Re: lug-bg: parvi stapki
- Subject: Re: lug-bg: parvi stapki
- From: bkrosnov@xxxxxxxxx (Boyan Krosnov)
- Date: Wed, 06 Sep 2000 14:38:00 +0300
Ne mojesh da otkriwash "istinskite" adresi na spoofnati paketi...
edinstweniq nachin da prosledish ataka prawena ot spoofnato ip e da se
obadish na dostawchika ti !po wreme! na samata ataka.
Ili koeto e po-dobre da im kajesh che ne iskash da poluchawash izobshto
paketi s source ili destination private mreji...
ys zdrawe,
Boyan
"ISM Kolemanov, Ivan" wrote:
>
> Problemat e kak i kakvo da instaliram i konfiguram,
> taka che da otkriva instinskite IPta ot spoofnati IP adressi ?
>
> >Neshto ne mi haresva kak ti e nastroen firewall-a, che i nagore po
> >tvoia ISP?? Kakyv e toia firewall, koito puska paketi ot 10.0.0.1????
> >
> >IMHO takiva paketi ot vynshnata mreza triabva vednaga da se DENY-vat.
> v log izvadkata se vizda che paketite pristigat na xl0 (internet vrazka
> i sa blockirani), b = block
>
> >Iskam da ti predloza da otidesh eto na tozi adres
> >http://www.linux-firewall-tools.com/linux/firewall/index.html
> >
> >i ako ti administrirash tozi firewall, da go configurirash nanovo.
> >Mislia, che po default ti generira pravila s koito takiva "faked"
> >paketi se razkarvat.
> S OpenBSD sam i IPFiltera smqtam sam go konfignal sravnitelno dobre
>
> >Znaniata mi stigat do tuka. Spored men triabva da se obadish i na
> >tvoia provider i da go pitash kak taka takiva paketi stigat do tebe.
> >Spored men tozi problem moze da se reshi samo sys sydeistvie na
> >providera. Tolkova ot men....
> >--JS
> tochno tova smqtam da napravq, mersi
>
> >PS. I si pomisli dali sluchaino niakoi ot localnata mreza ne ti igrae
> >niakakyv nomer. Samo predpolozenie....
> nqma shans te sa zad drugo PC :)
>
> On Wed, Sep 06, 2000 at 11:19:58AM +0200, ISM Kolemanov, Ivan wrote:
> |Snort report:
> |Sep 4 21:31:43 211.34.121.57:2429 -> my1st_DMZ-IP:21 SYN **S*****
> |...
> |Sep 4 21:31:43 211.34.121.57:2443 -> mylast_DMZ-IP:21 SYN **S*****
> |
> |Sep 5 14:35:02 10.0.0.1:21 -> my1st_DMZ-IP:21 SYNFIN **SF****
> |...
> |Sep 5 14:35:02 10.0.0.1:21 -> mylast_DMZ-IP:21 SYNFIN **SF****
> |
> |IPFilter log:
> |ipflog.0:Sep 5 14:26:23 tangra ipmon[31411]: 14:26:23.057576
> | xl0 @1:4 b 10.0.0.1,21 -> 255.255.255.255,21 PR tcp len 20 40 -SF IN
> |ipflog.0:Sep 5 14:26:23 tangra ipmon[31411]: 14:26:23.096216
> | xl0 @1:4 b 10.0.0.1,21 -> mygateIP,21 PR tcp len 20 40 -SF IN
> |ipflog.0:Sep 5 14:35:02 tangra ipmon[31411]: 14:35:02.038646
> | xl0 @1:4 b 10.0.0.1,21 -> my1st_DMZ-IP,21 PR tcp len 20 40 -SF IN
> |...
> |ipflog.0:Sep 5 14:35:05 tangra ipmon[31411]: 14:35:05.319257
> | xl0 @1:4 b 10.0.0.1,21 -> mylast_DMZ-IP,21 PR tcp len 20 40 -SF IN
> |
> ==================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx UNSUBSCRIBE LUG-BG
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
--
Boyan Kronsnov
Network Administrator
Lirex BG Ltd.
==================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx UNSUBSCRIBE LUG-BG
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|