Search the Community

Showing results for tags 'strings'.

Found 1 result

Sort By
- Date
- Relevancy

Detectie shellshock cu iptables

aelius posted a topic in Tutoriale in romana

O regula simpla cu care puteti face logging sau puteti bloca shellshock. iptables -I INPUT -p tcp -m string --algo bm --string "() {" --dport 80 -j LOG --log-prefix "shellshock rule 1: " Cum apare ? pluto:~# dmesg [12526689.726816] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=192.185.82.92 DST=xxx.xxx.88.5 LEN=287 TOS=0x00 PREC=0x00 TTL=45 ID=21610 DF PROTO=TCP SPT=39893 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0 [12573352.452710] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=108.163.187.146 DST=xxx.xxx.88.10 LEN=421 TOS=0x00 PREC=0x00 TTL=48 ID=25760 DF PROTO=TCP SPT=42647 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 [12573362.110534] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=184.106.196.169 DST=xxx.xxx.88.7 LEN=419 TOS=0x00 PREC=0x00 TTL=48 ID=55433 DF PROTO=TCP SPT=40201 DPT=80 WINDOW=183 RES=0x00 ACK PSH URGP=0 [12573364.514235] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=110.44.30.204 DST=xxx.xxx.88.6 LEN=429 TOS=0x00 PREC=0x00 TTL=40 ID=20190 DF PROTO=TCP SPT=38820 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12573369.889964] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=194.28.86.63 DST=xxx.xxx.88.5 LEN=420 TOS=0x00 PREC=0x00 TTL=56 ID=32172 DF PROTO=TCP SPT=48732 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 [12576046.844450] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=72.249.151.145 DST=xxx.xxx.88.5 LEN=428 TOS=0x00 PREC=0x00 TTL=48 ID=11314 DF PROTO=TCP SPT=46735 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0 [12581893.832430] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=89.47.247.48 DST=xxx.xxx.88.4 LEN=427 TOS=0x00 PREC=0x00 TTL=56 ID=47806 DF PROTO=TCP SPT=40027 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582722.880301] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=394 TOS=0x00 PREC=0x00 TTL=51 ID=34666 DF PROTO=TCP SPT=45498 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582723.333809] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=397 TOS=0x00 PREC=0x00 TTL=51 ID=59992 DF PROTO=TCP SPT=45599 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582723.800026] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=370 TOS=0x00 PREC=0x00 TTL=51 ID=5234 DF PROTO=TCP SPT=45681 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582724.856256] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=367 TOS=0x00 PREC=0x00 TTL=51 ID=13614 DF PROTO=TCP SPT=45879 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582725.330168] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=379 TOS=0x00 PREC=0x00 TTL=51 ID=19157 DF PROTO=TCP SPT=45962 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582725.800422] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=397 TOS=0x00 PREC=0x00 TTL=51 ID=53517 DF PROTO=TCP SPT=46069 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582726.258118] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=370 TOS=0x00 PREC=0x00 TTL=51 ID=53738 DF PROTO=TCP SPT=46149 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582726.708889] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=180.210.205.209 DST=xxx.xxx.88.10 LEN=367 TOS=0x00 PREC=0x00 TTL=51 ID=29443 DF PROTO=TCP SPT=46236 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12582822.019042] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=23.95.95.168 DST=xxx.xxx.88.8 LEN=426 TOS=0x00 PREC=0x00 TTL=45 ID=51576 DF PROTO=TCP SPT=47145 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 [12583500.543438] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=173.83.247.209 DST=xxx.xxx.88.6 LEN=304 TOS=0x00 PREC=0x00 TTL=54 ID=35104 DF PROTO=TCP SPT=57258 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12584394.167981] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=103.23.21.67 DST=xxx.xxx.88.5 LEN=427 TOS=0x00 PREC=0x00 TTL=45 ID=29985 DF PROTO=TCP SPT=44368 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 [12606520.929034] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=94.23.42.182 DST=xxx.xxx.88.7 LEN=419 TOS=0x00 PREC=0x00 TTL=58 ID=19046 DF PROTO=TCP SPT=36147 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 [12606529.908862] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=85.232.60.34 DST=xxx.xxx.88.5 LEN=420 TOS=0x00 PREC=0x00 TTL=51 ID=14367 DF PROTO=TCP SPT=49751 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12606541.611815] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=67.198.141.98 DST=xxx.xxx.88.6 LEN=429 TOS=0x00 PREC=0x00 TTL=51 ID=8906 DF PROTO=TCP SPT=33844 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0 [12609706.584728] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=67.23.9.241 DST=xxx.xxx.88.5 LEN=428 TOS=0x00 PREC=0x00 TTL=45 ID=10222 DF PROTO=TCP SPT=43102 DPT=80 WINDOW=92 RES=0x00 ACK PSH URGP=0 [12616465.783127] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=67.23.9.241 DST=xxx.xxx.122.5 LEN=427 TOS=0x00 PREC=0x00 TTL=45 ID=24709 DF PROTO=TCP SPT=40671 DPT=80 WINDOW=92 RES=0x00 ACK PSH URGP=0 [12617580.394705] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=213.238.169.117 DST=xxx.xxx.88.8 LEN=426 TOS=0x00 PREC=0x00 TTL=47 ID=13535 DF PROTO=TCP SPT=58437 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 [12619408.726456] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=202.181.246.66 DST=xxx.xxx.88.5 LEN=427 TOS=0x00 PREC=0x00 TTL=41 ID=13254 DF PROTO=TCP SPT=26414 DPT=80 WINDOW=46 RES=0x00 ACK PSH URGP=0 [12659626.759636] shellshock rule 1: IN=eth0 OUT= MAC=ac:22:0b:79:90:62:c4:71:fe:11:f9:ff:08:00 SRC=192.254.250.180 DST=xxx.xxx.102.3 LEN=293 TOS=0x00 PREC=0x00 TTL=46 ID=61584 DF PROTO=TCP SPT=22274 DPT=80 WINDOW=229 RES=0x00 ACK PSH URGP=0 Note: - Am specificat doar port 80 iar regula este doar pentru logging. Se poate adauga una pentru logging si alta pentru reject/drop - Mai multe despre shellshock aici: http://en.wikipedia.org/wiki/Shellshock_(software_bug) - Mi-a venit ideea asta pentru ca multi sunt tentati sa foloseasca snort. Probabil stiti ca la reguli multe, snort consuma foarte multe resurse CPU
- October 10, 2014
- 3 replies
- - 1
- - iptables
  - shellshock
  - (and 2 more)
    Tagged with:
    
    iptables
    
    shellshock
    
    shellshock-detect
    
    strings

Sign In

Search the Community

Search By Tags

Search By Author

Content Type

Forums

Find results in...

Find results that contain...

Date Created

Start

End

Last Updated

Start

End

Filter by number of...

Minimum number of comments

Minimum number of replies

Minimum number of views

Joined

Start

End

Group

Website URL

Yahoo

Jabber

Skype

Location

Interests

Occupation

Interests

Biography

Location

Detectie shellshock cu iptables

Browse

Activity

Pages