|
|
VNIMANIE: Izpolzvaite forumite na saita za da zadadete vashite vuprosi.
Vupros |
Ot: nmap |
Data: 07/27/2003 |
Kakvo triabva da napravia, za da ne mogat da me skanirat ot
vunka i kak da go napravia, suotvetno da mi pokazva, che niakoi
me skanira? V takuv luchai kakvo moga da napravia?
Kogato skaniram niakogo ne mi dava nishto...
|
Otgovor #1 |
Ot: dido |
Data: 07/27/2003 |
mislq che shte e dostatuchno samo da ti paste-na 2-ta reda
koito ti trqbwat , bez da se zadulbochawam da obqsnqwam
kakwo tochno prawqt te.Ako iskash poweche info za towa
zapochni s RFC na TCP , i produlji s manuala na iptables.
Inache obshto wzeto tezi 2 reda prawqt tochno towa koeto
iskash. Purwiqt ti pozwolqwa da log-vash wseki scan (no
preduprejdawam che bulwa strashno mnogo info w syslog-a) , a
wtoria gi reject-va... w sluchaq , ako nqkoi ti pusne ping
shte mu izkara all ports filtered (ot 1-10000 by default na
nmap ako ne se luja..)
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m
state --state NEW -j LOG --log-prefix "SCAN"
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m
state --state NEW -j REJECT --reject-with
icmp-port-unreachable
Regards ...
|
Otgovor #2 |
Ot: nmap |
Data: 07/27/2003 |
Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG tcp -- anywhere anywhere
tcp flags:!SYN,RST,ACK/SYN state NEW LOG level warning
prefix `SCAN'
REJECT tcp -- anywhere anywhere
tcp flags:!SYN,RST,ACK/SYN state NEW reject-with
icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Naprawih go i towa e rezultata, no pak moga da si go ping
nmap-wam...?
Niakakvi idei?
|
Otgovor #3 |
Ot: dido |
Data: 07/27/2003 |
mislq che shte e dostatuchno samo da ti paste-na 2-ta reda
koito ti trqbwat , bez da se zadulbochawam da obqsnqwam
kakwo tochno prawqt te.Ako iskash poweche info za towa
zapochni s RFC na TCP , i produlji s manuala na iptables.
Inache obshto wzeto tezi 2 reda prawqt tochno towa koeto
iskash. Purwiqt ti pozwolqwa da log-vash wseki scan (no
preduprejdawam che bulwa strashno mnogo info w syslog-a) , a
wtoria gi reject-va... w sluchaq , ako nqkoi ti pusne ping
shte mu izkara all ports filtered (ot 1-10000 by default na
nmap ako ne se luja..)
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m
state --state NEW -j LOG --log-prefix "SCAN"
-A INPUT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m
state --state NEW -j REJECT --reject-with
icmp-port-unreachable
Regards ...
|
<< za kernel (1
) | problemi s gcc-3.3 (2
) >>
|
|
|
|
|