PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : iptables log



isaac
28.12.02, 16:22
Hallo

ich habe mal ein fertiges skritp installiert welches so aussieht

Chain INPUT (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `INPUT INVALID '
DROP all -- anywhere anywhere state INVALID
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
MY_DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
MY_DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
MY_DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4661
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4662
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4663
ACCEPT udp -- anywhere anywhere state NEW udp dpt:4665
MY_REJECT all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `OUTPUT INVALID '
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
MY_REJECT all -- anywhere anywhere

Chain MY_DROP (7 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP '
DROP all -- anywhere anywhere

Chain MY_REJECT (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP '
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `DROP ICMP '
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER '
DROP icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable

und nun habe ich logs von der Firewall mit denen ich aber nichts anfangen kann.
Könnt mir jemand erklären was hier

Dec 28 16:09:56 localhost named[656]: listening on IPv4 interface ppp0, 213.6.3.x#53
Dec 28 16:10:51 localhost kernel: REJECT TCP IN=ppp0 OUT= MAC= SRC=61.99.127.151 DST=213.6.3.x LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=61337 DF PROTO=TCP SPT=3800 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 28 16:10:52 localhost kernel: REJECT TCP IN=ppp0 OUT= MAC= SRC=61.99.127.151 DST=213.6.3.x LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=61381 DF PROTO=TCP SPT=3800 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 28 16:10:53 localhost kernel: REJECT TCP IN=ppp0 OUT= MAC= SRC=61.99.127.151 DST=213.6.3.x LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=61399 DF PROTO=TCP SPT=3800 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 28 16:15:25 localhost kernel: REJECT UDP IN=ppp0 OUT= MAC= SRC=61.158.152.216 DST=213.6.3.x LEN=78 TOS=0x00 PREC=0x00 TTL=233 ID=39505 PROTO=UDP SPT=1025 DPT=137 LEN=58
Dec 28 16:20:08 localhost kernel: REJECT UDP IN=ppp0 OUT= MAC= SRC=213.6.4.56 DST=213.6.3.x LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=17615 PROTO=UDP SPT=1029 DPT=137 LEN=58

passiert. Meine IP habe ich mal mit einem x etwas getarnt.
nur der vorsicht halber. gg

vielen dannk issac

DaGrrr
28.12.02, 17:11
Original geschrieben von isaac
Dec 28 16:10:51 localhost kernel: REJECT TCP IN=ppp0 OUT= MAC= SRC=61.99.127.151 DST=213.6.3.x LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=61337 DF PROTO=TCP SPT=3800 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0


Wenn ich mich net vertue:

Datum & Uhrzeit ;)
Kernel weist ein Paket zurück
TCP zurückgewiesen
über ppp0
Source IP 61.99.127.151 an Ziel IP 213.6.3.x Länge 48
TOS?
PREEC?
Time To Live 114 Paketnummer 61337
Protokoll TCP
Sourceport 3800 an Zielport 1433

heisst:
Eine TCP Anfrage von der IP 61.99.127.151 mit Port 3800 wurde zurückgewiesen, die an 213.6.3.x Port 1433 gerichtet ist.
der Rest ?