RE: lug-bg: iptables log/ulog scenario
- Subject: RE: lug-bg: iptables log/ulog scenario
- From: ndelev@xxxxxxxxx (Niki Delev)
- Date: Wed, 10 Oct 2001 03:06:16 -0700 (PDT)
--- Boyan Krosnov <bkrosnov@xxxxxxxx> wrote:
> paket za zatwawqne na wryzka ot port 80 do nqkakyv
> visok port
> znachi e imalo tcp connection m/u twoeto ip:32898 i
> 10.6.6.24:80.
> primerno ako si se dialupnal predi po-malko ot 15
> minuti moje predishniq
> chowek na towa ip da e imal connection.
tatichno ip
> ili stawa nqkakwa druga prostotiq koqto w momenta ne
> moga da si
> predstawq.
>
v interes na istinata imam edin dummy0 interface
za malko testove s iproute2/nat:
4: dummy0: <BROADCAST,NOARP,ALLMULTI,UP> mtu 1500
qdisc noqueue
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/32 brd 10.255.255.255 scope global
dummy0
inet6 fe80::200:ff:fe00:0/10 scope link
no niamashe Nikakyv transfer kym/ot nego:
pkts bytes target prot opt in out source
destination
0 0 MASQUERADE all -- * ppp+
10.0.0.0/24 0.0.0.0/0
pkts 0
rx/tx 0
mislia che imah samo edin alive connection kym
linuxtoday.com.
> 10.6.6.24 e chast ot 10.0.0.0/8 koeto spored
> ljubimoto im rfc 1918 e
> edin ot blokowete adresi zadeleni za chastni celi.
tochno taka
> providera ti ili nqkoj negow klient moje da polzwa
> takiwa adresi. I se
> schita za bug w providera che ne se e setil da
> filtrira takiwa adresi
> kym/ot klientite si.
hmm, tova ne znam dali izdyrja; sledva che i
drugia isp e propusnal ;)
malko tracepath log:
1?: [LOCALHOST] pmtu 1500
1: Varna3.BG.EU.net (193.68.0.132)
1659.321ms
1: Varna3.BG.EU.net (193.68.0.132)
2446.534ms
2: Varna1.BG.EU.net (193.68.0.130)
1680.679ms
2: Varna1.BG.EU.net (193.68.0.130)
2492.860ms
3: Sofia5.BG.EU.net (193.68.0.172)
2210.116ms
3: Sofia5.BG.EU.net (193.68.0.172)
3002.396ms
3: Sofia5.BG.EU.net (193.68.0.172)
3702.124ms
4: Sofia9.BG.EU.net (193.68.0.183)
2222.079ms
4: Sofia9.BG.EU.net (193.68.0.183)
3022.461ms
4: Sofia9.BG.EU.net (193.68.0.183)
3192.193ms
5: NO-NIT-TN-7.taide.net (193.219.192.7)
asymm 4 2750.149ms
5: NO-NIT-TN-7.taide.net (193.219.192.7)
asymm 4 3572.421ms
5: NO-NIT-TN-7.taide.net (193.219.192.7)
asymm 4 4292.084ms
6: NO-NIT-TN-6.taide.net (193.219.193.136)
asymm 5 2224.483ms
6: NO-NIT-TN-6.taide.net (193.219.193.136)
asymm 5 3002.450ms
6: NO-NIT-TN-6.taide.net (193.219.193.136)
asymm 5 3722.375ms
7: POS1-0-0.GW2.OSL1.ALTER.NET (146.188.32.25)
asymm 6 2740.857ms
7: POS1-0-0.GW2.OSL1.ALTER.NET (146.188.32.25)
asymm 6 5060.428ms
7: POS1-0-0.GW2.OSL1.ALTER.NET (146.188.32.25)
asymm 6 5870.403ms
8: so-0-1-1.XR1.OSL1.Alter.Net (146.188.12.41)
2730.473ms
8: so-0-1-1.XR1.OSL1.Alter.Net (146.188.12.41)
2930.398ms
8: so-0-1-1.XR1.OSL1.Alter.Net (146.188.12.41)
2620.371ms
9: so-4-2-0.TR1.STK2.Alter.Net (146.188.15.61)
2209.644ms
9: so-4-2-0.TR1.STK2.Alter.Net (146.188.15.61)
2930.280ms
9: so-4-2-0.TR1.STK2.Alter.Net (146.188.15.61)
3730.249ms
10: so-5-0-0.IR1.DCA4.Alter.Net (146.188.5.245)
2750.476ms
10: so-5-0-0.IR1.DCA4.Alter.Net (146.188.5.245)
3470.409ms
10: so-5-0-0.IR1.DCA4.Alter.Net (146.188.5.245)
4280.403ms
11: so-1-0-0.IR1.DCA6.Alter.Net (146.188.13.37)
2750.414ms
11: so-1-0-0.IR1.DCA6.Alter.Net (146.188.13.37)
3480.467ms
11: so-1-0-0.IR1.DCA6.Alter.Net (146.188.13.37)
3750.394ms
12: 0.so-0-0-0.TR1.DCA6.ALTER.NET (152.63.9.210)
2729.743ms
12: 0.so-0-0-0.TR1.DCA6.ALTER.NET (152.63.9.210)
3480.414ms
12: 0.so-0-0-0.TR1.DCA6.ALTER.NET (152.63.9.210)
4290.367ms
13: 0.so-3-0-0.XR1.DCA6.ALTER.NET (152.63.11.98)
2730.398ms
13: 0.so-3-0-0.XR1.DCA6.ALTER.NET (152.63.11.98)
3490.393ms
13: 0.so-3-0-0.XR1.DCA6.ALTER.NET (152.63.11.98)
4290.385ms
14: 0.so-2-1-0.XL1.DCA6.ALTER.NET (152.63.38.85)
2189.747ms
14: 0.so-2-1-0.XL1.DCA6.ALTER.NET (152.63.38.85)
asymm 13 2910.367ms
14: 0.so-2-1-0.XL1.DCA6.ALTER.NET (152.63.38.85)
3210.329ms
15: POS6-0.BR4.DCA6.ALTER.NET (152.63.41.229)
asymm 14 2719.748ms
15: POS6-0.BR4.DCA6.ALTER.NET (152.63.41.229)
asymm 14 4560.433ms
15: POS6-0.BR4.DCA6.ALTER.NET (152.63.41.229)
asymm 14 4780.391ms
16: 204.255.169.98 (204.255.169.98)
asymm 15 2719.767ms
16: 204.255.169.98 (204.255.169.98)
asymm 15 4530.377ms
16: 204.255.169.98 (204.255.169.98)
asymm 15 4740.319ms
17: wdc-core-03.inet.qwest.net (205.171.24.69)
asymm 16 2749.641ms
17: wdc-core-03.inet.qwest.net (205.171.24.69)
asymm 16 2940.357ms
17: wdc-core-03.inet.qwest.net (205.171.24.69)
asymm 16 2180.335ms
18: dca-core-03.inet.qwest.net (205.171.8.213)
2179.757ms
18: dca-core-03.inet.qwest.net (205.171.8.213)
3480.380ms
18: dca-core-03.inet.qwest.net (205.171.8.213)
3740.360ms
19: ewr-core-01.inet.qwest.net (205.171.5.19)
asymm 18 2189.723ms
19: ewr-core-01.inet.qwest.net (205.171.5.19)
asymm 18 3480.353ms
19: ewr-core-01.inet.qwest.net (205.171.5.19)
asymm 18 3710.443ms
20: ewr-cntr-01.inet.qwest.net (205.171.17.146)
asymm 19 2231.687ms
20: ewr-cntr-01.inet.qwest.net (205.171.17.146)
asymm 19 3490.336ms
20: ewr-cntr-01.inet.qwest.net (205.171.17.146)
asymm 19 4290.398ms
21: msfc-22.ewr.qwest.net (63.146.100.34)
2719.894ms
21: msfc-22.ewr.qwest.net (63.146.100.34)
asymm 20 4570.394ms
21: msfc-22.ewr.qwest.net (63.146.100.34)
5370.395ms
22: no reply
23?: 208.45.131.118 (208.45.131.118)
asymm 21 !H
Resume: pmtu 1500
- ND
>
> BR,
> Boyan
>
> > -----Original Message-----
> > From: Niki Delev [mailto:ndelev@xxxxxxxxx]
> > Sent: Wednesday, October 10, 2001 12:10 PM
> > To: lug-bg@xxxxxxxxxxxxxxxxxx
> > Subject: lug-bg: iptables log/ulog scenario
> >
> >
> > abe hora, niakoi vijdal li e takova neshto:
> >
> > Oct 9 22:48:04 saphead kernel: IN=ppp0 OUT= MAC=
> > SRC=10.6.6.24 DST=myip LEN=568 TOS=0x00 PREC=0x00
> > TTL=42 ID=26365 DF PROTO=TCP SPT=80 DPT=32898
> > WINDOW=6432 RES=0x00 ACK PSH FIN URGP=0
> >
> > SRC=10.6.6.24 ??
> >
> > tova e log ot netfilter/ipt, syshtoto idva i ot
> ulogd.
> > niamam lan, 100% ne e spoofed source-a. navyn imam
> > route, pri traceroute/tracepath do vynshen host
> niama
> > 10.x.x.x neshta. idei!?
> >
> > - ND
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Make a great connection at Yahoo! Personals.
> > http://personals.yahoo.com
> >
>
==============================================================
> > =============
> > A mail-list of Linux Users Group - Bulgaria
> (bulgarian linuxers)
> > http://www.linux-bulgaria.org/ Hosted by Internet
> Group Ltd.
> > - Stara Zagora
> >
>
===========================================================================
> A mail-list of Linux Users Group - Bulgaria
> (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet
> Group Ltd. - Stara Zagora
__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|