diff options
| author | Camil Staps | 2015-10-02 12:36:28 +0200 |
|---|---|---|
| committer | Camil Staps | 2015-10-02 12:36:28 +0200 |
| commit | 4352c19b24f2d445cf687862052148c918bd973d (patch) | |
| tree | 0aa742db07fa5cef500a289be0bdb9fa2700638b | |
| parent | Week 3 (diff) | |
Start exercise 4
| -rw-r--r-- | netsec-assignment4-S4498062/exercise1/exercise1a.fw | 32 | ||||
| -rw-r--r-- | netsec-assignment4-S4498062/exercise2 | 43 |
2 files changed, 75 insertions, 0 deletions
diff --git a/netsec-assignment4-S4498062/exercise1/exercise1a.fw b/netsec-assignment4-S4498062/exercise1/exercise1a.fw new file mode 100644 index 0000000..160292e --- /dev/null +++ b/netsec-assignment4-S4498062/exercise1/exercise1a.fw @@ -0,0 +1,32 @@ +# Generated by iptables-save v1.4.21 on Fri Oct 2 10:15:06 2015 +*mangle +:PREROUTING ACCEPT [2673:1292106] +:INPUT ACCEPT [2673:1292106] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [2296:347914] +:POSTROUTING ACCEPT [2346:354348] +COMMIT +# Completed on Fri Oct 2 10:15:06 2015 +# Generated by iptables-save v1.4.21 on Fri Oct 2 10:15:06 2015 +*filter +:INPUT DROP [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [9:516] +-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +-A INPUT -m state --state ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -p icmp -m icmp --icmp-type 5 -j DROP +-A FORWARD -p icmp -j ACCEPT +-A FORWARD -p icmp -m icmp --icmp-type 5 -j DROP +-A OUTPUT -p icmp -j ACCEPT +-A OUTPUT -p icmp -m icmp --icmp-type 5 -j DROP +COMMIT +# Completed on Fri Oct 2 10:15:06 2015 +# Generated by iptables-save v1.4.21 on Fri Oct 2 10:15:06 2015 +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [304:21518] +:POSTROUTING ACCEPT [304:21518] +COMMIT +# Completed on Fri Oct 2 10:15:06 2015 diff --git a/netsec-assignment4-S4498062/exercise2 b/netsec-assignment4-S4498062/exercise2 new file mode 100644 index 0000000..0355227 --- /dev/null +++ b/netsec-assignment4-S4498062/exercise2 @@ -0,0 +1,43 @@ +sshuttle -v -N -r cstaps@lilo.science.ru.nl:22 + + # Generated by iptables-save v1.4.21 on Fri Oct 2 10:27:40 2015 + *mangle + :PREROUTING ACCEPT [6102:3735715] + :INPUT ACCEPT [6102:3735715] + :FORWARD ACCEPT [0:0] + :OUTPUT ACCEPT [6093:1035805] + :POSTROUTING ACCEPT [6219:1052137] + COMMIT + # Completed on Fri Oct 2 10:27:40 2015 + # Generated by iptables-save v1.4.21 on Fri Oct 2 10:27:40 2015 + *filter + :INPUT DROP [196:17078] + :FORWARD ACCEPT [0:0] + :OUTPUT ACCEPT [3806:688407] + -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT + -A INPUT -m state --state ESTABLISHED -j ACCEPT + -A INPUT -p icmp -j ACCEPT + -A INPUT -p icmp -m icmp --icmp-type 5 -j DROP + -A FORWARD -p icmp -j ACCEPT + -A FORWARD -p icmp -m icmp --icmp-type 5 -j DROP + -A OUTPUT -p icmp -j ACCEPT + -A OUTPUT -p icmp -m icmp --icmp-type 5 -j DROP + COMMIT + # Completed on Fri Oct 2 10:27:40 2015 + # Generated by iptables-save v1.4.21 on Fri Oct 2 10:27:40 2015 + *nat + :PREROUTING ACCEPT [0:0] + :INPUT ACCEPT [0:0] + :OUTPUT ACCEPT [4:246] + :POSTROUTING ACCEPT [4:246] + :sshuttle-12300 - [0:0] + -A PREROUTING -j sshuttle-12300 + -A OUTPUT -j sshuttle-12300 + -A sshuttle-12300 -d 131.174.30.0/24 -p tcp -m ttl ! --ttl-eq 42 -j REDIRECT --to-ports 12300 + -A sshuttle-12300 -d 169.254.0.0/16 -p tcp -m ttl ! --ttl-eq 42 -j REDIRECT --to-ports 12300 + -A sshuttle-12300 -d 127.0.0.0/8 -p tcp -j RETURN + COMMIT + # Completed on Fri Oct 2 10:27:40 2015 + +The filter table is still there from exercise 1. +The nat table (1) accepts everything, (2) handles prerouting and outgoing traffic with 'sshuttle-12300', (3) which sends it to port 12300, where the SSHuttle server is running. (4) by setting a max. TTL we don't allow loops. |