saya mencoba drop icmp type 8 karena katanya bisa
merupakan gejala worm(benar ndak sih ?)
#iptables -A INPUT -p icmp --icpm-type 8 -j DROP
lalu saya cek iptables :
# iptables -nvL
Chain INPUT (policy ACCEPT 1120K packets, 336M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 38M packets, 2359M bytes)
pkts bytes target prot opt in out source
destination
523 48116 LOG icmp -- * *
0.0.0.0/0 0.0.0.0/0 length 92
icmp type 8 LOG flags 0 level 4
523 48116 DROP icmp -- * *
0.0.0.0/0 0.0.0.0/0 length 92
icmp type 8
Chain OUTPUT (policy ACCEPT 1583K packets, 431M bytes)
pkts bytes target prot opt in out source
destination
nah ketika saya lakukan :
#tail -f /var/log/messages
Sep 9 07:51:35 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=204.152.211.57 LEN=92 TOS=0x00
PREC=0x00 TTL=1 ID=637 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=256
Sep 9 07:51:36 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=204.152.211.57 LEN=92 TOS=0x00
PREC=0x00 TTL=2 ID=641 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=512
Sep 9 07:51:38 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=204.152.211.57 LEN=92 TOS=0x00
PREC=0x00 TTL=3 ID=647 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=768
Sep 9 07:51:39 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=204.152.211.57 LEN=92 TOS=0x00
PREC=0x00 TTL=4 ID=652 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=1024
Sep 9 07:51:41 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=130.244.83.105 LEN=92 TOS=0x00
PREC=0x00 TTL=2 ID=658 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=1280
Sep 9 07:51:42 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=130.244.83.105 LEN=92 TOS=0x00
PREC=0x00 TTL=3 ID=662 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=1536
Sep 9 07:51:44 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=130.244.83.105 LEN=92 TOS=0x00
PREC=0x00 TTL=4 ID=666 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=1792
Sep 9 07:51:45 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=130.244.83.105 LEN=92 TOS=0x00
PREC=0x00 TTL=1 ID=672 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=2048
Sep 9 07:51:47 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.139.233.243 LEN=92 TOS=0x00
PREC=0x00 TTL=3 ID=676 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=2304
Sep 9 07:51:48 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.139.233.243 LEN=92 TOS=0x00
PREC=0x00 TTL=4 ID=682 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=2560
Sep 9 07:51:50 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.139.233.243 LEN=92 TOS=0x00
PREC=0x00 TTL=1 ID=686 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=2816
Sep 9 07:51:51 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.139.233.243 LEN=92 TOS=0x00
PREC=0x00 TTL=2 ID=690 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=3072
Sep 9 07:51:53 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.232.43.239 LEN=92 TOS=0x00
PREC=0x00 TTL=4 ID=696 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=3328
Sep 9 07:51:54 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.232.43.239 LEN=92 TOS=0x00
PREC=0x00 TTL=1 ID=700 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=3584
Sep 9 07:51:56 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.232.43.239 LEN=92 TOS=0x00
PREC=0x00 TTL=2 ID=703 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=3840
Sep 9 07:51:57 hegel kernel: IN=eth1 OUT=eth0
SRC=192.168.0.50 DST=202.232.43.239 LEN=92 TOS=0x00
PREC=0x00 TTL=3 ID=705 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=4096
192.168.0.50 adalah ip client dgn os win xp.
menurut teman-teman apa artinya ?
Apakah ada worm di kompie client tsb ?
trims
R Jantarasami
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip, FAQ, dan info milis di http://linux.or.id/milis.php
Tidak bisa posting? Baca:
http://linux.or.id/wiki/index.php?pagename=ProblemMilisDanSolusi
http://linux.or.id/wiki/index.php?pagename=TataTertibMilis
