
"protocol":"tcp",
"detection-enable":1,
"deny":1,
},
{
"port-other":"other",
"protocol":"udp",
"detection-enable":1,
"deny":1,
}
]
}
}
]
}
return ddos_dst_zone_payload

87
src/a10_plugin/json_configs/tps_base_config_json_v1.txt
View File

@ -3,7 +3,6 @@ a10-url:/axapi/v3/admin
"admin-list": [
{
"user":"admin",
"uuid":"57937c0c-06cb-11e6-86f7-000c2998bd62",
"password": {
"encrypted-in-module":"sCyT4priW1OZSg3m1RiAf0bOyZ0Odnf1rQRp+BHohemGp1YhW+V1NjwQjLjV2wDn",
}
@ -16,7 +15,7 @@ a10-url:/axapi/v3/multi-config
"multi-config": {
"enable":1,
}
}
}
a10-url:/axapi/v3/monitor
{
@ -36,16 +35,6 @@ a10-url:/axapi/v3/system
}
}
a10-url:/axapi/v3/class-list
{
"class-list-list": [
{
"name":"ddos-block",
"file":1,
}
]
}
a10-url:/axapi/v3/hostname
{
"hostname": {
@ -57,10 +46,10 @@ a10-url:/axapi/v3/interface/management
{
"management": {
"ip": {
"ipv4-address":"x.x.x.x",
"ipv4-netmask":"x.x.x.x",
"ipv4-address”:”x.x.x.x",
"ipv4-netmask”:”x.x.x.x",
"control-apps-use-mgmt-port":1,
"default-gateway":"x.x.x.x"
"default-gateway”:”x.x.x.x"
},
"action":"enable",
}
@ -73,9 +62,6 @@ a10-url:/axapi/v3/interface/ethernet
"ifnum":1,
"name":"Inbound",
"action":"enable",
"ddos": {
"inside":1,
}
},
{
"ifnum":2,
@ -114,7 +100,7 @@ a10-url:/axapi/v3/ddos/protection
}
a10-url:/axapi/v3/ddos/resource-tracking/cpu
{
{
"cpu": {
"enable":1,
}
@ -134,7 +120,7 @@ a10-url:/axapi/v3/ddos/zone-template/logging
a10-url:/axapi/v3/ddos/zone-template/tcp
{
"tcp-list": [
{
{
"name":"tcp-protect1",
"syn-authentication": {
"syn-auth-type":"send-rst",
@ -174,6 +160,17 @@ a10-url:/axapi/v3/ddos/src/default
]
}
a10-url:/axapi/v3/ddos/dst/default
{
"default-list": [
{
"default-address-type":"ip",
},
{
"default-address-type":"ipv6",
}
]
}
a10-url:/axapi/v3/logging/syslog
{
"syslog": {
@ -185,7 +182,9 @@ a10-url:/axapi/v3/logging/host/ipv4addr
{
"ipv4addr-list": [
{
"host-ipv4":"x.x.x.x",
"host-ipv4”:”x.x.x.x",
"use-mgmt-port":1,
"tcp":0,
}
]
}
@ -194,15 +193,15 @@ a10-url:/axapi/v3/router/bgp
{
"bgp-list": [
{
"as-number":2,
"as-number”:x,
"bgp": {
"log-neighbor-changes":1,
"router-id":"x.x.x.x"
"router-id”:”x.x.x.x"
},
"neighbor": {
"ipv4-neighbor-list": [
{
"neighbor-ipv4":"x.x.x.x",
"neighbor-ipv4”:”x.x.x.x",
"nbr-remote-as":1,
"description":"upstream",
"neighbor-route-map-lists": [
@ -214,7 +213,7 @@ a10-url:/axapi/v3/router/bgp
}
]
}
}
}
]
}
@ -234,14 +233,14 @@ a10-url:/axapi/v3/sflow/setting
"setting": {
"max-header":128,
"packet-sampling-rate":1000,
}
}
}
a10-url:/axapi/v3/sflow/collector/ip
{
"ip-list": [
{
"addr":"x.x.x.x",
"addr”:”x.x.x.x",
"port":6343,
"use-mgmt-port":1,
}
@ -251,10 +250,10 @@ a10-url:/axapi/v3/sflow/collector/ip
a10-url:/axapi/v3/sflow/agent/address
{
"address": {
"ip":"x.x.x.x",
"ip”:”x.x.x.x",
}
}
a10-url:/axapi/v3/sflow/sampling
{
"sampling": {
@ -266,33 +265,3 @@ a10-url:/axapi/v3/sflow/sampling
],
}
}
a10-url:/axapi/v3/vcs-vblades/stat
{
"stat-list": [
{
"vblade-id":1,
},
{
"vblade-id":2,
},
{
"vblade-id":3,
},
{
"vblade-id":4,
},
{
"vblade-id":5,
},
{
"vblade-id":6,
},
{
"vblade-id":7,
},
{
"vblade-id":8,
}
]
}

337
src/a10_plugin/json_configs/tps_zone_config_json_v1.txt
View File

@ -2,10 +2,10 @@ a10-url:/axapi/v3/ddos/dst/zone
{
"zone-list": [
{
"zone-name":"zone-x.x.x.x",
"zone-name”:"xxxx",
"ip": [
{
"ip-addr":"x.x.x.x"
"ip-addr”:”x.x.x.x"
}
],
"operational-mode":"monitor",
@ -40,9 +40,9 @@ a10-url:/axapi/v3/ddos/dst/zone
]
},
"port": {
"zone-service-other-list": [
"zone-service-list": [
{
"port-other":"other",
"port-num":20,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
@ -66,7 +66,103 @@ a10-url:/axapi/v3/ddos/dst/zone
]
},
{
"port-other":"other",
"port-num":21,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":22,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":25,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":53,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":53,
"protocol":"udp",
"detection-enable":1,
"level-list": [
@ -88,10 +184,239 @@ a10-url:/axapi/v3/ddos/dst/zone
},
}
]
},
{
"port-num":80,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":110,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":143,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":443,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":587,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":993,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":995,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":5060,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
},
{
"port-num":5061,
"protocol":"tcp",
"detection-enable":1,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
}
]
},
{
"level-num":"1",
"zone-template": {
"tcp":"tcp-protect1"
},
}
]
}
],
"zone-service-other-list": [
{
"port-other":"other",
"protocol":"tcp",
"detection-enable":1,
"deny":1,
},
{
"port-other":"other",
"protocol":"udp",
"detection-enable":1,
"deny":1,
}
]
}
}
]
}