#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2002
    Posts
    135
    Rep Power
    16

    traffic IP and port ( access monitoring)


    traffic IP and port ( access monitoring)
    the isp did not give us the "password" for xywall 10, he only mapping 8
    external ip to our internal ip.

    Normally, I will set up my own router (linksys) at home and use "viewlog" in
    the window PC and monitor who is coming in to my network.


    Would u please tell what can I do to monitor who is coming in realtime
    basis?

    q1. please suggest software to break his password of xywall?
    q2. please suggest software run on window/linux to monitor just like I was
    in "SOHO" environment?


    my current server is redhat 7.3.
  2. #2
  3. Wiking
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Sep 2000
    Location
    Sweden
    Posts
    3,608
    Rep Power
    31
    please suggest software to break his password...
    Sorry, but we're not into that kind of things around here... You'll have to find that out for yourself.

    Ethereal, snort, iptraf, iptables/ipchains/ipfw, ksnuffle should all be able to assist you in your quest for knowledge.

    //NoXcuz
    UN*X is sexy!
    who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2002
    Posts
    135
    Rep Power
    16
    please suggest software to break his password...
    --------------------------------------------------------------------------------
    if this is cannot be achieve, fine. I will remove the "unplug" it.

    if I do not unplug it, I must have a real time viewing who is coming in.

    Linksys has something called "view log" that installed in window 98 SE.

    is any one of these "Ethereal, snort, iptraf, iptables/ipchains/ipfw, ksnuffle" gives me real time of who is coming in???????

    take a look at this .

    #!/bin/bash
    #set -x
    # IPTABLES Firewall for one.of.my.systems ;-)
    # Mike Troutman http://www.troutman.org
    # 23rd Feb 2002
    # Make sure iptables is running
    clear
    kill -HUP $(cat /var/run/syslogd.pid)
    /sbin/syslogd
    #/sbin/service ipchains stop
    #/sbin/chkconfig --level 2345 ipchains off
    #/sbin/rmmod ipchains
    #/sbin/service iptables stop

    #rm /etc/sysconfig/iptables
    /sbin/service iptables start

    # Conntrack modules
    /sbin/insmod ip_conntrack_ftp
    /sbin/insmod ip_conntrack_irc

    # Binary Location (-v creates verbose output)
    IPT="/sbin/iptables -v"


    mywebip="192.168.1.99"

    #mymailip="192.168.1.99"
    mymailip=$mywebip

    # Default Policy
    $IPT -P INPUT DROP
    $IPT -P OUTPUT ACCEPT
    $IPT -P FORWARD DROP

    # Flush old rules
    $IPT -F
    $IPT -X

    # Log entry and deny connections
    $IPT -N logging
    $IPT -A logging -j LOG --log-level info --log-prefix Firewall:
    $IPT -A logging -j DROP

    # Manage state connections
    $IPT -N instate
    $IPT -A instate -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    $IPT -A instate -m state --state INVALID -j logging

    $IPT -A instate -j logging
    #$IPT -A INPUT -d 192.168.1.50 -j DROP
    $IPT -A INPUT -d 195.101.94.209 -j DROP
    # Manage state connections
    $IPT -N dpstate
    $IPT -A dpstate -m state --state RELATED,ESTABLISHED -j ACCEPT
    $IPT -A dpstate -m state --state INVALID -j logging
    $IPT -A dpstate -j logging

    # Localhost : Allowed
    $IPT -A INPUT -i lo -j ACCEPT

    # Special Ports : Allow
    #$IPT -A INPUT -p tcp --dport 80 -j instate # web
    #$IPT -A INPUT -p udp --dport 80 -j instate

    $IPT -A INPUT -p all --dport 9090 -j instate # web etc....
    $IPT -A INPUT -p all --dport 9090 -j instate #

    $IPT -A INPUT -p all --dport 3306 -j instate # mysql
    $IPT -A INPUT -p all --dport 22 -j instate # ssh


    # preparation for future ports needed
    $IPT -A INPUT -p all --dport 23 -j instate # telnet
    $IPT -A INPUT -p all --dport 443 -j instate # https
    $IPT -A INPUT -p all --dport 21 -j instate # ftp
    $IPT -A INPUT -p all --dport 119 -j instate # news
    $IPT -A INPUT -p all --dport 513 -j instate # x-winpro

    # Ident : Be polite but do not allow it
    #$IPT -A INPUT -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachab
    le
    #$IPT -A FORWARD -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachab
    le

    # SSH : Allowed Anywhere
    #$IPT -A INPUT -p tcp --dport 22 -j instate
    $IPT -A INPUT -p tcp --dport 22 -j instate

    # Web : Allowed and other services
    $IPT -A INPUT -p tcp -d $mywebip --dport 80 -j instate
    $IPT -A INPUT -p tcp -d $mywebip --dport 9090 -j instate
    $IPT -A INPUT -p tcp -d $mywebip --dport 22 -j instate # sshd allowed
    $IPT -A INPUT -p tcp -d $mywebip --dport 23 -j instate # telnet allowed

    $IPT -A INPUT -p tcp -d $mywebip --dport 443 -j instate # SSL
    $IPT -A INPUT -p tcp -d $mywebip --dport 3306 -j instate # mysql allowed
    $IPT -A INPUT -p tcp -d $mywebip --dport 21 -j instate # ftp
    $IPT -A INPUT -p tcp -d $mywebip --dport 119 -j instate # news
    $IPT -A INPUT -p tcp -d $mywebip --dport 512 -j instate # xwinpro
    # Mail : Allowed
    $IPT -A INPUT -p tcp -d $mymailip --dport 25 -j instate # smtp
    $IPT -A INPUT -p tcp -d $mymailip --dport 110 -j instate # pop-3

    # Handle everything else
    $IPT -A INPUT -j dpstate
    $IPT -A FORWARD -j dpstate

    # Apply
    /sbin/iptables-save -c /etc/sysconfig/iptables
    /sbin/service iptables restart



    someone already "hit me in the face". I have this


    ----- The following addresses had permanent fatal errors -----
    cinik_worm@yahoo.com
    (reason: 554 delivery error: dd Sorry your message to cinik_worm@yahoo.com
    cannot be delivered. This account has been disabled or discontinued [#101]. -
    mta175.mail.scd.yahoo.com)



    I have removed ".cinik*.* " from /tmp directory and this is my first time to encounter this.


    please take me seriously. need proper method to handle "real time logging who is coming in".

    Now I am totally "blind" without know who is coming in.


    I don't know whether I should reformat the 60G hd and reinstalled the RH 7.3 again.
    Last edited by tiny12; February 8th, 2003 at 11:51 AM.

IMN logo majestic logo threadwatch logo seochat tools logo