Pai si la ce ma ajuta ICMP daca scanarea se face la modul : # 3-2893723| [2005-11-09 08:39:06] 81.196.121.26 <http://81.196.121.26/> -> 129.110.94.18 <http://129.110.94.18/> [snort/3] # portscan: TCP Portsweep 3-2893750| [2005-11-09 08:43:58] 81.196.121.26<http://81.196.121.26/>-> # 129.110.94.102 <http://129.110.94.102/> [snort/3] portscan: TCP Portsweep 3-2893759| [2005-11-09 # 08:46:34] 81.196.121.26 <http://81.196.121.26/> -> 129.110.94.142<http://129.110.94.142/>[snort/3] portscan: TCP # Portsweep 3-2893765| [2005-11-09 08:47:43] 81.196.121.26<http://81.196.121.26/>-> # 129.110.94.164 <http://129.110.94.164/> [snort/3] portscan: TCP Portsweep 3-2893795| [2005-11-09 # 08:49:14] 81.196.121.26 <http://81.196.121.26/> -> 129.110.94.180<http://129.110.94.180/>[snort/3] portscan: TCP # Portsweep 3-2893797| [2005-11-09 08:49:55] 81.196.121.26<http://81.196.121.26/>-> # 129.110.94.187 <http://129.110.94.187/> [snort/3] portscan: TCP Portsweep 3-2893805| [2005-11-09 # 08:50:38] 81.196.121.26 <http://81.196.121.26/> -> 129.110.94.192<http://129.110.94.192/>[snort/3] portscan: TCP # Portsweep 3-2893871| [2005-11-09 08:54:24] 81.196.121.26<http://81.196.121.26/>-> 129.110.95.16 <http://129.110.95.16/> # [snort/3] portscan: TCP Portsweep 3-2893905| [2005-11-09 08:58:22] # 81.196.121.26 <http://81.196.121.26/> -> 129.110.95.79<http://129.110.95.79/>[snort/3] portscan: TCP Portsweep # 3-2893929| [2005-11-09 08:59:13] 81.196.121.26 <http://81.196.121.26/> -> 129.110.95.97 <http://129.110.95.97/> [snort/3] # portscan: TCP Portsweep 3-2893970| [2005-11-09 09:01:04] 81.196.121.26<http://81.196.121.26/>-> # 129.110.95.125 <http://129.110.95.125/> [snort/3] portscan: TCP Portsweep 3-2893984| [2005-11-09 # 09:02:13] 81.196.121.26 <http://81.196.121.26/> -> 129.110.95.143<http://129.110.95.143/>[snort/3] portscan: TCP
On 11/10/05, dragos <[EMAIL PROTECTED]> wrote: > > Cel mai simplu e sa folosesti tcpdump pe interfata interna (sa zicem > eth0). > Presupunand ca ip-urile private sunt in domeniul > 192.168.1.0/24<http://192.168.1.0/24>, > poti incerca > asa: > > tcpdump -i eth0 icmp and src net 192.168.1 and not dst net 192.168.1 > > Adica sa-ti arate toate pachetele de tip icmp care vin pe interfata eth0 > din > reteaua interna si nu sunt destinate retelei interne. > > Dragos > > On Thu, Nov 10, 2005 at 09:00:31AM +0200, Razvan Manea wrote: > > Salutare. > > Am un server Gentoo cu iptables > > Am alocate mai multe ip-uri interne pe un ip public. > > Acum primesc mailuri de la diverse adrese ca sunt scanati de pe ip-ul > > public. > > Cum fac sa-mi dau seama care dintre cei care ies cu acel ip public fac > > astfel de lucruri ? > > > > Sa aloc pentru fiecare cate un ip public unic nu este o solutie nu am > atatea > > ip-uri. > > > > Multam. Razvan. > > _______________________________________________ > > RLUG mailing list > > [email protected] > > http://lists.lug.ro/mailman/listinfo/rlug > > -- > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFDcvr5ONlM6PUJv7kRAoSUAJ9Wq0UDMvekaSzo6fQH3Fx85i81sQCgsK3k > R6onOKyrA/qs3q6jkYNfW98= > =uKlS > -----END PGP SIGNATURE----- > > > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.lug.ro/mailman/listinfo/rlug > > > _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
