/l3/users/bas/2011-03/linux4.unix.bas/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Среда (04/06/11)

/dev/pts/3
08:45:31
#iptables-save
# Generated by iptables-save v1.3.5 on Wed Apr  6 12:45:32 2011
*nat
:PREROUTING ACCEPT [71:13165]
:POSTROUTING ACCEPT [72681:3298704]
:OUTPUT ACCEPT [72683:3298889]
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Wed Apr  6 12:45:32 2011
...
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/255.255.255.0 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/255.255.255.0 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Apr  6 12:45:32 2011
08:45:32
#iptables-save
# Generated by iptables-save v1.3.5 on Wed Apr  6 12:45:33 2011
*nat
:PREROUTING ACCEPT [71:13165]
:POSTROUTING ACCEPT [72681:3298704]
:OUTPUT ACCEPT [72683:3298889]
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Wed Apr  6 12:45:33 2011
...
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/255.255.255.0 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/255.255.255.0 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Apr  6 12:45:33 2011
08:45:33
#ls -l
total 1230132
-rw------- 1 root root       1016 Mar 27 21:17 anaconda-ks.cfg
drwxr-xr-x 3 root root       4096 Mar 28 18:14 backups
-rw-r--r-- 1 root root       2061 Mar 30 13:13 cpumem.info
drwxr-xr-x 2 root root       4096 Apr  4 11:28 data
drwxr-xr-x 2 root root       4096 Apr  5 15:34 Desktop
-rw-r--r-- 1 root root 1258291200 Apr  2 17:21 disk1.img
-rw-r--r-- 1 root root      38088 Mar 27 21:17 install.log
-rw-r--r-- 1 root root          0 Mar 27 21:08 install.log.syslog
drwx------ 2 root root       4096 Mar 30 13:11 Mail
drwxr-xr-x 2 root root       4096 Apr  5 15:49 mdadm
-rw-r--r-- 1 root root      12680 Nov 13 10:12 rpmforge-release-0.5.2-2.el5.rf.i386.rpm
-rw-r--r-- 1 root root      12680 Nov 13 10:12 rpmforge-release-0.5.2-2.el5.rf.i386.rpm.1
-rw-r--r-- 1 root root      12649 Nov 13 10:12 rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
прошло 43 минуты
09:29:27
#ifconfig
eth0      Link encap:Ethernet  HWaddr 00:26:18:E4:56:60
          inet addr:192.168.15.4  Bcast:192.168.15.255  Mask:255.255.255.0
          inet6 addr: fe80::226:18ff:fee4:5660/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:95775 errors:0 dropped:0 overruns:0 frame:0
          TX packets:91847 errors:0 dropped:0 overruns:0 carrier:2
          collisions:0 txqueuelen:1000
          RX bytes:18290199 (17.4 MiB)  TX bytes:5726889 (5.4 MiB)
          Interrupt:74 Memory:feac0000-feb00000
lo        Link encap:Local Loopback
...
          collisions:0 txqueuelen:0
          RX bytes:2156510 (2.0 MiB)  TX bytes:2156510 (2.0 MiB)
virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:8316 (8.1 KiB)
прошло 17 минут
09:46:42
#vim /etc/sysconfig/network-scripts/ifcfg-eth0
09:48:24
#ps
  PID TTY          TIME CMD
 8518 pts/8    00:00:00 bash
 9325 pts/8    00:00:00 ps
прошло 16 минут
10:05:05
#iptables -A INPUT -p tcp -dport 22 -j ACCEPT 
Bad argument `22'
Try `iptables -h' or 'iptables --help' for more information.
прошло 34 минуты
10:39:40
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT










10:39:47




#iptables -A input -p tcp --syn -j DROP





iptables: No chain/target/match by that name











10:41:05




#iptables -A INPUT -p tcp --syn -j DROP












10:45:09




#iptables -A INPUT -p tcp --syn -j REJECT --reject-with tcp-reset












10:46:08




#ping 192.168.168.15.2





ping: unknown host 192.168.168.15.2









прошло 15 минут




11:01:19




#ping 192.168.15.2





PING 192.168.15.2 (192.168.15.2) 56(84) bytes of data.
From 192.168.15.2 icmp_seq=1 Destination Host Unreachable
--- 192.168.15.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms











11:01:25




#iptables -l -L numbers





iptables v1.3.5: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.











11:03:11




#iptables -L -l numbers





iptables v1.3.5: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.











11:03:16




#iptables -L -l line-numbers





iptables v1.3.5: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.











11:03:32




#iptables -L -l --line-numbers





iptables v1.3.5: Unknown arg `-l'
Try `iptables -h' or 'iptables --help' for more information.











11:03:36




#iptables -L -n --line-numbers


Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
6    REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 reject-with tcp-reset
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination











11:03:41




#iptables -D INPUT 6












11:04:11




#iptables -A INPUT -m ESTABLISHED -j ACCEPT


iptables v1.3.5: Couldn't load match `ESTABLISHED':/lib64/iptables/libipt_ESTABLISHED.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.











11:05:17




#iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT












11:05:54




#iptables -A INPUT -p tcp -j REJECT icmp-port-unreachable





Bad argument `icmp-port-unreachable'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/9
11:06:26




$man iptables










/dev/pts/3
11:07:25




#iptables -A INPUT -p tcp -j REJECT --reject-with icmp-port-unreachable












11:07:48




#iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable












11:08:36




#iptables -D INPUT 7












11:08:55




#iptables -D INPUT 6












/dev/pts/9
11:09:00




$su -


Password:
l3-agent is already running: pid=3793; pidfile=/root/.lilalo/l3-agent.pid











11:09:05




#nmap 192.168.15.4


Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-04-06 15:09 ALMT
Interesting ports on linux4.unix.bas (192.168.15.4):
Not shown: 1679 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap finished: 1 IP address (1 host up) scanned in 0.053 seconds











11:09:24




#nmap -sF 192.168.15.4


Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-04-06 15:09 ALMT
Interesting ports on linux4.unix.bas (192.168.15.4):
Not shown: 1679 filtered ports
PORT   STATE         SERVICE
22/tcp open|filtered ssh
Nmap finished: 1 IP address (1 host up) scanned in 1.219 seconds











11:09:30




#man iptables










/dev/pts/3
11:12:28




#iptables -D INPUT 6















/dev/pts/9
11:12:50




#iptables -L -n --line-numbers


Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
6    REJECT     udp  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
7    REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination











11:13:00




#iptables -D INPUT 6












11:13:16




#iptables -D INPUT 7





iptables: Index of deletion too big











11:13:19




#iptables -D INPUT 6












11:13:21




#iptables -L -n --line-numbers


Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination











11:13:24




#iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT












11:14:01




#iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset












11:14:46




#iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable












11:15:17




#ping 192.168.15.4


PING 192.168.15.4 (192.168.15.4) 56(84) bytes of data.
64 bytes from 192.168.15.4: icmp_seq=1 ttl=64 time=0.034 ms
64 bytes from 192.168.15.4: icmp_seq=2 ttl=64 time=0.045 ms
--- 192.168.15.4 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.034/0.039/0.045/0.008 ms











11:15:24




#iptables -A INPUT -p all -j REJECT --reject-with icmp-host-unreachable












11:15:57




#host ya.ru


ya.ru has address 93.158.134.203
ya.ru has address 213.180.204.3
ya.ru has address 77.88.21.3
ya.ru has address 87.250.250.3
ya.ru has address 87.250.250.203
ya.ru has address 87.250.251.3
ya.ru has address 93.158.134.3
ya.ru mail is handled by 10 mx.yandex.ru.











11:24:03




#ping 192.168.15.3





PING 192.168.15.3 (192.168.15.3) 56(84) bytes of data.
--- 192.168.15.3 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms











11:24:25




#/etc/init.d/iptables save


Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]









прошло 28 минут




11:53:10




#more /etc/sysconfig/iptables










11:53:20




#iptables-save


# Generated by iptables-save v1.3.5 on Wed Apr  6 15:53:32 2011
*nat
:PREROUTING ACCEPT [2014:119625]
:POSTROUTING ACCEPT [80178:3673698]
:OUTPUT ACCEPT [78501:3606723]
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Wed Apr  6 15:53:32 2011
...
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-host-unreachable
-A FORWARD -d 192.168.122.0/255.255.255.0 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/255.255.255.0 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Apr  6 15:53:32 2011











11:53:32




#nc 127.0.0.1 25















11:57:43




#nc 127.0.0.1 23















11:57:52




#iptables -I INPUT -i lo -j ACCEPT












11:59:06




#nc 127.0.0.1 22





SSH-2.0-OpenSSH_4.3











11:59:10




#iptables -L -n --line-numbers


Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
4    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:67
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
7    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           ctstate ESTABLISHED
8    REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
9    REJECT     udp  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination











11:59:48




#iptables -I INPUT 7 -p tcp -j LOG












12:00:16




#tail /var/lo





local/      lock/       log/        lost+found/











12:00:16




#tail /var/log/messages


Apr  6 16:01:07 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=148 TOS=0x10 PREC=0x00 TTL=64 ID=43714 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:07 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=244 TOS=0x10 PREC=0x00 TTL=64 ID=43715 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:07 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=196 TOS=0x10 PREC=0x00 TTL=64 ID=43716 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:07 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=91.205.16.235 DST=192.168.15.4 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=18030 DPT=58746 WINDOW=0 RES=0x00 ACK RST URGP=0
Apr  6 16:01:07 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=180 TOS=0x10 PREC=0x00 TTL=64 ID=43717 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:07 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=340 TOS=0x10 PREC=0x00 TTL=64 ID=43718 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:08 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=1172 TOS=0x10 PREC=0x00 TTL=64 ID=43719 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:08 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=148 TOS=0x10 PREC=0x00 TTL=64 ID=43720 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:08 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=212 TOS=0x10 PREC=0x00 TTL=64 ID=43721 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:01:09 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=228 TOS=0x10 PREC=0x00 TTL=64 ID=43722 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0











12:02:23




#nc 127.0.0.1 25





220 linux4.unix.bas ESMTP Sendmail 8.13.8/8.13.8; Wed, 6 Apr 2011 16:02:31 +0600
500 5.5.1 Command unrecognized: ""
500 5.5.1 Command unrecognized: ""











12:02:34




#iptables -R INPUT 7 -p icmp -m limit --limit 5/minute -j LOG












12:05:28




#ping 192.168.15.3





PING 192.168.15.3 (192.168.15.3) 56(84) bytes of data.
--- 192.168.15.3 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 9999ms











12:05:57




#tail /var/log/messages


Apr  6 16:02:21 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=100 TOS=0x10 PREC=0x00 TTL=64 ID=43910 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:02:21 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=100 TOS=0x10 PREC=0x00 TTL=64 ID=43911 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:02:21 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=100 TOS=0x10 PREC=0x00 TTL=64 ID=43912 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:02:21 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:1f:29:bc:3a:d8:08:00 SRC=192.168.15.253 DST=192.168.15.4 LEN=372 TOS=0x10 PREC=0x00 TTL=64 ID=43913 DF PROTO=TCP SPT=22 DPT=42766 WINDOW=224 RES=0x00 ACK PSH URGP=0
Apr  6 16:05:46 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:26:18:ca:e8:dc:08:00 SRC=192.168.15.3 DST=192.168.15.4 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 ID=15022 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.15.4 DST=192.168.15.3 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=45096 SEQ=1 ]
Apr  6 16:05:47 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:26:18:ca:e8:dc:08:00 SRC=192.168.15.3 DST=192.168.15.4 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 ID=15023 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.15.4 DST=192.168.15.3 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=45096 SEQ=2 ]
Apr  6 16:05:48 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:26:18:ca:e8:dc:08:00 SRC=192.168.15.3 DST=192.168.15.4 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 ID=15024 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.15.4 DST=192.168.15.3 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=45096 SEQ=3 ]
Apr  6 16:05:49 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:26:18:ca:e8:dc:08:00 SRC=192.168.15.3 DST=192.168.15.4 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=4132 SEQ=1
Apr  6 16:05:49 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:26:18:ca:e8:dc:08:00 SRC=192.168.15.3 DST=192.168.15.4 LEN=112 TOS=0x00 PREC=0xC0 TTL=64 ID=15025 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.15.4 DST=192.168.15.3 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=45096 SEQ=4 ]
Apr  6 16:05:59 linux4 kernel: IN=eth0 OUT= MAC=00:26:18:e4:56:60:00:26:18:ca:e8:dc:08:00 SRC=192.168.15.3 DST=192.168.15.4 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=4132 SEQ=11









прошло 19 минут




12:25:22




#ssh 192.168.15.4















12:26:51




#ssh 192.168.160.2















12:26:56




#ping 192.168.160.2





PING 192.168.160.2 (192.168.160.2) 56(84) bytes of data.
--- 192.168.160.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms











12:27:02