iptables script + δυνατότητες

[V13]

On Wednesday 16 October 2002 20:06, Alexandros Papadopoulos wrote:

> eela twra mhn eisai toso apolytos - mesw hijacked HTTP session (h ftp h
> to-agaphmeno-mas-protokollo-edw) mporei o bad-guy na kanei tunnel asxeta
> packeta pou den 8a 8elame pote na perasoun. Den mporoume na sthrixtoume
> sthn apolyth asfaleia twn RELATED / ESTABLISHED, opws ta katalabainei to
> netfilter.

An prospatheis na anakalypseis/ylopoihseis thn ypertati asfalia gia ena 
systima, katalabe oti to mono poy mporeis na petyxeis einai na piseis kapia 
stigmi ton eayto soy oti ta kataferes... 

An ayto poy theleis einai to:
o X xrisths enos systimatos na mporei na exei prosbash sto net mono meso ton Y 
ypiresion, tote mporeis na ylopoihseis ena fw policy sto opoio analoga me to 
uid epitrepeis kai katalili kinisi (p.x. to uid 1234 na mporei na kanei ftp).

An tora theleis na epitrepseis se sygkekrimena programmata na exoyn prosbasi 
sto net, mallon exases. Sto C2 epipedo den ginetai diakrisi kai diabathmisi 
sta dedomena kai sta programmata, opote den tithetai tetia periptosi. An 
theleis rikse mia matia sto orange book. Nomizo sto B2 orizetai kai h yparksi 
taytotitas/diabathmisis se dedomena. Mono me tin yparksi kati tetoioy tha 
mporoyse na ylopoihthei sosta ayto poy theleis...

An ayto soy fenetai aplo, rikse mia matia sthn ylopoihsh toy (katoteroy) B1 
apo thn SGI sto: http://oss.sgi.com/projects/ob1...

> -A
<<V13>>