호스팅 TIP
보안
시스템
프로그래밍
네트워크
|
시스템보안
|
DDOS
이용안내
|
호스팅 TIP
|
자유게시판
|
회원가입

월간 인기 게시물

게시물 111건
   
Netfilter TTL Match / Length Match
글쓴이 : 최고관리자 날짜 : 2009-12-14 (월) 18:33 조회 : 6153
글주소 :
                             

   ttl
       This module matches the time to live field in the IP header.
       --ttl-eq ttl
              Matches the given TTL value.
       --ttl-gt ttl
              Matches if TTL is greater than the given TTL value.
       --ttl-lt ttl
              Matches if TTL is less than the given TTL value.


   length
       This module matches the length of a packet against a specific value or range of values.
      --length [!] length[:length]


패킷캡처...

14:04:56.343489 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 99.244.131.44.3072 > 211.119.250.44.80: S, cksum 0xe66c (correct), 2801376866:2801376866(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343490 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 139.33.57.122.3072 > 211.119.250.44.80: S, cksum 0xba97 (correct), 4050821184:4050821184(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343534 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 46.84.109.92.1024 > 211.119.250.44.80: S, cksum 0x131e (correct), 3944112980:3944112980(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343583 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 71.230.124.45.3072 > 211.119.250.44.80: S, cksum 0x8649 (correct), 2441399602:2441399602(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343597 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 248.94.172.109.3072 > 211.119.250.44.80: S, cksum 0x7ebd (correct), 429211666:429211666(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343683 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 141.130.131.111.1024 > 211.119.250.44.80: S, cksum 0xcc5e (correct), 1731552791:1731552791(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343691 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 75.84.158.8.1024 > 211.119.250.44.80: S, cksum 0xcf4a (correct), 2652552451:2652552451(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343734 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 179.126.250.61.3072 > 211.119.250.44.80: S, cksum 0xbe00 (correct), 3281222990:3281222990(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343783 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 177.249.67.127.1024 > 211.119.250.44.80: S, cksum 0xaf6f (correct), 2318100532:2318100532(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343833 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 201.168.160.5.3072 > 211.119.250.44.80: S, cksum 0xf060 (correct), 1705853456:1705853456(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343882 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 61.246.108.20.1024 > 211.119.250.44.80: S, cksum 0x738e (correct), 3552304441:3552304441(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343982 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 164.107.243.93.3072 > 211.119.250.44.80: S, cksum 0x390a (correct), 1982465848:1982465848(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343984 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 149.116.115.48.1024 > 211.119.250.44.80: S, cksum 0xbadd (correct), 2199928847:2199928847(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343990 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 97.165.200.74.3072 > 211.119.250.44.80: S, cksum 0x62c0 (correct), 651365132:651365132(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.344032 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 101.84.126.51.3072 > 211.119.250.44.80: S, cksum 0x60e2 (correct), 2774438248:2774438248(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.344082 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 254.172.168.107.3072 > 211.119.250.44.80: S, cksum 0x6750 (correct), 396523787:396523787(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.344084 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 125.149.66.63.1024 > 211.119.250.44.80: S, cksum 0xa776 (correct), 2080389964:2080389964(0) win 8192 <mss 1460,nop,nop,sackOK>



특이점 : TCP SYN 패킷  TTL 값이 123이고 LENGTH 48

-A INPUT -p tcp --dport 80 -d 211.119.250.44 -m ttl --ttl-eq 123 -m length --length 48 -j DROP
 살포시 차단한다.... 

[이 게시물은 최고관리자님에 의해 2009-12-14 20:59:39 리눅스에서 이동 됨]

이름 패스워드
비밀글 (체크하면 글쓴이만 내용을 확인할 수 있습니다.)
왼쪽의 글자를 입력하세요.
   

 



인기검색어
ceph
DDOS
 1
and
 4
host
http
 3
mon
 1
resource
 1
for
 2
--
all
 1
 
사이트명 : 모지리네 | 대표 : 이경현 | 개인커뮤니티 : 랭키닷컴 운영체제(OS) | 경기도 성남시 분당구 | 전자우편 : mojily골뱅이chonnom.com
| 이용약관 | 개인정보취급방침 | 책임의한계와 법적고지 | 이메일무단수집거부 | 이용안내
Copyright ⓒ www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.