Jump to content

wizzard

Members
  • Content Count

    13
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by wizzard


  1. i have a linux server with 2 interfaces eth0 wan interface and eth1 lan interface

     

    in lan i have 192.168.1.0/24 and the ip for eth1 is 192.168.1.1

     

    i want that all trafic from lan which came on eth1 on port 21 to be redirected in lan on another ip lets say 192.168.1.2 port 21

     

    if 192.168.1.4 want to acces 192.168.1.1 on port 21 (ftp) that request to te redirected on 192.168.1.2 port 21

     

     

    how i can do that ?


  2. making a traceroute from Level3 network

     

    Show Level 3 (Frankfurt, Germany) Traceroute to 81.196.170.68

     

    1 ge-1-1-51.car1.Frankfurt1.Level3.net (4.68.118.15) 0 msec

    ge-1-2-56.car1.Frankfurt1.Level3.net (4.68.118.175) 0 msec

    ge-1-1-55.car1.Frankfurt1.Level3.net (4.68.118.143) 0 msec

    2 212.162.44.38 0 msec 4 msec

    frankfurt2-cr2.ge3-0.rdsnet.ro (62.67.36.182) 0 msec

    3 213.157.172.66 [AS8708 {RIPE-ASNBLOCK7}] 24 msec 24 msec 24 msec

    4 81-196-170-68.rdsnet.ro (81.196.170.68) [AS8708 {RIPE-ASNBLOCK7}] 24 msec 36 msec 24 msec

     

     

    and same traceroute from telia network

     

    1 kbn-b2-geth15-0-11.telia.net (213.248.66.73) [AS 1299] 0 msec 0 msec 0 msec

    2 kbn-bb2-pos1-0-0.telia.net (213.248.65.13) [AS 1299] 0 msec 0 msec 0 msec

    3 s-bb2-link.telia.net (213.248.65.165) [AS 1299] 12 msec 12 msec 16 msec

    4 s-b3-pos4-0.telia.net (213.248.66.10) [AS 1299] 12 msec 12 msec 12 msec

    5 ge-6-14.car2.Stockholm1.Level3.net (4.68.111.245) [AS 3356] 16 msec 12 msec 16 msec

    6 ge-0-0-0.mp2.Stockholm1.Level3.net (4.68.96.225) [AS 3356] 16 msec 16 msec 200 msec

    7 as-1-0.bbr2.Frankfurt1.Level3.net (212.187.128.97) [AS 3356] 32 msec 28 msec 28 msec

    8 ge-1-2-54.car1.Frankfurt1.Level3.net (4.68.118.111) [AS 3356] 32 msec

    ge-1-2-56.car1.Frankfurt1.Level3.net (4.68.118.175) [AS 3356] 28 msec

    ge-1-1-51.car1.Frankfurt1.Level3.net (4.68.118.15) [AS 3356] 32 msec

    9 frankfurt2-cr2.ge3-0.rdsnet.ro (62.67.36.182) [AS 3356] 28 msec 28 msec

    212.162.44.38 [AS 3356] 32 msec

    10 213.157.172.66 [AS 8708] 48 msec 52 msec 52 msec

    11 headend.sm.rdsnet.ro (81.196.170.68) [AS 8708] 52 msec 52 msec 52 msec

     

    so why in telia network the revers dns of my host is resolved and from level3 not ?

     

    and exemples cand go further.

     

    whereis the problem ?


  3. i make some changes to my firewall seen now its ok .i wait cuple of days to see if i get those logs.

    i had 2 ssh rules in my firewall i delete one and let that one with ip limit

     

     

    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh limit: avg 2/min burst 1

    REJECT tcp -- anywhere anywhere tcp dpt:ssh reject-with tcp-reset

     

    and then :

     

    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN

     

    i delete the last rule

     

    i will come with a reply


  4. no i do that long time ago

     

    i post new logs

     

    Sep 21 14:06:53 wiz sshd[2665]: Failed password for invalid user jean from ::ffff:62.117.91.188 port 35303 ssh2

    Sep 21 14:07:20 wiz sshd[2668]: Invalid user joachim from ::ffff:62.117.91.188

    Sep 21 14:07:20 wiz sshd[2669]: input_userauth_request: invalid user joachim

    Sep 21 14:07:23 wiz sshd[2668]: Failed password for invalid user joachim from ::ffff:62.117.91.188 port 36827 ssh2

    Sep 21 14:07:50 wiz sshd[2671]: Invalid user corinna from ::ffff:62.117.91.188

    Sep 21 14:07:50 wiz sshd[2672]: input_userauth_request: invalid user corinna

    Sep 21 14:07:53 wiz sshd[2671]: Failed password for invalid user corinna from ::ffff:62.117.91.188 port 38273 ssh2

    Sep 21 14:08:21 wiz sshd[2674]: Invalid user visitor from ::ffff:62.117.91.188

    Sep 21 14:08:21 wiz sshd[2675]: input_userauth_request: invalid user visitor

    Sep 21 14:08:23 wiz sshd[2674]: Failed password for invalid user visitor from ::ffff:62.117.91.188 port 39686 ssh2

     

    in 2 minute they made many ssh conection

     

     

    [root@wiz log]# iptables -L

    Chain INPUT (policy DROP)

    target prot opt source destination

    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

    ACCEPT all -- anywhere anywhere

    ACCEPT all -- anywhere anywhere

    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh limit: avg 2/min burst 1

    REJECT tcp -- anywhere anywhere tcp dpt:ssh reject-with tcp-reset

    DROP all -- 82.79.48.111 anywhere

    DROP all -- 192.168.0.0/24 anywhere

    DROP all -- 127.0.0.0/8 anywhere

    ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN

    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN

    ACCEPT tcp -- anywhere anywhere tcp dpt:chargen flags:SYN,RST,ACK/SYN

    ACCEPT udp -- anywhere anywhere udp dpt:domain

    ACCEPT tcp -- anywhere anywhere tcp dpt:domain

    ACCEPT udp -- 81-196-170-20.rdsnet.ro anywhere udp spt:domain

    ACCEPT udp -- 82.79.48.111 anywhere udp spt:domain

    ACCEPT icmp -- anywhere anywhere

    DROP udp -- anywhere anywhere

    DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN


  5. iz psybnc]# make menuconfig

    Initializing Menu-Configuration

    [*] Running Conversion Tool for older psyBNC Data.

    tools/convconf.c: In function `cofile':

    tools/convconf.c:81: error: label at end of compound statement

    make: *** [menuconfig] Error 1

    [root@wiz psybnc]#

     

     

    same on fedora core 3 :o


  6. ok i did that :

     

    ACCEPT tcp -- anywhere anywhere tcp dpt:ssh limit: avg 2/min burst 1

    REJECT tcp -- anywhere anywhere tcp dpt:ssh reject-with tcp-reset

     

     

     

    but in /var/log/secure i get :

     

    Sep 8 18:13:46 server sshd[4338]: Failed password for root from ::ffff:141.85.99.76 port 2651 ssh2

    Sep 8 18:13:46 server sshd[4339]: Failed password for root from ::ffff:141.85.99.76 port 2651 ssh2

    Sep 8 18:13:49 server sshd[4340]: Failed password for root from ::ffff:141.85.99.76 port 2801 ssh2

    Sep 8 18:13:49 server sshd[4341]: Failed password for root from ::ffff:141.85.99.76 port 2801 ssh2

    Sep 8 18:13:52 server sshd[4342]: Failed password for root from ::ffff:141.85.99.76 port 2927 ssh2

    Sep 8 18:13:52 server sshd[4343]: Failed password for root from ::ffff:141.85.99.76 port 2927 ssh2

    Sep 8 18:13:54 server sshd[4344]: Failed password for root from ::ffff:141.85.99.76 port 3036 ssh2

    Sep 8 18:13:54 server sshd[4345]: Failed password for root from ::ffff:141.85.99.76 port 3036 ssh2

    Sep 8 18:14:00 server sshd[4346]: Failed password for root from ::ffff:141.85.99.76 port 3158 ssh2

    Sep 8 18:14:00 server sshd[4347]: Failed password for root from ::ffff:141.85.99.76 port 3158 ssh2

    Sep 8 18:14:03 server sshd[4348]: Failed password for root from ::ffff:141.85.99.76 port 3397 ssh2

    Sep 8 18:14:03 server sshd[4349]: Failed password for root from ::ffff:141.85.99.76 port 3397 ssh2

    Sep 8 18:14:06 server sshd[4350]: Failed password for root from ::ffff:141.85.99.76 port 3526 ssh2

     

     

    so in a minute they open many ssh conection how it is possible ?


  7. i use afraid.org to make an alias to my ip adress and i set at home at dns usig the tutorial from this forum and i have some problems

     

    i have wiz.rdstel.org that point to my ip 82.79.48.111

    and i want www.wiz.rdstel.org and ftp.wiz.rdstel.org to do like same but i have a problem from my internal netwok and from server i can ping www.wiz.rdstel.org and ftp.wiz.rdstel.org but from the internet i can't

     

    i open 53 port but still not working can some one help me ?

    • Like 1
×
×
  • Create New...