| /l3/users/eb/2009/linux10/user :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 |
|
|
#ssh --help
usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-w local_tun[:remote_tun]] [user@]hostname [command]
|
|
#nmap -p 1-100 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:34 EEST Interesting ports on linux10 (192.168.105.2): Not shown: 99 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.073 seconds |
|
#nmap -p 1-6550 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:34 EEST Interesting ports on linux10 (192.168.105.2): Not shown: 6548 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind Nmap done: 1 IP address (1 host up) scanned in 0.414 seconds |
|
#iptables -D 1
iptables: Bad rule (does a matching rule exist in that chain?). |
|
#iptables -F INPUT
|
|
#iptables -L --line-numbers
Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination |
|
#iptables -D INPUT
iptables: Bad rule (does a matching rule exist in that chain?). |
|
#iptables -F INPUT
|
|
#iptables -L --line-numbers
Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination |
|
#nmap -p 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:51 EEST Error #487: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-" QUITTING! |
|
#nmap -p 1-6550 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 14:52 EEST Interesting ports on linux10 (192.168.105.2): Not shown: 6549 filtered ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.341 seconds |
|
#iptables -L --line-numbers -v
Chain INPUT (policy ACCEPT 73491 packets, 22M bytes) num pkts bytes target prot opt in out source destination 1 69 6382 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 2 15656 691K REJECT tcp -- any any anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 103K packets, 7704K bytes) num pkts bytes target prot opt in out source destination |
|
#iptables -L --line-numbers
Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh 2 REJECT tcp -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination |
|
#iptables -L --line-numbers
Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh 2 REJECT tcp -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination |
|
#ssh root@192.168.105.1
^C |
|
#iptables -L --line-numbers -v
Chain INPUT (policy ACCEPT 73513 packets, 22M bytes) num pkts bytes target prot opt in out source destination 1 143 11026 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 2 15728 698K REJECT tcp -- any any anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 103K packets, 7721K bytes) num pkts bytes target prot opt in out source destination |
|
#iptables -L --line-numbers
Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh 2 REJECT tcp -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination |
|
#nmap -p 1-6550 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:05 EEST Interesting ports on linux10 (192.168.105.2): Not shown: 6548 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind Nmap done: 1 IP address (1 host up) scanned in 0.524 seconds |
|
#exit
exit Connection to 192.168.105.1 closed. |
|
#ssh root@10.0.35.100
root@10.0.35.100's password: Linux linux0 2.6.18-6-xen-686 #1 SMP Sun Feb 10 22:43:13 UTC 2008 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Jun 2 15:26:23 2009 from linux11.unix.nt l3-agent is already running: pid=1765; pidfile=/root/.lilalo/l3-agent.pid |
|
#RELATED -j ACCEPT
L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate RELATED
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
|
|
#iptables -L --line-numbers -v
Chain INPUT (policy ACCEPT 93815 packets, 23M bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate RELATED Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 130K packets, 9132K bytes) num pkts bytes target prot opt in out source destination |
|
#RELATED -j ACCEPT
nmap -p 1-6550 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:22 EEST
Interesting ports on linux10 (192.168.105.2):
Not shown: 6548 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
Nmap done: 1 IP address (1 host up) scanned in 1.148 seconds
|
|
#RELATED -j ACCEPT
iptables -A INPUT -p tcp -j REJECT
|
|
#iptables -L --line-numbers
Chain INPUT (policy ACCEPT) num target prot opt source destination 1 REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable 2 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate RELATED 3 REJECT tcp -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination |
|
#F INPUT
iptables -I INPUT -p tcp --syn -j REJECT
|
|
#F INPUT
nmap -p 1-6550 192.168.105.2
Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 15:25 EEST
All 6550 scanned ports on linux10 (192.168.105.2) are filtered
Nmap done: 1 IP address (1 host up) scanned in 0.465 seconds
|
|
#F INPUT
|
|
#F INPUT
iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
|
|
#I INPUT -p tcp --syn -j REJECT
--help
iptables v1.4.3.2
Usage: iptables -[AD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
...
[!] --out-interface -o output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
|
|
#iptables --help | less
|
|
#screen -x 5338
|
|
#traceroute ya.ru
traceroute to ya.ru (213.180.204.8), 30 hops max, 60 byte packets 1 (192.168.105.1) 1.037 ms * * 2 * 192.168.15.254 (192.168.15.254) 0.956 ms * 3 (10.0.35.1) 0.901 ms !N 0.872 ms !N 0.858 ms !N |
|
#traceroute ya.ru
traceroute to ya.ru (213.180.204.8), 30 hops max, 60 byte packets 1 (192.168.105.1) 1.034 ms * 0.980 ms 2 * * * 3 (10.0.35.1) 0.901 ms !N 0.887 ms !N 0.873 ms !N |
|
#traceroute ya.ru
traceroute to ya.ru (213.180.204.8), 30 hops max, 60 byte packets 1 (192.168.105.1) 1.030 ms * 0.976 ms 2 * * * 3 (10.0.35.1) 0.899 ms * 0.868 ms 4 (192.168.200.2) 1.919 ms 1.933 ms 2.919 ms 5 (192.168.100.1) 2.918 ms 3.924 ms 3.915 ms 6 193.200.68.189 (193.200.68.189) 12.833 ms 8.834 ms * 7 193.200.69.241 (193.200.69.241) 9.857 ms 9.855 ms 13.995 ms 8 mgline-ua-ll-gw.colocall.com (62.149.4.25) 13.993 ms 15.050 ms 18.203 ms 9 cthulhu.colocall.net (62.149.31.49) 18.198 ms 19.230 ms 10.557 ms 10 yandex-gw.ix.net.ua (195.35.65.88) 14.612 ms 13.607 ms 14.641 ms 11 titanium-vlan901.yandex.net (77.88.56.101) 51.965 ms 51.967 ms 50.961 ms 12 silicon-vlan901.yandex.net (77.88.56.125) 61.970 ms 61.977 ms 63.992 ms 13 ortega-vlan4.yandex.net (213.180.210.188) 59.058 ms 57.811 ms 59.831 ms 14 ya.ru (213.180.204.8) 53.945 ms 56.290 ms 56.278 ms |
|
#traceroute 192.168.105.1
traceroute to 192.168.105.1 (192.168.105.1), 30 hops max, 60 byte packets 1 192.168.105.1 (192.168.105.1) 1.035 ms 0.994 ms 0.926 ms |
|
#cat /proc/net/ip_conntrack | grep src=192.168.105.2
tcp 6 431991 ESTABLISHED src=192.168.105.2 dst=205.188.5.232 sport=33758 dport=5190 packets=133 bytes=7316 src=205.188.5.232 dst=192.168.105.2 sport=5190 dport=33758 packets=127 bytes=34751 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431778 ESTABLISHED src=192.168.105.2 dst=64.12.200.245 sport=58245 dport=5190 packets=16 bytes=1044 src=64.12.200.245 dst=192.168.105.2 sport=5190 dport=58245 packets=13 bytes=2748 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431805 ESTABLISHED src=10.0.35.100 dst=192.168.105.2 sport=22 dport=39379 packets=721 bytes=146884 src=192.168.105.2 dst=10.0.35.100 sport=39379 dport=22 packets=703 bytes=37204 [ASSURED] mark=0 secmark=0 use=1 tcp 6 429553 ESTABLISHED src=192.168.105.2 dst=205.188.5.234 sport=57088 dport=5190 packets=5 bytes=230 [UNREPLIED] src=205.188.5.234 dst=192.168.105.2 sport=5190 dport=57088 packets=0 bytes=0 mark=0 secmark=0 use=1 |
|
#cat /proc/net/ip_conntrack | grep src=192.168.105.2
tcp 6 431838 ESTABLISHED src=192.168.105.2 dst=205.188.13.8 sport=40702 dport=5190 packets=10 bytes=824 src=205.188.13.8 dst=192.168.105.2 sport=5190 dport=40702 packets=7 bytes=926 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431999 ESTABLISHED src=192.168.105.2 dst=205.188.5.232 sport=33758 dport=5190 packets=188 bytes=10509 src=205.188.5.232 dst=192.168.105.2 sport=5190 dport=33758 packets=180 bytes=46888 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431791 ESTABLISHED src=192.168.105.2 dst=64.12.200.245 sport=58245 dport=5190 packets=19 bytes=1164 src=64.12.200.245 dst=192.168.105.2 sport=5190 dport=58245 packets=16 bytes=2868 [ASSURED] mark=0 secmark=0 use=1 tcp 6 431923 ESTABLISHED src=10.0.35.100 dst=192.168.105.2 sport=22 dport=39379 packets=911 bytes=170220 src=192.168.105.2 dst=10.0.35.100 sport=39379 dport=22 packets=894 bytes=47376 [ASSURED] mark=0 secmark=0 use=1 tcp 6 428666 ESTABLISHED src=192.168.105.2 dst=205.188.5.234 sport=57088 dport=5190 packets=5 bytes=230 [UNREPLIED] src=205.188.5.234 dst=192.168.105.2 sport=5190 dport=57088 packets=0 bytes=0 mark=0 secmark=0 use=1 |
|
#cat /proc/net/ip_conntrack | grep src=192.168.105.2
iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
|
|
#iptables nat -L --line-numbers
Bad argument `nat' Try `iptables -h' or 'iptables --help' for more information. |
|
#ssh 192.168.105.1
root@192.168.105.1's password: Linux linux9 2.6.29-2-686 #1 SMP Sun May 17 17:56:29 UTC 2009 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Jun 2 15:08:13 2009 from 192.168.105.2 l3-agent is already running: pid=5314; pidfile=/root/.lilalo/l3-agent.pid |
|
#who
user tty7 2009-06-02 09:33 (:0) user pts/0 2009-06-02 09:33 (:0.0) user pts/2 2009-06-02 09:33 (:0.0) user pts/6 2009-06-02 11:44 (:0.0) root pts/9 2009-06-02 16:29 (192.168.105.2) |
|
#w
16:29:50 up 6:58, 5 users, load average: 0,04, 0,07, 0,08 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT user tty7 :0 09:33 6:58m 1:38 0.27s x-session-manag user pts/0 :0.0 09:33 59:52 0.65s 0.23s script -f -c ba user pts/2 :0.0 09:33 48.00s 1.54s 0.29s script -f -c ba user pts/6 :0.0 11:44 30.00s 0.23s 0.22s script -f -c ba root pts/9 192.168.105.2 16:29 0.00s 0.00s 0.00s script -f -c ba |
|
#exit
exit |
|
$su
|
|
#w
16:32:40 up 6:49, 5 users, load average: 0,62, 0,46, 0,48 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT user tty7 :0 09:45 6:49m 9:56 1.27s x-session-manag user pts/0 :0.0 09:46 7:02 0.84s 0.43s script -f -c ba user pts/5 :0.0 10:08 0.00s 0.92s 0.50s script -f -c ba user pts/3 :0.0 11:44 49:50 0.40s 0.39s script -f -c ba root pts/9 192.168.105.1 16:29 3:14 0.01s 0.01s script -f -c ba |
|
#iptables -t nat -F POSTROUTING
|
|
#w
16:37:56 up 7:06, 5 users, load average: 0,26, 0,16, 0,10 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT user tty7 :0 09:33 7:06m 1:39 0.28s x-session-manag user pts/0 :0.0 09:33 1:07m 0.65s 0.23s script -f -c ba user pts/2 :0.0 09:33 6.00s 1.54s 0.29s script -f -c ba user pts/6 :0.0 11:44 20.00s 0.23s 0.22s script -f -c ba root pts/9 192.168.105.2 16:37 0.00s 0.00s 0.00s script -f -c ba |
|
#exit
exit Connection to 192.168.105.1 closed. |
|
#cd
|
|
#ssh 10.0.35.100
root@10.0.35.100's password: Linux linux0 2.6.18-6-xen-686 #1 SMP Sun Feb 10 22:43:13 UTC 2008 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Jun 2 16:53:51 2009 from 192.168.101.2 l3-agent is already running: pid=1765; pidfile=/root/.lilalo/l3-agent.pid |
|
#ssh 10.0.35.100
root@10.0.35.100's password: Linux linux0 2.6.18-6-xen-686 #1 SMP Sun Feb 10 22:43:13 UTC 2008 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Jun 2 17:01:26 2009 from linux9.unix.nt l3-agent is already running: pid=1765; pidfile=/root/.lilalo/l3-agent.pid |
|
#ssh 10.0.35.100
root@10.0.35.100's password: Linux linux0 2.6.18-6-xen-686 #1 SMP Sun Feb 10 22:43:13 UTC 2008 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Jun 2 17:03:24 2009 from linux9.unix.nt l3-agent is already running: pid=1765; pidfile=/root/.lilalo/l3-agent.pid |
|
$su
|
|
#rootpass
bash: rootpass: команда не найдена |
|
#su
|
|
#ssh 192.168.107.2
The authenticity of host '192.168.107.2 (192.168.107.2)' can't be established. RSA key fingerprint is 34:6c:c2:da:38:7c:d7:17:e9:cd:17:8d:e7:cf:f1:a6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.107.2' (RSA) to the list of known hosts. root@192.168.107.2's password: Permission denied, please try again. root@192.168.107.2's password: Linux linux14 2.6.29-2-686 #1 SMP Sun May 17 17:56:29 UTC 2009 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Jun 2 16:42:11 2009 from linux9.unix.nt l3-agent is already running: pid=22520; pidfile=/root/.lilalo/l3-agent.pid w w |
|
#w
16:54:33 up 6:27, 12 users, load average: 1,73, 1,75, 1,71 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 - 14:54 2:00m 0.00s 0.00s script -f -c ba user tty7 :0 10:45 6:26m 5:44 0.45s x-session-manag root pts/1 :0.0 16:07 47:09 0.16s 0.16s script -f -c ba root pts/4 :0.0 10:46 1:37m 0.38s 0.15s script -f -c ba root pts/7 :0.0 16:01 3:45 0.24s 0.15s script -f -c ba root pts/10 :0.0 16:07 46:56 0.15s 0.15s script -f -c ba root pts/19 :0.0 13:50 12:06 0.24s 0.16s script -f -c ba root pts/13 :0.0 16:07 46:52 0.18s 0.18s script -f -c ba root pts/15 :0.0 16:07 33:40 0.17s 0.15s script -f -c ba root pts/22 192.168.107.1 16:11 42:56 0.00s 0.00s script -f -c ba root pts/24 linux9.unix.nt 16:54 0.00s 0.00s 0.00s script -f -c ba |
|
#exit
exit Connection to 192.168.107.2 closed. |
|
#cd
|
|
#w
16:55:36 up 7:12, 4 users, load average: 0,56, 0,48, 0,49 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT user tty7 :0 09:45 7:12m 10:14 1.28s x-session-manag user pts/0 :0.0 16:48 5:50 0.42s 0.42s script -f -c ba user pts/5 :0.0 10:08 0.00s 0.92s 0.50s script -f -c ba user pts/3 :0.0 11:44 1:12m 0.40s 0.39s script -f -c ba |
|
|