Utok na firewall

[zend]

On Fri, 20 Jul 2001, Michal Rysavy wrote:

> Po zapnuti logovani iptables mi neustale vyskakuje v /etc/messages:
>
> "IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:07:14:70:08:00
> SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128
> ID=44373 PROTO=UDP SPT=68 DPT=67 LEN=308
> "IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:07:14:70:08:00
> SRC=192.168.1.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128
> ID=44629 PROTO=UDP SPT=68 DPT=67 LEN=308
> "IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:05:ef:b4:08:00
> SRC=10.0.0.2 DST=255.255.255.255 LEN=271 TOS=0x00 PREC=0x00 TTL=128 ID=3773
> PROTO=UDP SPT=68 DPT=67 LEN=251
> "IPTABLES-SPOOF:"IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:30:4f:05:ef:b4:08:00
> SRC=10.0.0.2 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=4029
> PROTO=UDP SPT=67 DPT=68 LEN=308

a take se vam tam obevuje broadcast z adresy 194.108.184.116 portu 68 na
255.255.255.255 port 67... jeste tam vyrvava nejaky NT server a mozna
jeste cosi dalsiho.

a pridam trocha cerne magie... IMO jste napojen bezdratem od contactelu a
antenu mate nasmerovanou na dejvicky vysilac... je to tak ? :)

> kde eth0 je vnejsi sitovka (do internetu), ip set 10.x.x.x a 192.168.x.x
> nikde nepouzivame a bootp tez nepouzivame (pouzivame dhcp a ip set
> 125.1.1.x).
> Z vnitrni site to urcite neni (vyzkouseno odpojeni vnitrni sitovky).
> Domnivam se, ze se jedna o utok, ale nejde mi do hlavy, jaktoze u bootp
nejedna se o utok, v podstate se jedna o strasne mizerne nastavene
widle... jejich schopnost propagovat do internetu cokoliv me taky dost
prekvapila

> pozadavku neni zdrojova adresa 0.0.0.0 a jaktoze router, ktery je pred
> firewallem, propusti tyto pakety (zdrojova adresa je vnitrnich siti a hlavne
> cilova je 255.255.255.255). Pokud by mi nekdo poradil, co se s tim da delat,
> budu vdecen.
zakazat veskere privatni site na vnejsim rozhrani(coz uz asi mate)

> S pozdravem Michal Rysavy

JZ