I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
View 3 RepliesWe are trying to implement a firewall as kernel module through netfilter hooking (in C). In the following code we are allowing only TCP traffic. Source port number and destination port number are printed for every TCP packet. On execution, this code prints wrong port numbers. This is the first time we are using skb_transport_header function for accessing tcp headers.
We verified port numbers being printed by firewall through NFS traffic. On the same machine where firewall is running, we hosted an NFS server. An NFS client (from a different system) puts a file in exported mount. Firewall is able to capture packets for this file transfer but port numbers printed are wrong. It prints '69' for source portnumber (whereas ethereal capture shows it as 790) and prints '553231' for destination port (whereas for nfs version 4 it has to be 2049).
[Code]....
Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
I was having a discussion with someone who said that telnet, FTP, HTTP plain-text authentication in the local subnet is ok because it's a switched network. Also, that these protocols are not good over the net but in a local subnet they are just fine.
I know that someone can plug a hub in the network port and connect 2 (or more) PCs and see the packets. Also, heard about ettercap but haven't really delved into it. I know dsniff was written to prove the point that unencrypted protocols are bad. Would like to get opinion about unencrypted protocols over a switched networks.
I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.
When i was try to execute this command in my router device it will show error...
First execution:-
Second Execution:-
So I Need to block this kind of websites ...kindly tell me what i have to rectify & change..here i didnt execute this command...
When trying from the link which was in the applications menu, and manually from terminal I receive the following errors:
Code:
I have since tried the HOWTO: Install Azureus (newest, non-repo way) method of installing Vuze/Azureus, which I think is what I set up for 9.04, and also a synaptic complete removal and reinstall which didn't work.
I have an .azureus folder in my home dir which I would like to keep because it contains my settings and half downloaded torrents etc.
I would be happy to use the the synaptic packaged version of Vuze because it is much more up to date than it has been in the past.
I have created a nfq handler via nfq_open() and using the returned qhandle to bind my application program to a specific queue number that is configured in iptables. when i invoke nfq_create_queue() my program is stuck there and the back trace shows it is blocked in recvfrom()
bt
in recvfrom () from /lib/x86_64-linux-gnu/libpthread.so.0
in nfnl_recv () from /usr/lib/libnfnetlink.so.0
in nfnl_catch () from /usr/lib/libnfnetlink.so.0
How to install netfilter/iptables ? debian6
View 1 Replies View RelatedOn Kernel 2.6.33.4 I get this from /proc/net/ip_conntrack:
tcp 6 431557 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=44242 dport=993 packets=128 bytes=9267 src=X.X.X.X dst=X.X.X.X sport=993 dport=44242 packets=85 bytes=53950 [ASSURED] mark=0 use=2
On Kernel 2.6.36.2 I get this from that same file:
tcp 6 431665 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=4640 dport=8082 src=X.X.X.X dst=X.X.X.X sport=8082 dport=4640 [ASSURED] mark=0 use=2
It's missing the data on bytes and packets transmitted through that particular connection. I had written a program that uses this information. Was this pulled out of the kernel on purpose or did I miss some option when compiling the new kernel for my box?
I installed few days ago Debian Jessie (Linux server-1 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04) x86_64 GNU/Linux) for some tests.I tried to install iptables-persistent with the command "apt-get install iptables-persistent".During the install process, I got the following message :
Code: Select allPreconfiguring packages ...
Selecting previously unselected package netfilter-persistent.
(Reading database ... 31677 files and directories currently installed.)
Preparing to unpack .../netfilter-persistent_1.0.3_all.deb ...
Unpacking netfilter-persistent (1.0.3) ...
Selecting previously unselected package iptables-persistent.
[code]....
Some talks about cups, acpid, ipv6 or systemd but nothing has solved the issue in my case.I used iptables-persistent many times with older debian versions.
i am writing a netfilter module for linux 2.6.34.6-47 / 2.6.35. while i could capture the packets on the incoming hook since the same came as a single packet in probably the allocated skbuff area by the stack, i found that packets going out of the machine are getting splitted into linear and non-linear area. skb->data gives the total length of packet as correct, but when i extract skb-> data to print it, it prints only ip and tcp header. Now to treat the data i need to extract it and then push it back on the route.
To clarify if my data is 3 bytes . the total length by passing pointers show as 55 bytes = ( 52 byte of header + 3 byte of data), but i can't access these 3 bytes by using skb->tail - skb->data. how to extract outgoing data for any further action and then put it back on route for further encapsulation by the L2 stack or whatever. will skb_linearize() or skb_linearize_cow() be of any use , if yes how and why?
Well my problem is that i want to configure Net filter (FORWARD) not manually but by importing a text file which may contain a binary array with c++ language like :
0 0 1
1 1 0
0 0 1
with 0 is "IPTABLES -A FORWARD -p udp -j ACCEPT"
and 1 is "IPTABLES -A FORWARD -p udp -j DROP"
so after importing i want to find in my firewall 9 rules equal to the numbers of the binary array.
I have an ubuntu server virtual machine with a webhost. I am trying to configure the firewall. I am having a problem with sendmail and the required firewall configuraiton If I type the command:
iptables -F
Then sendmail works perfectly. I can see the emails sent in my googlemail inbox. I then configure my firewall as follows:
iptables -F
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 2252 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[Code]....
(I have moved SSH to a diffrent port) Once this is setup sendmail no longer works. I had assumed that sendmail will establish a tcp connection and the first rule will allow all established connections to pass. why this iptables/netfilter config stops sendmail from working.
Recently I am logging the packets that are supposedly INVALID and I found out that I am dropping a lot of packets that seem legitimate (in the sense that they are clients that are allowed to contact us).
Code:
:invalid - [0:0]
-A invalid -j LOG --log-prefix "[DROP INVALID] : " --log-tcp-options --log-ip-options
-A invalid -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
[Code]...
I would like to know If I can tell a complaining client that his dual-WAN solution is not behaving properly.Should such a dual WAN-router spoof its IP to the one that initiated the connection? And what happens if these packets are not dropped? Will they be accepted by the application or does it depend on the application? It sounds like a security risk if it does. It seems to me those packets will be ignored anyway by the application Netfilter's manual says that it's safe to drop these packets.
I am a under-graduate student. my prof has implemented an adhoc protocol and simulated it on some network simulation software and it worked out of box. She want to implement it on real world unix/linux systems. i am sure it is possible, but i dont know where to start from.
View 5 Replies View RelatedOn openSUSE 11.3 I was using remmina as a replacement for tsclient. After upgrading to openSUSE 11.4 (Did a complete new install) Remmina only seems to support SSH connections. All other protocols like RDP, NX and VNC are missing. I got FreeRDP and rdesktop etc. Installed and can connect to RDP sessions from the terminal.
View 3 Replies View RelatedI have ssh running on port 22 and that is the only thing I want in/out of this particular box (ssh, scp).But when I use iptables to set the default policies for INPUT, FORWARD, and OUTPUT to DROP and then allow 22:
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT
ssh stops working.
How to implement Network Protocols.
View 1 Replies View RelatedI have setup NTOP on Centos 5.5 and am not seeing traffic that I am supposed to be seeing. We have a product that uses many different services including ssh. I have this system as a target on mirrored ports but am not seeing any ssh connections or activity when I look at the host machine that is connected to the target ssh client and vice versa. When I look under TCP/UDP Service/Port Usage it is not displaying all the services that are being used especially SSH. What could it be?
View 5 Replies View RelatedWill ipv6 use the same routing protocols as v4?....such as OSPF?
View 2 Replies View RelatedI m pretty new to Linux..! I've been given a task to modify network protocol(TCP in particular). So now i've to make few changes to the kernel which includes modifying few source files. So i want to know how can i go abt it. Till now i've explored various .c files of kernel(Eg.tcp.c,tcp_input.c etc etc)by referring few books. And now comes the important part of implementing it. So how exactly can i go abt it?? I went thru various threads like installing a kernel,compliling a kernel and other things. But i m not getting the exact sequence in which i should do it. I've installed fedora 10. But i cannot see any source files which i can modify. Where and how can i modify these files?
View 5 Replies View RelatedHow to switch between serial protocols in c language? for example i need to switch between rs232 and rs422,(according to rs422 pinout)
View 2 Replies View RelatedI am new to using wireshark and I've been browsing around the packets it a bit. I figured I'd try and use it to cut into a protocol that isn't documented, that I can find, but doesn't seem particularly secure. I tried cutting into a protocol and I turned _everything_ off, but wireshark was still picking up packets left right and centre. So I decided to stop the internet daemon and still, packets were being sent over the internet. So I decided to pick some of the IPs and do a reverse look-up. Each and every one of the IPs are of Russian origin or close.
I'm under the impression that these are unwanted packets. I've also noticed that they are sending data from the same port: 32165. Another thing I noticed while doing reverse look-ups is a lot of these IPs are hit in 'Spam & Open Relay Blocking System' and 'Project Honey Pot' which seem to be spam blockers and trackers. What I should do or what I should investigate? The reverse look-ups are only providing me with the ISP which 'owns' the IP block the IP is apart of. They are from various ISPs every time.
I have project which need to stream audio to multiple remotely connected devices on internet.the best protocol for streaming with minimum or no audio distortion.
View 1 Replies View RelatedCurrently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet
Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.
Now i have problem with blocking UDP protocols i tried lot of things in net iptables -A INPUT -s 192.168.1.0/255.255.255.0 -p UDP -j DROP
But it's not blocking UDP protocols (i change UDP to ICMP Protocols then icmp is blocked every ip address)
What printing protocols are supported by CUPS?
View 1 Replies View RelatedI'm attempting to write an application that needs to read and reply to messages that will appear via 3 different methods:
1) Standard serial communications
2) TCPIP over serial via PPP
3) TCPIP over Ethernet
The problem is that I'd like for the application to be able to receive packets from any and all of the three interfaces simultaneously. I shouldnt have much trouble with performing #1 and #3 at the same time, as I think I can just get a file descriptor from termios and another for a socket and then use select to wait for data. But #2 is problematic.
First I dont know how to set up a socket that uses PPP as the data link layer. And secondly, (here's the big one) this PPP data is coming over the same port that the serial data is. There's no chance for data collision, and I am guaranteed not to receive another packet until I respond to the last one (in the same protocol at that) but incoming packets may or may not be PPP/TCP/IP framed.
My app will act like the PPP client, so I was just thinking "somehow" that I could run a standard termios application on the serial port which would begin to interpret the packet. If its PPP framed then it would have to get passed to a PPP client, which would be listening to my application rather than a physical port. And I have no idea how to do that. Is there an API available that will help me with the PPP packets?
How hard would it be to write a device driver that simulates a serial port. The device can listen on a real serial port, interpret its contents to an extent, and then distribute the incoming data to multiple "virtual" serial ports, which the main application can then listen to for incoming traffic.
I am having some problems changing the sources.list...or am i? i not sure what's going on, Could be a permissions issue?
Details:
1.Note i have stopped #repository here to try another, the last one.
2.When i issue command from root terminal, this is result, though it does let me pull up the sources.list and edit.
3.I also have a sources.list.save /etc/apt/sources.list.save
Should that be there? It does not change along with sources.list changes made.
I want to connect my Debian Squeeze machine to my school wireless network with wpa_supplicant.
I think the network uses 802.1X authentication, because when the other students connects to the network for the first time in Windows they enter their username and password then the connection is established. I have asked the the IT staff but they do not known what 802.1X, PEAP EAP etc. is and just say "Enter the login details in the box!".
If I bring a Windows 7 machine to school and successful connects to the network, is it then possible for me to extract the information [and extract a certificate if used on the network] from Windows somehow so i can setup the wpa_supplicant.conf correctly on Debian?
The information I want to extract is which protocols are used, like PEAP,MSCHAP etc.