boki Boris Prpic CTO CodeZen, Cityexpert Beograd
SuperModerator Član broj: 2681 Poruke: 2442 *.bg.wifi.vline.verat.net.
Jabber: boki@elitesecurity.org ICQ: 195245022 Sajt: www.goglasi.com
|
Ne vidim zasto to pravilo nije u redu ali evo stavio sam za ICMP Source:firewall, VeratPPPoE Dest:firewall, VeratPPPoE i ne menja stvari. Probao sam i da iskljucim pravilo i sve je isto... u Logovima nema nista...
Napravio sam evo pravilo Source: any, Dest: any, Service: TCP 5222 i ukljucio logovanje i u filteru dobio ovo:
Citat:
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from LAN, proto:TCP, len:48, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: SYN , seq:2272972150 ack:0, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:48, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: SYN , seq:2272972150 ack:0, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:48, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: SYN ACK , seq:1713035112 ack:2272972151, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to LAN, proto:TCP, len:48, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: SYN ACK , seq:1713035112 ack:2272972151, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from LAN, proto:TCP, len:40, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972151 ack:1713035113, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:40, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972151 ack:1713035113, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from LAN, proto:TCP, len:172, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972151 ack:1713035113, win:65535, tcplen:132
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:172, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972151 ack:1713035113, win:65535, tcplen:132
[07/Mar/2005 18:09:05] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK , seq:1713035113 ack:2272972283, win:65535, tcplen:0
[07/Mar/2005 18:09:05] PERMIT "New rule" packet to LAN, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK , seq:1713035113 ack:2272972283, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:185, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713035113 ack:2272972283, win:65535, tcplen:145
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:185, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713035113 ack:2272972283, win:65535, tcplen:145
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:164, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972283 ack:1713035258, win:65390, tcplen:124
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:164, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972283 ack:1713035258, win:65390, tcplen:124
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK , seq:1713035258 ack:2272972407, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK , seq:1713035258 ack:2272972407, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:220, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713035258 ack:2272972407, win:65535, tcplen:180
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:220, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713035258 ack:2272972407, win:65535, tcplen:180
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:252, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972407 ack:1713035438, win:65210, tcplen:212
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:252, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972407 ack:1713035438, win:65210, tcplen:212
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK , seq:1713035438 ack:2272972619, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:40, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK , seq:1713035438 ack:2272972619, win:65535, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:71, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713035438 ack:2272972619, win:65535, tcplen:31
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:71, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713035438 ack:2272972619, win:65535, tcplen:31
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:108, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972619 ack:1713035469, win:65179, tcplen:68
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:108, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK PSH , seq:2272972619 ack:1713035469, win:65179, tcplen:68
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from VeratPPPoE, proto:TCP, len:883, ip/port:217.26.67.165:5222 -> 213.244.233.196:61241, flags: ACK PSH , seq:1713039849 ack:2272972687, win:65535, tcplen:843
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to LAN, proto:TCP, len:883, ip/port:217.26.67.165:5222 -> 192.168.0.11:1609, flags: ACK PSH , seq:1713039849 ack:2272972687, win:65535, tcplen:843
[07/Mar/2005 18:09:06] PERMIT "New rule" packet from LAN, proto:TCP, len:52, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972687 ack:1713035469, win:65179, tcplen:0
[07/Mar/2005 18:09:06] PERMIT "New rule" packet to VeratPPPoE, proto:TCP, len:52, ip/port:192.168.0.11:1609 -> 217.26.67.165:5222, flags: ACK , seq:2272972687 ack:1713035469, win:65179, tcplen:0
Znaci trebalo bi da paketi prolaze ali Jabb ne radi :( Popizdeo sam nacisto...
|