Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

Re: lug-bg: Prelude + block incomming

Subject: Re: lug-bg: Prelude + block incomming
From: danchev@xxxxxxxxx (George Danchev)
Date: Wed, 30 Jan 2002 15:08:42 +0200



On Wednesday 30 January 2002 14:11, you wrote:
> Zdraveite,
>   Ot izvestno vreme experimentiram s Prelude intrusion detector.
>   Za sazhelenie toi bylva samo danni, a ne zablokira hostovete, koito
> izprashtat loshite paketi i zaiavki kym syotv. port. Iska mi se da
> moga da izpolzvam IPTABLES za da moga da zabraniavam dostyp-a
> na IP-ta izlychvateli na malformed packeti kam moiata mrezha.
>
>   Za celta e nuzhno da se "podsluhsva" faila chrez tail -f i vsiaka
> nova promiana sa se podava na grep, koito da vzima amo redove
> sadarzhashti "Ip hdr" sled tova e nuzhno da se podade na awk, taka
> che da se izvadi IP adresa na nashestvenika v selektirania red
> (toi e pyrvi v tozi red):
> Ip hdr    : 62.224.248.104 -> 62.44.103.58
> [hl=20,version=4,tos=22,len=137,id=220,ttl=114]
>
> eto tuk shte se nalozhi 62.224.248.104 da se izvadi ot reda i da se
> podade na IPTABLES kato iptables -A FORWARD -s Ip_adres -j DROP.
>   Obache udriam na kamak.. iasno e, che ot tail -f shte predam potoka na
> grep i shte polucha nuzhnia red, no ottam natatak ne znam kak da deistvam.
> t.e. ne znam kak da podam potoka poluchen ot tail -f i grep kym awk, da
> polucha samo liavostoiashti IP adres i da go podam na IPTABLES...
>
>    Niakoi ima li idei?

ako sym te razbral pravilno pyrviq IP ste go izvadidsh s nesto ot sorta na:
(tova ako si siguren 4e ste e 4-ta kolona vinagi)
......| grep "Ip hdr" | awk '{print $4}'

ili:
(vadish sydurzhanieto mezhdu ograni4itelite ":"  i  "->" )
......| grep "Ip hdr" | awk -F "->" '{print $1}' |cut -d : -f2
ili:
..... | grep "Ip hdr" | cut -d : -f2 | awk -F "->" '{print $1}'

i po natatyk pipe-a prodlzhava ... ili sybirash  IP-tata v file i posle s 
edin  for i in `cat file` ; do .... gi podavash na iptables .... malko 
fantaziq i gotovo :) 

P.S. just Fast&Dirty, not tested at all !


-- 
Greets,
fr33zb1
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

Относно:
- lug-bg: Prelude + block incomming
  - Изпратено от: vlk@xxxxxxxxxxxxxxxxx (Vesselin Kolev)

Предишно по дата: Re: lug-bg: trustix 1.5 + XFree86 4.1.0
Следващо по дата: Re: lug-bg: BIND 9.1.3 reverse records
Предишно по тема: lug-bg: Prelude + block incomming
Следващо по тема: lug-bg: Encrypted File System
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG