Re: Giati exo firewall energopoihmeno (was: Re: iptables script + δυνατότητες)

Tue Oct 15 15:24:01 EEST 2002

>
>
>Opoiodhpote mhxanhma exei esto kai periodika sundesh me to Internet,
>kat' eme prepei na exei kapoio filtering sta paketa pou dexetai. 
>
Edo symfono mazi sou!

> To
>Internet den einai katholou filiko (pleon).  Paradeigma: prin apo miso
>lepto ekana dialup sundesh.  Xoris na exo kanenos eidous sxesh me ton
>sugkekrimeno ISP, mou kanei port scan ena mhxanhma apo kapoio ISP ths
>Boulgarias.  Giati?
>
Polloi einai oi logoi pou mporei na skeftei kaneis. An akouei o Rikoudis 
as parathesei merikous!

>  Den ksero.  An krino apo to pattern pou exoun ta
>ports pou paleuei na sundethei, mallon psaxnei gia open proxies.  Apo
>to sugkekrimeno IP address exo dextei ki alles fores scans.
>
>	# grep 'ipmon.*212.39.86.9' /var/log/messages | \
>	  awk '{print $1,$2}' | sort | uniq
>	Oct 15
>	Oct 4
>	Sep 27
>	Sep 28
>
>Oi portes pou kanei scan, me suxnothta emfanishs einai:
>
>	# grep 'ipmon.*212.39.86.9' /var/log/messages | \
>	  cut -d, -f3 | awk '{print $1}' | sort | uniq -c | sort
>	  30 25
>	  30 8080
>	  34 8000
>	  35 81
>	  36 3128
>	  64 1080
>	 146 80
>
>Mou moiazei polu gia kapoios pou dokimazei exploitz me to kilo, kai
>psaxnei gia open proxies h mhxanhmata pou na mporei na ta spasei
>eukola me kapoio prosfato bug.  Mia proth skepsh pou ekana htan oti
>isos autos na einai kapoios IRC server, alla den apantaei se kanena
>apo ta gnosta ports (6667, 7000, 10000).
>
>Tora tha mou peite "Nai ok, se kanei scan kai brhkes mallon giati.
>Kai ti katalabes tora?".  Mallon tipota.  Alla ola auta pou ekana den
>tha mporousa na ta kano an den eixa kapoio firewall, kai malista an
>den ekane log kapoia apo ola ta paketa pou petaei sto /dev/null.
>
Symfono apolyta. Apla to kako einia mikro gia enan dial-up xristi.
Ayto ithela na po. Tora gia packet filtering mixanismous eimai
apolyta symfonos mazi sou. Episis an trexeis kai to portsentry exei
megalyteri plaka pou vlepeis ksafnika ne ena netstat -rn na xreiazesai
ti voitheia tou more i whatever is your favorite pages ( px less )
kai episis ta entries sto /etc/hosts.deny einai idia se plithos

>Sumperasma: panta exei plaka na trexeis ena firewall kai na koitas ti
>sou grafei sta logs (an exeis arketo disko).
>  
>
Nia den diafono kai isos kai an trexeis kai kanenan snort exei akoma
megalyteri plaka. Opoios den to exei kanei as to kanei.
Aksizei ton kopo.