On Mon, Dec 21, 2009 at 07:24:31AM +0000, Arief Yudhawarman wrote:
Ralat, tidak perlu sampai chain FORWARD, cukup sampai chain PREROUTING.
2. Script kecil di bawah akan menambah rule ke iptables untuk mencatat
akses ke ip conficker:
#!/bin/sh
LAN_IFACE="eth0"
IPTABLES="/usr/sbin/iptables"
FIPCONFICKER="/etc/conficker/ip.conficker"
while read IPCONFICKER
do
# only for kernel 2.6 for use with option -m comment
# CHAIN PREROUTING
# uncomment this to drop access to ip conficker
#$IPTABLES -t nat -I PREROUTING -i $LAN_IFACE -d $IPCONFICKER -j DROP \
#-m comment --comment "IP Conficker"
$IPTABLES -t nat -I PREROUTING -i $LAN_IFACE -d $IPCONFICKER -j LOG \
--log-prefix "CONFICKER" --log-ip-options
done <$FIPCONFICKER
Ini dari client akses ke ip conficker:
y...@files:~$ ping 221.7.91.31 -c 1
PING 221.7.91.31 (221.7.91.31) 56(84) bytes of data.
--- 221.7.91.31 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
y...@files:~$ telnet 221.7.91.31 80
Trying 221.7.91.31...
y...@files:~$
Ini tampilan syslog:
....
Dec 21 14:29:14 proxy kernel: CONFICKERIN=eth0 OUT=
MAC=00:50:04:d1:02:e0:00:19:21:13:57:5d:08:00 SRC=192.168.0.252 DST=221.7.91.31
LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=11322
SEQ=1
Dec 21 14:29:34 proxy kernel: CONFICKERIN=eth0 OUT=
MAC=00:50:04:d1:02:e0:00:19:21:13:57:5d:08:00 SRC=192.168.0.252 DST=221.7.91.31
LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=4679 DF PROTO=TCP SPT=40877 DPT=80
WINDOW=5840 RES=0x00 SYN URGP=0
Dec 21 14:29:37 proxy kernel: CONFICKERIN=eth0 OUT=
MAC=00:50:04:d1:02:e0:00:19:21:13:57:5d:08:00 SRC=192.168.0.252 DST=221.7.91.31
LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=4680 DF PROTO=TCP SPT=40877 DPT=80
WINDOW=5840 RES=0x00 SYN URGP=0
--
Terimakasih sebelumnya.
Salam,
~~ Arief Yudhawarman ~~
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [email protected]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
