WhiteBox 3.0. - openssh

Ing. Pavel Janousek Janousek na FoNet.Cz
Úterý Únor 24 11:51:41 CET 2004


> -----Original Message-----
> From: Pavel Kankovsky [mailto:peak na argo.troja.mff.cuni.cz] 
> On Thu, 19 Feb 2004, Ing. Pavel Janousek wrote:
> 
> > 	Uz podruhe se mi stalo, ze stroj, na kterem je tato distribuce
> > provozovana po nejake dobe - odhadem tyden - reaguje tak, 
> ze nereaguje,
> > ncmene port 22 je binduty (zadne connection refused se 
> nekona) - kdyz se
> > snazim neco protlacit pomoci SCP skonci to s
> > "ssh_exchange_identification: read: Connection reset by 
> peer". Kdyz se
> > snazim o telnet IP 22, nedostanu odpoved (*), ale telnet drzi do
> > nekonecna (proc!?).
> 
> To je dosti zajimava diskrepance, protoze telnet i scp se 
> proste pripoji
> a cekaji, nez druha strana neco posle.

	Mam pocit, ze CTT dela neco velmi hnusneho a nekaleho po ceste
(drop casti komunikace) - viz vypis. Muj pocit je, ze zamerne blokuje
prijem ACK na 194.108.199.2, protoze ten host to po timeoutu posila
porad dokola a 192.168.0.10 mi to porad potvrzuje a dal se nedostanou -
je to tak (viz take id u Seq a Ack)?

> Je cas zacit zkoumat pakety...

	No SSH protokol vnitrne neznam, ale mam dojem, ze k takove vyssi
divci komunikaci uz nema sanci dojit...

	Výpis - iniciovano na 192.168.0.10 klasickym zpusobem - ssh
194.108.199.2

[root na server root]# tethereal -n -x ip src or dst 194.108.199.2
Capturing on eth0
  0.000000 192.168.0.10 -> 194.108.199.2 TCP 43972 > 22 [SYN]
Seq=1529878028 Ack=0 Win=5840 Len=0

0000  00 30 4f 14 76 4c 00 30 4f 1d 94 d9 08 00 45 00   .0O.vL.0O.....E.
0010  00 3c f2 45 40 00 40 06 fe 54 c0 a8 00 0a c2 6c   .<.E na .@..T.....l
0020  c7 02 ab c4 00 16 5b 30 16 0c 00 00 00 00 a0 02   ......[0........
0030  16 d0 fe ec 00 00 02 04 05 b4 04 02 08 0a e6 c7   ................
0040  e4 49 00 00 00 00 01 03 03 00                     .I........      

  0.088113 194.108.199.2 -> 192.168.0.10 TCP 22 > 43972 [SYN, ACK]
Seq=1296715205 Ack=1529878029 Win=5792 Len=0

0000  00 30 4f 1d 94 d9 00 30 4f 14 76 4c 08 00 45 20   .0O....0O.vL..E 
0010  00 3c 00 00 40 00 35 06 fb 7a c2 6c c7 02 c0 a8   .<.. na .5..z.l....
0020  00 0a 00 16 ab c4 4d 4a 4d c5 5b 30 16 0d a0 12   ......MJM.[0....
0030  16 a0 d3 30 00 00 02 04 01 f4 04 02 08 0a 0a 17   ...0............
0040  8a 74 e6 c7 e4 49 01 03 03 00                     .t...I....      

  0.088445 192.168.0.10 -> 194.108.199.2 TCP 43972 > 22 [ACK]
Seq=1529878029 Ack=1296715206 Win=5840 Len=0

0000  00 30 4f 14 76 4c 00 30 4f 1d 94 d9 08 00 45 00   .0O.vL.0O.....E.
0010  00 34 f2 46 40 00 40 06 fe 5b c0 a8 00 0a c2 6c   .4.F na .@..[.....l
0020  c7 02 ab c4 00 16 5b 30 16 0d 4d 4a 4d c6 80 10   ......[0..MJM...
0030  16 d0 fd fc 00 00 01 01 08 0a e6 c7 e4 52 0a 17   .............R..
0040  8a 74                                             .t              

  4.277470 194.108.199.2 -> 192.168.0.10 TCP 22 > 43972 [SYN, ACK]
Seq=1296715205 Ack=1529878029 Win=5792 Len=0

0000  00 30 4f 1d 94 d9 00 30 4f 14 76 4c 08 00 45 20   .0O....0O.vL..E 
0010  00 3c 00 00 40 00 35 06 fb 7a c2 6c c7 02 c0 a8   .<.. na .5..z.l....
0020  00 0a 00 16 ab c4 4d 4a 4d c5 5b 30 16 0d a0 12   ......MJM.[0....
0030  16 a0 d1 83 00 00 02 04 01 f4 04 02 08 0a 0a 17   ................
0040  8c 18 e6 c7 e4 52 01 03 03 00                     .....R....      

  4.278860 192.168.0.10 -> 194.108.199.2 TCP 43972 > 22 [ACK]
Seq=1529878029 Ack=1296715206 Win=5840 Len=0

0000  00 30 4f 14 76 4c 00 30 4f 1d 94 d9 08 00 45 00   .0O.vL.0O.....E.
0010  00 40 f2 47 40 00 40 06 fe 4e c0 a8 00 0a c2 6c   . na .G@. na ..N.....l
0020  c7 02 ab c4 00 16 5b 30 16 0d 4d 4a 4d c6 b0 10   ......[0..MJM...
0030  16 d0 8e 7e 00 00 01 01 08 0a e6 c7 e5 f5 0a 17   ...~............
0040  8c 18 01 01 05 0a 4d 4a 4d c5 4d 4a 4d c6         ......MJM.MJM.  

 10.281565 194.108.199.2 -> 192.168.0.10 TCP 22 > 43972 [SYN, ACK]
Seq=1296715205 Ack=1529878029 Win=5792 Len=0

0000  00 30 4f 1d 94 d9 00 30 4f 14 76 4c 08 00 45 20   .0O....0O.vL..E 
0010  00 3c 00 00 40 00 35 06 fb 7a c2 6c c7 02 c0 a8   .<.. na .5..z.l....
0020  00 0a 00 16 ab c4 4d 4a 4d c5 5b 30 16 0d a0 12   ......MJM.[0....
0030  16 a0 cd 88 00 00 02 04 01 f4 04 02 08 0a 0a 17   ................
0040  8e 70 e6 c7 e5 f5 01 03 03 00                     .p........      

 10.283081 192.168.0.10 -> 194.108.199.2 TCP 43972 > 22 [ACK]
Seq=1529878029 Ack=1296715206 Win=5840 Len=0

0000  00 30 4f 14 76 4c 00 30 4f 1d 94 d9 08 00 45 00   .0O.vL.0O.....E.
0010  00 40 f2 48 40 00 40 06 fe 4d c0 a8 00 0a c2 6c   . na .H@. na ..M.....l
0020  c7 02 ab c4 00 16 5b 30 16 0d 4d 4a 4d c6 b0 10   ......[0..MJM...
0030  16 d0 89 ce 00 00 01 01 08 0a e6 c7 e8 4d 0a 17   .............M..
0040  8e 70 01 01 05 0a 4d 4a 4d c5 4d 4a 4d c6         .p....MJM.MJM.  

 22.339014 194.108.199.2 -> 192.168.0.10 TCP 22 > 43972 [SYN, ACK]
Seq=1296715205 Ack=1529878029 Win=5792 Len=0

0000  00 30 4f 1d 94 d9 00 30 4f 14 76 4c 08 00 45 20   .0O....0O.vL..E 
0010  00 3c 00 00 40 00 35 06 fb 7a c2 6c c7 02 c0 a8   .<.. na .5..z.l....
0020  00 0a 00 16 ab c4 4d 4a 4d c5 5b 30 16 0d a0 12   ......MJM.[0....
0030  16 a0 c6 80 00 00 02 04 01 f4 04 02 08 0a 0a 17   ................
0040  93 20 e6 c7 e8 4d 01 03 03 00                     . ...M....      

 22.340565 192.168.0.10 -> 194.108.199.2 TCP 43972 > 22 [ACK]
Seq=1529878029 Ack=1296715206 Win=5840 Len=0

0000  00 30 4f 14 76 4c 00 30 4f 1d 94 d9 08 00 45 00   .0O.vL.0O.....E.
0010  00 40 f2 49 40 00 40 06 fe 4c c0 a8 00 0a c2 6c   . na .I@. na ..L.....l
0020  c7 02 ab c4 00 16 5b 30 16 0d 4d 4a 4d c6 b0 10   ......[0..MJM...
0030  16 d0 80 68 00 00 01 01 08 0a e6 c7 ed 03 0a 17   ...h............
0040  93 20 01 01 05 0a 4d 4a 4d c5 4d 4a 4d c6         . ....MJM.MJM.  


-------------------------------------------------------------------
Ing. Pavel Janousek (PaJaSoft)             FoNet, spol. s r. o.
Technicka podpora, Intranet/Internet     Sokolova 67, 619 00 Brno
E-mail: mailto:Janousek na FoNet.Cz         Tel.: +420  5  4324 4749
WWW:    http://WWW.FoNet.Cz/           E-mail: mailto:Info na FoNet.Cz
-------------------------------------------------------------------



Další informace o konferenci Linux