[kiss] ip conntrack irc

avudz Mon, 24 Jan 2005 20:50:57 -0800

dear,

ada yang pernah alami hal gini di kernel :


Jan 25 10:59:00 kampret kernel: Forged DCC command from 192.168.0.15: 
xxx.4.0.5:1024

setiap di dcc send file via irc, selalu di forged oleh kernel. penyebab nya 
kenapa ya?? 

kalau saya liat dari source conntrack irc nya, ada bagian :

/* dcc_ip can be the internal OR external (NAT'ed) IP
* Tiago Sousa */
if (ct->tuplehash[dir].tuple.src.ip != htonl(dcc_ip)
&& ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip != htonl(dcc_ip)) {
if (net_ratelimit())
printk(KERN_WARNING
"Forged DCC command from "
"%u.%u.%u.%u: %u.%u.%u.%u:%u\n",
NIPQUAD(ct->tuplehash[dir].tuple.src.ip),
HIPQUAD(dcc_ip), dcc_port);

continue;
}

exp = ip_conntrack_expect_alloc();
if (exp == NULL)
goto out;

exp_irc_info = &exp->help.exp_irc_info;


ada yang bisa menjelaskan ga ya? 

ada lagi info yang saya bingung :

http://www.dragoncat.net/lists/irssi-users/2003-05/0009.html

disitu, setelah di baca malah makin membingungkan :-)

root]# iptables ! -V
Not 1.2.7a ;-)

root]# uname -rv
2.4.21-0.13mdk #1 Fri Mar 14 15:08:06 EST 2003

root]# iptables -vnxL | grep 1024 | grep -i 192.168.0.15
      16     1159 ACCEPT     tcp  --  *      *       0.0.0.0/0            
192.168.0.15       tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED
      10      640 ACCEPT     tcp  --  *      *       192.168.0.15         
0.0.0.0/0          tcp spts:1024:65535 dpts:1024:65535 state 
RELATED,ESTABLISHED

root]# iptables -vnxL | grep 113 | grep -i 192.168.0.15
       0        0 BACK       tcp  --  *      *       0.0.0.0/0            
192.168.0.15       tcp spt:113
       0        0 BACK       tcp  --  *      *       0.0.0.0/0            
192.168.0.15       tcp spt:113


root]# iptables -vnxL | grep 59
      28     2659 eth0-eth1  all  --  eth0   eth1    0.0.0.0/0            
0.0.0.0/0
       0        0 BACK       tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp spt:59
       0        0 BACK       tcp  --  *      *       0.0.0.0/0            
192.168.0.0/24     tcp spt:59
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:59
       0        0 ACCEPT     tcp  --  *      *       192.168.0.0/24       
0.0.0.0/0          tcp dpt:59

diagram network :

+---------------+             +---------------+         +-----------+           
     
| INTERNET   |  --------  | MODEM ATI | -------| MDK 9.1  |  -------  CLIENT    
         
+---------------+             +---------------+         +-----------+  

root]# lsmod | grep irc
ip_nat_irc              3280   0  (unused)
ip_conntrack_irc        4304   1
iptable_nat            21048   3  (autoclean) [ipt_REDIRECT ipt_MASQUERADE 
ip_nat_ftp ip_nat_irc]
ip_conntrack           27264   4  (autoclean) [ipt_REDIRECT ipt_state 
ipt_MASQUERADE ip_nat_ftp ip_nat_irc ip_conntrack_ftp ip_conntrack_irc 
iptable_nat]



thanks.


regards,


./avd



--
Right or wrong my list. Unsubscribe option is currently unavailable.
Indeed, it's available upon request .. but: cepek dulu donk!

[kiss] ip conntrack irc

Kirim email ke