|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Be the architects of evolution and help create the mobile internet future. It’s your move---enter to win here! |
|
#1
February 8th, 2003, 07:12 AM
|
|||
|
|||
|
traffic IP and port ( access monitoring)
traffic IP and port ( access monitoring)
the isp did not give us the "password" for xywall 10, he only mapping 8 external ip to our internal ip. Normally, I will set up my own router (linksys) at home and use "viewlog" in the window PC and monitor who is coming in to my network. Would u please tell what can I do to monitor who is coming in realtime basis? q1. please suggest software to break his password of xywall? q2. please suggest software run on window/linux to monitor just like I was in "SOHO" environment? my current server is redhat 7.3.
|
|
#2
February 8th, 2003, 08:12 AM
|
||||
|
||||
|
Quote:
Sorry, but we're not into that kind of things around here... You'll have to find that out for yourself.  Ethereal, snort, iptraf, iptables/ipchains/ipfw, ksnuffle should all be able to assist you in your quest for knowledge. //NoXcuz
__________________
UN*X is sexy! who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep
|
|
#3
February 8th, 2003, 10:46 AM
|
|||
|
|||
|
please suggest software to break his password...
-------------------------------------------------------------------------------- if this is cannot be achieve, fine. I will remove the "unplug" it. if I do not unplug it, I must have a real time viewing who is coming in. Linksys has something called "view log" that installed in window 98 SE. is any one of these "Ethereal, snort, iptraf, iptables/ipchains/ipfw, ksnuffle" gives me real time of who is coming in??????? take a look at this . #!/bin/bash #set -x # IPTABLES Firewall for one.of.my.systems ;-) # Mike Troutman http://www.troutman.org # 23rd Feb 2002 # Make sure iptables is running clear kill -HUP $(cat /var/run/syslogd.pid) /sbin/syslogd #/sbin/service ipchains stop #/sbin/chkconfig --level 2345 ipchains off #/sbin/rmmod ipchains #/sbin/service iptables stop #rm /etc/sysconfig/iptables /sbin/service iptables start # Conntrack modules /sbin/insmod ip_conntrack_ftp /sbin/insmod ip_conntrack_irc # Binary Location (-v creates verbose output) IPT="/sbin/iptables -v" mywebip="192.168.1.99" #mymailip="192.168.1.99" mymailip=$mywebip # Default Policy $IPT -P INPUT DROP $IPT -P OUTPUT ACCEPT $IPT -P FORWARD DROP # Flush old rules $IPT -F $IPT -X # Log entry and deny connections $IPT -N logging $IPT -A logging -j LOG --log-level info --log-prefix Firewall: $IPT -A logging -j DROP # Manage state connections $IPT -N instate $IPT -A instate -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT $IPT -A instate -m state --state INVALID -j logging $IPT -A instate -j logging #$IPT -A INPUT -d 192.168.1.50 -j DROP $IPT -A INPUT -d 195.101.94.209 -j DROP # Manage state connections $IPT -N dpstate $IPT -A dpstate -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A dpstate -m state --state INVALID -j logging $IPT -A dpstate -j logging # Localhost : Allowed $IPT -A INPUT -i lo -j ACCEPT # Special Ports : Allow #$IPT -A INPUT -p tcp --dport 80 -j instate # web #$IPT -A INPUT -p udp --dport 80 -j instate $IPT -A INPUT -p all --dport 9090 -j instate # web etc.... $IPT -A INPUT -p all --dport 9090 -j instate # $IPT -A INPUT -p all --dport 3306 -j instate # mysql $IPT -A INPUT -p all --dport 22 -j instate # ssh # preparation for future ports needed $IPT -A INPUT -p all --dport 23 -j instate # telnet $IPT -A INPUT -p all --dport 443 -j instate # https $IPT -A INPUT -p all --dport 21 -j instate # ftp $IPT -A INPUT -p all --dport 119 -j instate # news $IPT -A INPUT -p all --dport 513 -j instate # x-winpro # Ident : Be polite but do not allow it #$IPT -A INPUT -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachab le #$IPT -A FORWARD -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachab le # SSH : Allowed Anywhere #$IPT -A INPUT -p tcp --dport 22 -j instate $IPT -A INPUT -p tcp --dport 22 -j instate # Web : Allowed and other services $IPT -A INPUT -p tcp -d $mywebip --dport 80 -j instate $IPT -A INPUT -p tcp -d $mywebip --dport 9090 -j instate $IPT -A INPUT -p tcp -d $mywebip --dport 22 -j instate # sshd allowed $IPT -A INPUT -p tcp -d $mywebip --dport 23 -j instate # telnet allowed $IPT -A INPUT -p tcp -d $mywebip --dport 443 -j instate # SSL $IPT -A INPUT -p tcp -d $mywebip --dport 3306 -j instate # mysql allowed $IPT -A INPUT -p tcp -d $mywebip --dport 21 -j instate # ftp $IPT -A INPUT -p tcp -d $mywebip --dport 119 -j instate # news $IPT -A INPUT -p tcp -d $mywebip --dport 512 -j instate # xwinpro # Mail : Allowed $IPT -A INPUT -p tcp -d $mymailip --dport 25 -j instate # smtp $IPT -A INPUT -p tcp -d $mymailip --dport 110 -j instate # pop-3 # Handle everything else $IPT -A INPUT -j dpstate $IPT -A FORWARD -j dpstate # Apply /sbin/iptables-save -c /etc/sysconfig/iptables /sbin/service iptables restart someone already "hit me in the face". I have this ----- The following addresses had permanent fatal errors ----- cinik_worm@yahoo.com (reason: 554 delivery error: dd Sorry your message to cinik_worm@yahoo.com cannot be delivered. This account has been disabled or discontinued [#101]. - mta175.mail.scd.yahoo.com) I have removed ".cinik*.* " from /tmp directory and this is my first time to encounter this. please take me seriously. need proper method to handle "real time logging who is coming in". Now I am totally "blind" without know who is coming in. I don't know whether I should reformat the 60G hd and reinstalled the RH 7.3 again. Last edited by tiny12 : February 8th, 2003 at 10:51 AM.
|
|
| Viewing: Dev Shed Forums > Operating Systems > Linux Help > traffic IP and port ( access monitoring) |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
