Main WebSource NAT - spoofing and flooding
Za vsetko moze tato dokumentacia http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html . Prava pricina je ako vzdy daka baba
(najhorsie baby su z Plostina).
Priklad: Chcem pingnut nas server na novej IPcke (213.215.81.237) zo starej IPcky (195.78.44.155) zo stroja qos.cnl.tuke.sk, ktory je v TUNETe. Pojde to iba vtedy ak routery po ceste nepozeraju ci packet ma "normalnu" zdrojovu IP adresu (z rozsahu siete z ktorej smeruje). Najprv teda aplikujem pravidlo:
qos$ sudo iptables -t nat -A POSTROUTING -d 213.215.81.237 -o eth3 -j SNAT --to 195.78.44.155Potom pustim:
qos$ ping 213.215.81.237
Na cielovom serveri (213.215.81.237) pre overenie spustim tcpdump:
tcpdump -i ra1 -n host 195.78.44.155
Aaaa 
aha:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ra1, link-type EN10MB (Ethernet), capture size 96 bytes 20:46:31.260580 IP 195.78.44.155 > 213.215.81.237: icmp 64: echo request seq 22 20:46:32.260873 IP 195.78.44.155 > 213.215.81.237: icmp 64: echo request seq 23 20:46:33.260960 IP 195.78.44.155 > 213.215.81.237: icmp 64: echo request seq 24Ide to, ide to! Zaver: zdrojove IP sa nekontroluju, mozu byt lubovolne. Fajne sa s tym bude dat floodovat, ale aj testovat co linka da (pricom sa bude tok posielat len jednym smerom). Na spoofovanie web hlasovani je to ako usite (tu by bolo jednoduhsie neist cez SNAT ale cez MASQUERADE a menit IP na sietovke (pri SNATe pouzivat
-R chain rulenum)).
-- EqO - 30 Oct 2007
Main Web
Users
Groups
Index
Search
Changes
Notifications
Statistics
Preferences
DocumentCisco |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback