13:30:27

#ssh --help

usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-i identity_file] [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-w local_tun[:remote_tun]] [user@]hostname [command]

13:33:55

#nmap -p 1-100 192.168.105.2

Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:34 EEST
Interesting ports on linux10 (192.168.105.2):
Not shown: 99 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 0.073 seconds

13:34:05

#nmap -p 1-6550 192.168.105.2

Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:34 EEST
Interesting ports on linux10 (192.168.105.2):
Not shown: 6548 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
Nmap done: 1 IP address (1 host up) scanned in 0.414 seconds

13:39:50

#iptables -D 1

iptables: Bad rule (does a matching rule exist in that chain?).

13:40:16

#iptables -F INPUT

13:40:32

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

13:49:35

#iptables -D INPUT

iptables: Bad rule (does a matching rule exist in that chain?).

13:49:41

#iptables -F INPUT

13:49:47

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

13:50:16

#nmap -p 192.168.105.2

Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:51 EEST
Error #487: Your port specifications are illegal.  Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!

13:51:09

#nmap -p 1-6550 192.168.105.2

Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:52 EEST
Interesting ports on linux10 (192.168.105.2):
Not shown: 6549 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
Nmap done: 1 IP address (1 host up) scanned in 0.341 seconds

13:53:24

#iptables -L --line-numbers -v

Chain INPUT (policy ACCEPT 73491 packets, 22M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1       69  6382 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh
2    15656  691K REJECT     tcp  --  any    any     anywhere             anywhere            reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 103K packets, 7704K bytes)
num   pkts bytes target     prot opt in     out     source               destination

13:53:40

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
2    REJECT     tcp  --  anywhere             anywhere            reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

13:57:40

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
2    REJECT     tcp  --  anywhere             anywhere            reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

14:01:08

#ssh root@192.168.105.1

^C

14:03:12

#iptables -L --line-numbers -v

Chain INPUT (policy ACCEPT 73513 packets, 22M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      143 11026 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh
2    15728  698K REJECT     tcp  --  any    any     anywhere             anywhere            reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 103K packets, 7721K bytes)
num   pkts bytes target     prot opt in     out     source               destination

14:03:15

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
2    REJECT     tcp  --  anywhere             anywhere            reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

14:04:19

#nmap -p 1-6550 192.168.105.2

Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:05 EEST
Interesting ports on linux10 (192.168.105.2):
Not shown: 6548 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
Nmap done: 1 IP address (1 host up) scanned in 0.524 seconds

14:08:13

#exit

exit
Connection to 192.168.105.1 closed.

/dev/pts/0

14:14:47

#ssh root@10.0.35.100

root@10.0.35.100's password:
Linux linux0 2.6.18-6-xen-686 #1 SMP Sun Feb 10 22:43:13 UTC 2008 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun  2 15:26:23 2009 from linux11.unix.nt
l3-agent is already running: pid=1765; pidfile=/root/.lilalo/l3-agent.pid

/dev/pts/5

14:22:17

#RELATED -j ACCEPT

                               L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh ctstate RELATED
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

14:22:22

#iptables -L --line-numbers -v

Chain INPUT (policy ACCEPT 93815 packets, 23M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh ctstate RELATED
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 130K packets, 9132K bytes)
num   pkts bytes target     prot opt in     out     source               destination

14:22:31

#RELATED -j ACCEPT

                     nmap -p 1-6550 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:22 EEST
Interesting ports on linux10 (192.168.105.2):
Not shown: 6548 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
Nmap done: 1 IP address (1 host up) scanned in 1.148 seconds

14:22:42

#RELATED -j ACCEPT

                     iptables -A INPUT -p tcp -j REJECT

14:24:10

#iptables -L --line-numbers

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable
2    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh ctstate RELATED
3    REJECT     tcp  --  anywhere             anywhere            reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

14:24:52

#F INPUT

                     iptables -I INPUT -p tcp --syn -j REJECT

14:24:59

#F INPUT

                     nmap -p 1-6550 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:25 EEST
All 6550 scanned ports on linux10 (192.168.105.2) are filtered
Nmap done: 1 IP address (1 host up) scanned in 0.465 seconds

14:25:24

#F INPUT

                     iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

14:25:30

#I INPUT -p tcp --syn -j REJECT

                              --help
iptables v1.4.3.2
Usage: iptables -[AD] chain rule-specification [options]
       iptables -I chain [rulenum] rule-specification [options]
       iptables -R chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LS] [chain [rulenum]] [options]
       iptables -[FZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
...
[!] --out-interface -o output name[+]
                                network interface name ([+] for wildcard)
  --table       -t table        table to manipulate (default: `filter')
  --verbose     -v              verbose mode
  --line-numbers                print line numbers when listing
  --exact       -x              expand numbers (display exact values)
[!] --fragment  -f              match second or further fragments only
  --modprobe=<command>          try to insert modules using this command
  --set-counters PKTS BYTES     set the counter during insert/append
[!] --version   -V              print package version.

14:27:39

#iptables --help | less

/dev/pts/0

14:28:58

#screen -r

14:29:02

#screen -x 5338

/dev/pts/3

14:41:48

#traceroute ya.ru

traceroute to ya.ru (213.180.204.8), 30 hops max, 60 byte packets
 1   (192.168.105.1)  1.037 ms * *
 2  * 192.168.15.254 (192.168.15.254)  0.956 ms *
 3   (10.0.35.1)  0.901 ms !N  0.872 ms !N  0.858 ms !N

14:42:12

#traceroute ya.ru

traceroute to ya.ru (213.180.204.8), 30 hops max, 60 byte packets
 1   (192.168.105.1)  1.034 ms *  0.980 ms
 2  * * *
 3   (10.0.35.1)  0.901 ms !N  0.887 ms !N  0.873 ms !N

14:42:35

#traceroute ya.ru

traceroute to ya.ru (213.180.204.8), 30 hops max, 60 byte packets
 1   (192.168.105.1)  1.030 ms *  0.976 ms
 2  * * *
 3   (10.0.35.1)  0.899 ms *  0.868 ms
 4   (192.168.200.2)  1.919 ms  1.933 ms  2.919 ms
 5   (192.168.100.1)  2.918 ms  3.924 ms  3.915 ms
 6  193.200.68.189 (193.200.68.189)  12.833 ms  8.834 ms *
 7  193.200.69.241 (193.200.69.241)  9.857 ms  9.855 ms  13.995 ms
 8  mgline-ua-ll-gw.colocall.com (62.149.4.25)  13.993 ms  15.050 ms  18.203 ms
 9  cthulhu.colocall.net (62.149.31.49)  18.198 ms  19.230 ms  10.557 ms
10  yandex-gw.ix.net.ua (195.35.65.88)  14.612 ms  13.607 ms  14.641 ms
11  titanium-vlan901.yandex.net (77.88.56.101)  51.965 ms  51.967 ms  50.961 ms
12  silicon-vlan901.yandex.net (77.88.56.125)  61.970 ms  61.977 ms  63.992 ms
13  ortega-vlan4.yandex.net (213.180.210.188)  59.058 ms  57.811 ms  59.831 ms
14  ya.ru (213.180.204.8)  53.945 ms  56.290 ms  56.278 ms

14:42:56

#traceroute 192.168.105.1

traceroute to 192.168.105.1 (192.168.105.1), 30 hops max, 60 byte packets
 1  192.168.105.1 (192.168.105.1)  1.035 ms  0.994 ms  0.926 ms

/dev/pts/5

15:00:17

#cat /proc/net/ip_conntrack | grep src=192.168.105.2

tcp      6 431991 ESTABLISHED src=192.168.105.2 dst=205.188.5.232 sport=33758 dport=5190 packets=133 bytes=7316 src=205.188.5.232 dst=192.168.105.2 sport=5190 dport=33758 packets=127 bytes=34751 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431778 ESTABLISHED src=192.168.105.2 dst=64.12.200.245 sport=58245 dport=5190 packets=16 bytes=1044 src=64.12.200.245 dst=192.168.105.2 sport=5190 dport=58245 packets=13 bytes=2748 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431805 ESTABLISHED src=10.0.35.100 dst=192.168.105.2 sport=22 dport=39379 packets=721 bytes=146884 src=192.168.105.2 dst=10.0.35.100 sport=39379 dport=22 packets=703 bytes=37204 [ASSURED] mark=0 secmark=0 use=1
tcp      6 429553 ESTABLISHED src=192.168.105.2 dst=205.188.5.234 sport=57088 dport=5190 packets=5 bytes=230 [UNREPLIED] src=205.188.5.234 dst=192.168.105.2 sport=5190 dport=57088 packets=0 bytes=0 mark=0 secmark=0 use=1

15:26:39

#cat /proc/net/ip_conntrack | grep src=192.168.105.2

tcp      6 431838 ESTABLISHED src=192.168.105.2 dst=205.188.13.8 sport=40702 dport=5190 packets=10 bytes=824 src=205.188.13.8 dst=192.168.105.2 sport=5190 dport=40702 packets=7 bytes=926 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431999 ESTABLISHED src=192.168.105.2 dst=205.188.5.232 sport=33758 dport=5190 packets=188 bytes=10509 src=205.188.5.232 dst=192.168.105.2 sport=5190 dport=33758 packets=180 bytes=46888 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431791 ESTABLISHED src=192.168.105.2 dst=64.12.200.245 sport=58245 dport=5190 packets=19 bytes=1164 src=64.12.200.245 dst=192.168.105.2 sport=5190 dport=58245 packets=16 bytes=2868 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431923 ESTABLISHED src=10.0.35.100 dst=192.168.105.2 sport=22 dport=39379 packets=911 bytes=170220 src=192.168.105.2 dst=10.0.35.100 sport=39379 dport=22 packets=894 bytes=47376 [ASSURED] mark=0 secmark=0 use=1
tcp      6 428666 ESTABLISHED src=192.168.105.2 dst=205.188.5.234 sport=57088 dport=5190 packets=5 bytes=230 [UNREPLIED] src=205.188.5.234 dst=192.168.105.2 sport=5190 dport=57088 packets=0 bytes=0 mark=0 secmark=0 use=1

15:26:55

#cat /proc/net/ip_conntrack | grep src=192.168.105.2

                     iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

15:27:11

#iptables nat -L --line-numbers

Bad argument `nat'
Try `iptables -h' or 'iptables --help' for more information.

15:27:57

#ssh 192.168.105.1

root@192.168.105.1's password:
Linux linux9 2.6.29-2-686 #1 SMP Sun May 17 17:56:29 UTC 2009 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun  2 15:08:13 2009 from 192.168.105.2
l3-agent is already running: pid=5314; pidfile=/root/.lilalo/l3-agent.pid

15:29:44

#who

user     tty7         2009-06-02 09:33 (:0)
user     pts/0        2009-06-02 09:33 (:0.0)
user     pts/2        2009-06-02 09:33 (:0.0)
user     pts/6        2009-06-02 11:44 (:0.0)
root     pts/9        2009-06-02 16:29 (192.168.105.2)

15:29:47

 16:29:50 up  6:58,  5 users,  load average: 0,04, 0,07, 0,08
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
user     tty7     :0               09:33    6:58m  1:38   0.27s x-session-manag
user     pts/0    :0.0             09:33   59:52   0.65s  0.23s script -f -c ba
user     pts/2    :0.0             09:33   48.00s  1.54s  0.29s script -f -c ba
user     pts/6    :0.0             11:44   30.00s  0.23s  0.22s script -f -c ba
root     pts/9    192.168.105.2    16:29    0.00s  0.00s  0.00s script -f -c ba

15:32:28

#exit

exit

15:32:38

 16:32:40 up  6:49,  5 users,  load average: 0,62, 0,46, 0,48
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
user     tty7     :0               09:45    6:49m  9:56   1.27s x-session-manag
user     pts/0    :0.0             09:46    7:02   0.84s  0.43s script -f -c ba
user     pts/5    :0.0             10:08    0.00s  0.92s  0.50s script -f -c ba
user     pts/3    :0.0             11:44   49:50   0.40s  0.39s script -f -c ba
root     pts/9    192.168.105.1    16:29    3:14   0.01s  0.01s script -f -c ba

Журнал лабораторных работ

Журнал

Вторник (06/02/09)