James Morris ....................................... (2002. április 03.)
Hi!
> iptables -t nat -A PREROUTING -p tcp --dport 666 -j DNAT --to 172.16.3.26:22
> pbi@exchange1:~$ sudo ./nmap -sS -P0 mymachine -p 22,23,666,667 -t 9
> Starting nmap V. 2.54BETA32 ( www.insecure.org/nmap/ )
> Interesting ports on mymachine:
> Port State Service
> 22/tcp open ssh
> 23/tcp filtered telnet
> 666/tcp UNfiltered doom DNAT to 192.168.8.10:22
> 667/tcp UNfiltered unknown DNAT to 192.168.26.10:22
You should try this (as a workaround):
iptables -t nat -A PREROUTING -p tcp --dport 666 -m ttl --ttl-gt 4 -j DNAT --to
172.16.3.26:22
iptables -t nat -A PREROUTING -m ttl --ttl-lt 5 -j LOG --log-prefix "Evil
hax0r "
(So it is not hardcoded as in IPFilter ... )
Regards,
kisza
--
Andras Kis-Szabo Security Development, Design and Audit
-------------------------/ Zorp, NetFilter and IPv6
[EMAIL PROTECTED] /-----Member of the BUTE-MIS-SEARCHlab---------->
