Twoje PC  
Zarejestruj się na Twoje PC
TwojePC.pl | PC | Komputery, nowe technologie, recenzje, testy
B O A R D
   » Board
 » Zadaj pytanie
 » Archiwum
 » Szukaj
 » Stylizacja

 
M E N U
  0
 » Nowości
0
 » Archiwum
0
 » Recenzje / Testy
0
 » Board
0
 » Rejestracja
0
0
 
Szukaj @ TwojePC
 

w Newsach i na Boardzie
 
OBECNI NA TPC
 
 » Syzyf 18:58
 » jablo 18:54
 » JE Jacaw 18:53
 » DYD 18:49
 » dugi 18:49
 » yanix 18:46
 » kombajn4 18:43
 » @GUTEK@ 18:37
 » Wedrowiec 18:36
 » Raist 18:33
 » zbiggy 18:32
 » Lucullus 18:31
 » Artaa 18:30
 » rainy 18:29
 » DJopek 18:28
 » Liu CAs 18:27
 » Master/Pe 18:22
 » Robak 18:20
 » Bergerac 18:18
 » Zbyszek.J 18:18

 Dzisiaj przeczytano
 41138 postów,
 wczoraj 25974

 Szybkie ładowanie
 jest:
włączone.

 
ccc
TwojePC.pl © 2001 - 2024
A R C H I W A L N A   W I A D O M O Ś Ć
    

/Bogus flag probe test/ Co pare dni Zapora MKS_VIR'a wykrywa.. , coolman 1/04/07 17:23
..mi taki atak sieciowy. Podobno jest to sprawdzanie rodzaju systemu operacyjnego, martwic sie ?

http://jet.blog.pl

  1. CHECKFLAG , RusH 1/04/07 19:00
    rasz@capek:~$ cat /etc/init.d/firewall
    #################################################################################
    #
    # IPTABLES Firewall v 0.86
    # by
    #
    # Small parts from http://members.optusnet.com.au/~technion/
    # and some tutorials

    #!/bin/sh

    # This is the location of the iptables command
    IPTABLES="/sbin/iptables"


    case "$1" in
    stop)
    echo "Shutting down firewall..."
    $IPTABLES -F
    $IPTABLES -F -t mangle
    $IPTABLES -F -t nat
    $IPTABLES -X
    $IPTABLES -X -t mangle
    $IPTABLES -X -t nat

    $IPTABLES -P INPUT ACCEPT
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -P FORWARD ACCEPT
    echo "...done"
    ;;
    status)
    echo $"Table: filter"
    iptables --list
    echo $"Table: nat"
    iptables -t nat --list
    echo $"Table: mangle"
    iptables -t mangle --list
    ;;
    restart|reload)
    $0 stop
    $0 start
    ;;
    start)
    echo "Starting Firewall..."
    echo ""


    ##--------------------------Begin Firewall---------------------------------##


    #----Default-Interfaces-----#

    ## Default external interface (used, if EXTIF isn't specified on command line)
    #DEFAULT_EXTIF="ppp0"

    ## Default internal interface (used, if INTIF isn't specified on command line)
    #DEFAULT_INTIF="eth0"


    #----Special Variables-----#

    # IP Mask for all IP addresses
    UNIVERSE="0.0.0.0/0"

    # Specification of the high unprivileged IP ports.
    UNPRIVPORTS="1024:65535"

    # Specification of X Window System (TCP) ports.
    #XWINPORTS="6000:6063"

    # Ports for IRC-Connection-Tracking
    #IRCPORTS="6665,6666,6667,6668,6669,7000"


    #-----Port-Forwarding Variables-----#

    #For port-forwarding to an internal host, define a variable with the appropriate
    #internal IP-Address here and take a look at the port-forwarding sections in the FORWARD +
    #PREROUTING-chain:

    #These are examples, uncomment to activate

    #IP for forwarded Battlecom-traffic
    #BATTLECOMIP="192.168.0.5"

    #IP for forwarded HTTP-traffic
    #HTTPIP="192.168.0.20"


    #----Flood Variables-----#

    # Overall Limit for TCP-SYN-Flood detection
    TCPSYNLIMIT="5/s"
    # Burst Limit for TCP-SYN-Flood detection
    TCPSYNLIMITBURST="10"

    # Overall Limit for Loggging in Logging-Chains
    #LOGLIMIT="2/s"
    # Burst Limit for Logging in Logging-Chains
    #LOGLIMITBURST="10"

    # Overall Limit for Ping-Flood-Detection
    PINGLIMIT="5/s"
    # Burst Limit for Ping-Flood-Detection
    PINGLIMITBURST="10"

    #----Automatically determine infos about involved interfaces-----#

    ### External Interface:

    EXTIF="eth0"

    #----Load IPTABLES-modules-----#

    #Insert modules- should be done automatically if needed

    #If the IRC-modules are available, uncomment them below

    echo "Loading IPTABLES modules"

    dmesg -n 1 #Kill copyright display on module load
    /sbin/modprobe ip_tables
    /sbin/modprobe iptable_filter
    /sbin/modprobe ip_conntrack
    /sbin/modprobe ip_conntrack_ftp
    dmesg -n 6

    echo " --- "


    #----Clear/Reset all chains-----#

    #Clear all IPTABLES-chains

    #Flush everything, start from scratch
    $IPTABLES -F
    $IPTABLES -F -t mangle
    $IPTABLES -F -t nat
    $IPTABLES -X
    $IPTABLES -X -t mangle
    $IPTABLES -X -t nat

    #Set default policies to DROP
    $IPTABLES -P INPUT DROP
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -P FORWARD DROP


    #----Set network sysctl options-----#


    echo "Setting sysctl options"

    #Enable forwarding in kernel
    #echo 1 > /proc/sys/net/ipv4/ip_forward

    #Disabling IP Spoofing attacks.
    echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter

    #Don't respond to broadcast pings (Smurf-Amplifier-Protection)
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

    #Block source routing
    echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

    #Kill timestamps
    echo 0 > /proc/sys/net/ipv4/tcp_timestamps

    #Enable SYN Cookies
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies

    #Kill redirects
    echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

    #Enable bad error message protection
    echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

    #Log martians (packets with impossible addresses)
    #echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

    #Set out local port range
    echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range

    #Reduce DoS'ing ability by reducing timeouts
    echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
    echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time
    echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
    echo 0 > /proc/sys/net/ipv4/tcp_sack


    echo " --- "
    echo "Creating user-chains"


    #log
    $IPTABLES -N Loog
    # $IPTABLES -A Loog -j LOG --log-prefix "fp=loog:1 a=DROP "
    $IPTABLES -A Loog -j DROP

    #Logging of possible TCP-SYN-Floods
    $IPTABLES -N LSYNFLOOD
    # $IPTABLES -A LSYNFLOOD -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "fp=SYNFLOOD:1 a=DROP "
    $IPTABLES -A LSYNFLOOD -j DROP

    #Logging of possible Ping-Floods
    $IPTABLES -N LPINGFLOOD
    # $IPTABLES -A LPINGFLOOD -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "fp=PINGFLOOD:1 a=DROP "
    $IPTABLES -A LPINGFLOOD -j DROP

    #TCP-Packets with one ore more bad flags
    $IPTABLES -N LBADFLAG
    # $IPTABLES -A LBADFLAG -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "fp=BADFLAG:1 a=DROP "
    $IPTABLES -A LBADFLAG -j DROP



    #----Create Accept-Chains-----#


    #TCPACCEPT - Check for SYN-Floods before letting TCP-Packets in

    $IPTABLES -N TCPACCEPT
    $IPTABLES -A TCPACCEPT -p tcp --syn -m limit --limit $TCPSYNLIMIT --limit-burst $TCPSYNLIMITBURST -j ACCEPT
    $IPTABLES -A TCPACCEPT -p tcp --syn -j LSYNFLOOD
    $IPTABLES -A TCPACCEPT -p tcp ! --syn -j ACCEPT

    #----Create special User-Chains-----#

    #CHECKFLAG - Kill any Inbound/Outbound TCP-Packets with impossible flag-combinations (Some port-scanners use these, eg. nmap Xmas,Null,etc.-scan)

    $IPTABLES -N CHECKFLAG
    $IPTABLES -A CHECKFLAG -p tcp --tcp-flags ALL FIN,URG,PSH -j LBADFLAG
    $IPTABLES -A CHECKFLAG -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LBADFLAG
    $IPTABLES -A CHECKFLAG -p tcp --tcp-flags ALL ALL -j LBADFLAG
    $IPTABLES -A CHECKFLAG -p tcp --tcp-flags ALL NONE -j LBADFLAG
    $IPTABLES -A CHECKFLAG -p tcp --tcp-flags SYN,RST SYN,RST -j LBADFLAG
    $IPTABLES -A CHECKFLAG -p tcp --tcp-flags SYN,FIN SYN,FIN -j LBADFLAG



    #ICMP/TRACEROUTE FILTERING


    #Inbound ICMP/Traceroute

    $IPTABLES -N ICMP_IN

    #Ping Flood protection. Accept $PINGLIMIT echo-requests/sec, rest will be logged/dropped
    $IPTABLES -A ICMP_IN -p icmp --icmp-type echo-request -m limit --limit $PINGLIMIT --limit-burst $PINGLIMITBURST -j ACCEPT

    $IPTABLES -A ICMP_IN -p icmp --icmp-type echo-request -j DROP

    #Block ICMP-address-mask (can help to prevent OS-fingerprinting)
    $IPTABLES -A ICMP_IN -p icmp --icmp-type address-mask-request -j DROP
    $IPTABLES -A ICMP_IN -p icmp --icmp-type address-mask-reply -j DROP

    #Allow all other ICMP in
    $IPTABLES -A ICMP_IN -p icmp -j ACCEPT

    #----End User-Chains-----#



    echo " --- "


    #----Start Ruleset-----#

    echo "Implementing firewall rules..."


    #################
    ## INPUT-Chain ## (everything that is addressed to the firewall itself)
    #################


    ##GENERAL Filtering

    # Kill INVALID packets (not ESTABLISHED, RELATED or NEW)
    $IPTABLES -A INPUT -m state --state INVALID -j DROP

    # Check TCP-Packets for Bad Flags
    $IPTABLES -A INPUT -p tcp -j CHECKFLAG

    $IPTABLES -A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
    $IPTABLES -A INPUT -d 224.0.0.1 -j DROP

    ##Packets FROM FIREWALL-BOX ITSELF

    #Local IF
    $IPTABLES -A INPUT -i lo -j ACCEPT

    ##Packets FROM EXTERNAL NET

    ##ICMP & Traceroute filtering

    #Filter ICMP
    $IPTABLES -A INPUT -i $EXTIF -p icmp -j ICMP_IN

    ##Public services running ON FIREWALL-BOX (comment out to activate):

    # ftp-data
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 20 -j TCPACCEPT

    # ftp
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 21 -j TCPACCEPT

    # ssh
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 22 -j TCPACCEPT

    #telnet
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 23 -j TCPACCEPT

    # smtp
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 25 -j TCPACCEPT

    # torrent
    $IPTABLES -A INPUT -i $EXTIF -p tcp --dport 31618 -j TCPACCEPT
    $IPTABLES -A INPUT -i $EXTIF -p udp --dport 31618 -j ACCEPT

    $IPTABLES -A INPUT -i $EXTIF -p tcp --dport 4662 -j TCPACCEPT
    $IPTABLES -A INPUT -i $EXTIF -p udp --dport 4662 -j ACCEPT

    # http
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 80 -j TCPACCEPT

    # https
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 443 -j TCPACCEPT

    # POP-3
    #$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 110 -j TCPACCEPT



    ##Allow ESTABLISHED/RELATED connections in

    $IPTABLES -A INPUT -i $EXTIF -m state --state ESTABLISHED -j ACCEPT
    $IPTABLES -A INPUT -i $EXTIF -p tcp --dport $UNPRIVPORTS -m state --state RELATED -j TCPACCEPT
    $IPTABLES -A INPUT -i $EXTIF -p udp --dport $UNPRIVPORTS -m state --state RELATED -j ACCEPT

    ##Catch all rule

    $IPTABLES -A INPUT -j DROP


    #------End Ruleset------#

    echo "...done"
    echo ""


    echo "--> IPTABLES firewall loaded/activated <--"


    ##--------------------------------End Firewall---------------------------------##



    ;;
    *)
    echo "Usage: firewall (start|stop|restart|status) EXTIF INTIF"
    exit 1
    esac

    exit 0



    lancuch CHECKFLAG, dzinnie jakies 10 hitow, mozesz tego swojego MKSa zasadzic w rowek osoby, ktora go kupila do firmy, bo ZMNIEJSZA produktywnosc celem szerzenia FUD i promowania sie jako zbawiciela w oczach (l)uzerow.

    I fix shit
    http://raszpl.blogspot.com/

  2. _______ , coolman 3/04/07 00:48
    eeeeeee :| o co chodzi ?! Co to za prog..mozesz jasniej pisac ? Panowie o co mu chodzi ? :D

    http://jet.blog.pl

    1. no wlasnie o to chodzi , RusH 3/04/07 01:28
      ze jak nie masz pojecia to placisz za mks vira .. i nadal nie masz pojecia, ale jestes biedniejszy

      I fix shit
      http://raszpl.blogspot.com/

    
All rights reserved ® Copyright and Design 2001-2024, TwojePC.PL