[ Home | Liste | F.A.Q. | Risorse | Cerca... ]


[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]


Archivio: openbsd@sikurezza.org
Soggetto: Re: strani pacchetti dalla telecom??!?!
Mittente: meo
Data: 21 Oct 2003 01:50:42 -0000
On Fri, Oct 17, 2003 at 10:07:21PM +0200, Francesco wrote:
> [...]
> bash-2.05b# tcpdump -vvv -n -i tun0 host 127.0.0.1
> tcpdump: listening on tun0
> 22:02:29.311281 127.0.0.1.80 > 80.181.xxx.xxx.1863: R [tcp sum ok] 0:0(0) ack 298319873 win 0 (ttl 126, id 23255)

ma non e' la tua macchina a mandare questi pacchetti...

> [...]
> bash-2.05b# pfctl -s rules
> @0 scrub in all fragment reassemble
> @1 block in log all
> @2 block out log all
> @3 pass in quick on rl1 all
> @4 pass in quick on rl0 all
> @5 pass in quick on lo0 all
> @6 pass out quick on rl1 all
> @7 pass out quick on rl0 all
> @8 pass out quick on lo0 all

... che matchano questa regola?

> @9 pass in quick on tun0 inet proto igmp from 192.168.100.1 to any allow-opts
> @10 pass in quick on tun0 inet proto pim from 192.168.100.1 to any allow-opts
> @11 pass in quick on tun0 inet proto ipv6 from xxx.xxx.xxx.xxx to any
> @12 pass out quick on tun0 inet proto ipv6 from any to xxx.xxx.xxx.xxx
> @13 block in log quick on tun0 inet from 255.255.255.255 to any
> @14 block in log quick on tun0 inet from 10.0.0.0/8 to any
> @15 block in log quick on tun0 inet from 172.16.0.0/12 to any
> @16 block in log quick on tun0 inet from 192.168.0.0/16 to any
> @17 block in log quick on tun0 inet from 127.0.0.0/8 to any
> 
> alla riga 17 non dovrebbe bloccare direttamente quei pacchetti in arrivo?
> Perche' non lo fa'? E soprattutto..... da dove vengono quei pacchetti?

questa regola, appunto, blocca i pacchetti in ingresso e non in uscita.

-- 
My reason tells me that land cannot be sold - nothing can be sold but
such  things as can be carried away.              Black Hawk, (Saulk)

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List




[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005