[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: debian repository on hit list

The attachment has the iptables output.

Brent



On Thu, 2004-03-04 at 23:49, Mike Mestnik wrote:
> Heh, what we have here is logging of http or ftp data packets.  What dose
> the low level(iptables) fierwall show I.E. "iptables -t
> {nat,filter,mangle} -L".
> 
> Port maches.
> ny.com.www > l3.net.35109
> in:ppp0 out: port:35109 source:rama.progeny.com
> 
> Size also matches.
> 17:25:33.064532 rama.progeny.com.www >
> dialup-171.75.199.82.Dial1.SaintLouis1.Level3.net.35109: P 
> 59861:59998(137) ack 180 win 65535 (DF) (ttl 54, id 13486, len 177)
> time:Mar  4 17:25:33 in:ppp0 out: port:35109 source:rama.progeny.com
> dest:171.75.199.82 len:177 
> tos:0x00 protocol:tcp service:unknown
> 
> And
> 
> 17:25:35.734325 rama.progeny.com.www >
> dialup-171.75.199.82.Dial1.SaintLouis1.Level3.net.35109: P 
> 69787:70218(431) ack 180 win 65535 (DF) (ttl 54, id 25790, len 471)
> time:Mar  4 17:25:35 in:ppp0 out: port:35109 source:rama.progeny.com
> dest:171.75.199.82 len:471 
> tos:0x00 protocol:tcp service:unknown
> 
> 
> --- Brent Elmer <webe3@myrealbox.com> wrote:
> > I used tcpdump in the following way:
> > $tcpdump -a -vvv -i ppp0 host rama.progeny.com -w tcpdump.out
> > 
> > then I did this:
> > tcpdump -vvv -r tcpdump.out > tcpdump.readable
> > 
> > I saved the firestarter hits to a file.  The hits did contain
> > rama.progeny.com hits.  I don't know much about interpreting what is
> > going on but here are the two files.  Does this show anything or do I
> > need to do something else?
> > 
> > Thanks,
> > 
> > Brent
> > 
> > 
> > On Thu, 2004-03-04 at 16:55, Mike Mestnik wrote:
> > > Use tcpdump to find ought more info about what is going on.
> > > 
> > > --- Brent Elmer <webe3@myrealbox.com> wrote:
> > > > I changed my repository from ftp://archive.progeny.com to
> > > > http://archive.progeny.com in Synaptic.  I still get a lot of hits
> > for
> > > > rama.progeny.com in firestarter during Synaptic downloading.  The
> > > > downloads stall a lot about the same time that firestarter reports
> > the
> > > > blocked hits from rama.progeny.com.  Is there something else I can
> > do?
> > > > 
> > > > -- 
> > > > Brent Elmer <webe3@myrealbox.com>
> > > > 
> > > 
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Search - Find what youre looking for faster
> http://search.yahoo.com

/home/brent# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
 
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@elmer:/home/brent# iptables -t filter -L
Chain INPUT (policy DROP)
target     prot opt source               destination
UNCLEAN    all  --  anywhere             anywhere            unclean
ACCEPT     tcp  --  resolver1.level3.net  anywhere            tcp flags:!SYN,RST,ACK/SYN
ACCEPT     udp  --  resolver1.level3.net  anywhere
ACCEPT     tcp  --  resolver2.level3.net  anywhere            tcp flags:!SYN,RST,ACK/SYN
ACCEPT     udp  --  resolver2.level3.net  anywhere
ACCEPT     all  --  rama.progeny.com     anywhere
DROP       all  --  66.250.55.119        anywhere
ACCEPT     tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:ntp
ACCEPT     udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpt:ntp
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net limit: avg 10/sec burst 5
LD         all  --  0.0.0.0/8            dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  1.0.0.0/8            dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  2.0.0.0/8            dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  5.0.0.0/8            dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  7.0.0.0/8            dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  10.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  23.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  27.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  31.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  36.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  37.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  39.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  41.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  42.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  49.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  50.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  58.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  59.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  70.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  71.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  72.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  73.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  74.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  75.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  76.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  77.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  78.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  79.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  83.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  84.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  85.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  86.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  87.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  88.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  89.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  90.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  91.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  92.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  93.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  94.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  95.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  96.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  97.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  98.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  99.0.0.0/8           dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  100.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  101.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  102.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  103.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  104.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  105.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  106.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  107.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  108.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  109.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  110.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  111.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  112.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  113.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  114.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  115.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  116.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  117.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  118.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  119.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  120.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  121.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  122.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  123.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  124.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  125.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  126.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  127.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  169.254.0.0/16       dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  172.16.0.0/12        dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  173.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  174.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  175.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  176.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  177.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  178.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  179.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  180.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  181.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  182.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  183.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  184.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  185.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  186.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  187.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  189.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  190.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  192.0.2.0/24         dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  192.168.0.0/16       dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  197.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  198.18.0.0/15        dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  223.0.0.0/8          dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         all  --  BASE-ADDRESS.MCAST.NET/3  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:31337 limit: avg 2/min burst 5
LD         udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpt:31337 limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:33270 limit: avg 2/min burst 5
LD         udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpt:33270 limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:1234 limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:6711 limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpts:12345:12346 limit: avg 2/min burst 5
LD         udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpts:12345:12346 limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:loc-srv limit: avg 2/min burst 5
LD         udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpt:loc-srv limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:ingreslock limit: avg 2/min burst 5
LD         tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpt:27665 limit: avg 2/min burst 5
LD         udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpt:27444 limit: avg 2/min burst 5
LD         udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpt:31335 limit: avg 2/min burst 5
LD         all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
LD         all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
LD         all  --  255.255.255.255      anywhere
LD         all  --  anywhere             0.0.0.0
DROP       all  --  10.0.0.255           anywhere
DROP       all  --  0.0.0.0              anywhere
DROP       all  --  anywhere             255.255.255.255
DROP       all  --  anywhere             0.0.0.0
LD         all  --  anywhere             anywhere            state INVALID
LD         all  -f  anywhere             anywhere            limit: avg 10/min burst 5
LD         tcp  --  anywhere             anywhere            tcp flags:!SYN,RST,ACK/SYN state NEW
STATE      tcp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net tcp dpts:1024:65535
ACCEPT     udp  --  anywhere             dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net udp dpts:1023:65535
LD         all  --  anywhere             anywhere
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy DROP)
target     prot opt source               destination
UNCLEAN    all  --  anywhere             anywhere            unclean
ACCEPT     all  --  anywhere             anywhere
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:31337 limit: avg 2/min burst 5
LD         udp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            udp dpt:31337 limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:33270 limit: avg 2/min burst 5
LD         udp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            udp dpt:33270 limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:1234 limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:6711 limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:16660 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:60001 flags:SYN,RST,ACK/SYN limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpts:12345:12346 limit: avg 2/min burst 5
LD         udp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            udp dpts:12345:12346 limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:loc-srv limit: avg 2/min burst 5
LD         udp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            udp dpt:loc-srv limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:ingreslock limit: avg 2/min burst 5
LD         tcp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            tcp dpt:27665 limit: avg 2/min burst 5
LD         udp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            udp dpt:27444 limit: avg 2/min burst 5
LD         udp  --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere            udp dpt:31335 limit: avg 2/min burst 5
LD         all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
LD         all  --  anywhere             BASE-ADDRESS.MCAST.NET/8
LD         all  --  255.255.255.255      anywhere
LD         all  --  anywhere             0.0.0.0
DROP       tcp  --  anywhere             anywhere            tcp flags:!SYN,RST,ACK/SYN state NEW
           all  --  anywhere             anywhere            TTL match TTL == 64
ACCEPT     icmp --  dialup-171.75.244.123.Dial1.SaintLouis1.Level3.net  anywhere
ACCEPT     all  --  anywhere             anywhere
 
Chain LD (146 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            LOG level warning
DROP       all  --  anywhere             anywhere
 
Chain SANITY (0 references)
target     prot opt source               destination
LD         all  --  anywhere             anywhere
 
Chain STATE (1 references)
target     prot opt source               destination
LD         all  --  anywhere             anywhere            state NEW
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
LD         all  --  anywhere             anywhere
 
Chain UNCLEAN (2 references)
target     prot opt source               destination
LD         all  --  anywhere             anywhere
root@elmer:/home/brent# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
root@elmer:/home/brent#
Reply to: