Fórum Ubuntu CZ/SK
Ubuntu pro osobní počítače => Obecná podpora => Téma založeno: Alexein 03 Srpna 2009, 19:31:27
-
Zdravim,
nainstaloval sem si Firestarter a ten mi neustálé hlásí Hit from XX.XXX.XX.XXX detected.
Je jich třeba padesát do minuty,pokaždý na jinym portu s tim,že je to služba Samba SMB.
Nevíte někdo o co jde?
díky.
-
uka vystup (staci chvili, jen par paketu) z ::
tcpdump -i <tvuj_nic> host XX.XXX.XX.XXX
ad.1) pokud za Xka schovavas adresu za natem, jako napriklad lokalni subnet typu c (192/24), tak misto uznani tveho vhledu do bezpecnostni problematiky vyvolas v tech dulezitejsich pripadech spise pousmani ;)
-
o to nejde,ale ta xx adresa je pokaždý jiná
-
uka vystup (staci chvili, jen par paketu) z ::
tcpdump -i <tvuj_nic> host XX.XXX.XX.XXX
ad.1) pokud za Xka schovavas adresu za natem, jako napriklad lokalni subnet typu c (192/24), tak misto uznani tveho vhledu do bezpecnostni problematiky vyvolas v tech dulezitejsich pripadech spise pousmani ;)
-
nejde mi to :-\
bash: laptop: No such file or directory
Nevim přesně co myslíš tím "<tvuj_nic>" ???
-
http://cs.wikipedia.org/wiki/Síťová_karta
tcpdump -i eth? host x.y.z.z
.. tcpdump si musis pripadne doinstalovat a patrne ho bude treba spustit jako root
-
mám z toho hlavu v pejru :)
tady screenshot: http://leteckaposta.cz/284699681
díky.
-
Mě už právě provider upozorňoval,že si mám pročistit kompa,že sem prej několikrát zahltil hlavní router s počtem 50 000 útoků během jednoho dne :-\
-
tak naposled ::
ukaz vystup z prikazu `tcpdump -i <tvuj_nic> udp`, tcpdump budes muset mozna nainstalovat (apt-get install tcpdump) a budes ho muset patrne spustit jako root (takze pouzijes sudo a nebo su)
-
Furt nevim,co myslíš tím "tvůj_nic",tak sem napsal "tcpdump -i eth0 udp" a vypisuje mi to úplná lejstra dat...
20:25:45.176845 IP ada.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 411
20:25:45.380909 IP ada.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 409
20:25:45.595402 IP ada.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 345
20:25:45.862509 IP Julie-PC.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 444
20:25:45.862876 IP6 fe80::282c:a4d6:eac:ffc2.1900 > ff02::c.1900: UDP, length 451
20:25:46.226560 IP ada.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 354
20:25:46.782752 IP Julie-PC.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 515
20:25:46.783828 IP6 fe80::282c:a4d6:eac:ffc2.1900 > ff02::c.1900: UDP, length 522
20:25:47.231360 IP ada.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 397
20:25:47.349323 IP Julie-PC.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 501
20:25:47.349572 IP6 fe80::282c:a4d6:eac:ffc2.1900 > ff02::c.1900: UDP, length 508
20:25:47.393326 IP Julie-PC.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 499
20:25:47.393663 IP6 fe80::282c:a4d6:eac:ffc2.1900 > ff02::c.1900: UDP, length 506
20:25:47.559346 IP Julie-PC.klfree.czf.1900 > 239.255.255.250.1900: UDP, length 487
20:25:47.559635 IP6 fe80::282c:a4d6:eac:ffc2.1900 > ff02::c.1900: UDP, length 494
20:25:50.054590 IP telefon.kucera.klfree.czf.1025 > 255.255.255.255.8225: UDP, length 11
20:25:53.125823 IP zuzulak.klfree.czf.netbios-dgm > 10.102.29.255.netbios-dgm: NBT UDP PACKET(138)
20:25:53.126108 IP laptop-laptop.klfree.czf.53903 > ap.domain: 17513+ PTR? 248.29.102.10.in-addr.arpa. (44)
20:25:53.126983 IP ap.domain > laptop-laptop.klfree.czf.53903: 17513* 1/2/2 (144)
20:25:54.597357 IP preves2.ave.klfree.czf.netbios-dgm > 10.102.29.255.netbios-dgm: NBT UDP PACKET(138)
20:25:55.055884 IP telefon.kucera.klfree.czf.1025 > 255.255.255.255.8225: UDP, length 11
20:25:56.597176 IP preves2.ave.klfree.czf.netbios-dgm > 10.102.29.255.netbios-dgm: NBT UDP PACKET(138)
20:25:57.677734 IP6 fe80::e545:4221:210:6421.546 > ff02::1:2.547: dhcp6 solicit
20:25:58.596996 IP preves2.ave.klfree.czf.netbios-dgm > 10.102.29.255.netbios-dgm: NBT UDP PACKET(138)
20:25:58.615408 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:25:58.768152 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:25:59.364529 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:25:59.517823 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:00.114442 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:00.267756 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:00.596828 IP preves2.ave.klfree.czf.netbios-dgm > 10.102.29.255.netbios-dgm: NBT UDP PACKET(138)
20:26:02.194897 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:02.235972 IP rewak-notebook.klfree.czf.1025 > 255.255.255.255.1947: UDP, length 40
20:26:02.596668 IP preves2.ave.klfree.czf.netbios-dgm > 10.102.29.255.netbios-dgm: NBT UDP PACKET(138)
20:26:02.857979 IP ntb.selatko.klfree.czf.1185 > 10.102.29.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:02.944289 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:03.694217 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:04.596786 IP preves2.ave.klfree.czf.netbios-ns > 10.102.29.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:26:04.597118 IP preves2.ave.klfree.czf.netbios-ns > 10.102.29.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:26:06.596204 IP preves2.ave.klfree.czf.netbios-ns > 10.102.29.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:26:08.596662 IP preves2.ave.klfree.czf.netbios-ns > 10.102.29.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:26:09.739364 IP brek.klfree.czf.58733 > 239.255.255.250.1900: UDP, length 133
20:26:09.864401 IP ip3.dolphin.klfree.czf.netbios-dgm > 10.102.15.191.netbios-dgm: NBT UDP PACKET(138)
20:26:09.864490 IP ip3.dolphin.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:09.864621 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:10.064911 IP telefon.kucera.klfree.czf.1025 > 255.255.255.255.8225: UDP, length 29
20:26:10.529513 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:10.595861 IP preves2.ave.klfree.czf.netbios-ns > 10.102.29.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
20:26:10.605084 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:10.613871 IP ip3.dolphin.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:11.278534 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:11.355019 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:11.363793 IP ip3.dolphin.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:12.028473 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:12.105481 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:12.716127 IP jarda54.klfree.czf.netbios-dgm > 10.102.15.191.netbios-dgm: NBT UDP PACKET(138)
20:26:12.739763 IP brek.klfree.czf.58733 > 239.255.255.250.1900: UDP, length 133
20:26:12.854911 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:12.873803 IP ada.klfree.czf.1035 > 224.0.0.253.3544: UDP, length 40
20:26:12.874210 IP laptop-laptop.klfree.czf.46845 > ap.domain: 65334+ PTR? 253.0.0.224.in-addr.arpa. (42)
20:26:12.897227 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:12.906840 IP ap.domain > laptop-laptop.klfree.czf.46845: 65334 NXDomain 0/1/0 (100)
20:26:13.604862 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:13.646510 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:14.113889 IP ip3.dolphin.klfree.czf.netbios-dgm > 10.102.15.191.netbios-dgm: NBT UDP PACKET(138)
20:26:14.113944 IP ip3.dolphin.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:14.355147 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:14.396431 IP CELERON.klfree.czf.netbios-ns > 10.102.15.95.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:14.863569 IP ip3.dolphin.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:15.104728 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:15.613533 IP ip3.dolphin.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
20:26:15.742003 IP brek.klfree.czf.58733 > 239.255.255.250.1900: UDP, length 133
20:26:15.854672 IP jarda54.klfree.czf.netbios-ns > 10.102.15.191.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
-
hmm. vsechno to jsou udp broadcasty, tzv. netbios discovery ..
z vypisu soudim, ze jsi pripojenej primo (bez routeru) do klfree site a to neni moc dobrej napad, dale je videt, ze mas aktivni i ipv6 adresu, takze pokud nepouzivas ipv6 tak to vypni a ..
uzavirej priste vypis zde na foru do tagu quote a nebo code ..
ukaz mi schvalne vypis z `iptables -L` a z `nmap -vv -sT -P0 <adresa_tveho_vnejsiho_rozhrani>`
-
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ap anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ap anywhere
ACCEPT tcp -- ns2.klfree.czf anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns2.klfree.czf anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- laptop-laptop.klfree.czf ap tcp dpt:domain
ACCEPT udp -- laptop-laptop.klfree.czf ap udp dpt:domain
ACCEPT tcp -- laptop-laptop.klfree.czf ns2.klfree.czf tcp dpt:domain
ACCEPT udp -- laptop-laptop.klfree.czf ns2.klfree.czf udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST reject-with icmp-port-unreachable
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Je fakt,že když sem jel přes svůj router,tak sem takový problémy neměl.
Mimochodem,co je ipv6?
-
Starting Nmap 4.76 ( http://nmap.org ) at 2009-08-03 20:47 CEST
Failed to resolve given hostname/IP: eth0. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Read data files from: /usr/share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.24 seconds
root@laptop-laptop:/home/laptop#
-
Failed to resolve given hostname/IP: eth0. Note that you can't use
WARNING: No targets were specified, so 0 hosts scanned.
^^^ dyk ti to pise co je spatne !! tam nemelo bey eth0, ale tak jak jsem psal adresa rozhrani ..
.. jinak ten firewall je pekne mizernej, doporucuji vymenit .. a taky vubec nechapu, proc tam mas povoleno source *klfree* ..
-
source *klfree* ?
o co jde?
-
Já si vážim toho,ře mi radíš,ale měl bys pochopit,že mám linux teprv krátce.Právě i z důvodu bezpečnosti,sem vyměnil widle za ubuntu.takže tak...