ukecana stanice
Jan Pechanec
jp at devnull.cz
Wed Aug 2 13:58:17 CEST 2006
On Wed, 2 Aug 2006, Marian Hercek wrote:
>Pre SSH sa tusim verzia neda ani utajit, mozno editovanim zdrojakov a
>rekompilaciou.
>Mam tusenie, ze sshd_banner s tym nema nic spolocne.
opravdu nema, banner je pro hlasky typu "to je muj stroj a jestli
zkusis zadat login/heslo tak te bracha zastreli".
verze SSH proste je pristupna, pokud chces mit SSH otevreny do
sveta:
$ telnet localhost 22
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903
h.
>
>> -----Original Message-----
>> From: users-l-bounces at freebsd.cz
>> [mailto:users-l-bounces at freebsd.cz] On Behalf Of lucielukes
>> Sent: Wednesday, August 02, 2006 12:56 PM
>> To: users-l at freebsd.cz
>> Subject: ukecana stanice
>>
>> Dobry den,
>> obracim se na Vas s prosbou o radu. Mam hodne ukecanou domaci
>> stanici s FreeBSD 6.1-RELEASE.
>> Kluci od nas z baraku, pres ktere jsme pripojeni, nam
>> skenovali PC s: nmap -A -P0 nebo nmap -sV -P0. System im
>> toho zdelil pomerne dost hodne.
>> Da se s tim neco udelat? Staci upravit pravidla na PF Filtru
>> aby FreeBSD nedalo o sobe nic znat ?
>>
>> Predem dekuji za odpoved.
>>
>> Lucie
>>
>> lulu ~$ nmap -sV -P0 10.42.10.23
>>
>> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at
>> 2006-08-02 12:29 CEST
>> Interesting ports on 10.42.10.23:
>> Not shown: 1678 filtered ports
>> PORT STATE SERVICE VERSION
>> 22/tcp open ssh OpenSSH 4.2p1 (FreeBSD 20050903; protocol 2.0)
>> 443/tcp open ssl/http Apache httpd 2.0.58 ((FreeBSD)
>> PHP/4.4.2 mod_ssl/2.0.58 OpenSSL/0.9.7e-p1 mod_perl/2.0.2 Perl/v5.8.8)
>> Service Info: OS: FreeBSD
>>
>> Nmap finished: 1 IP address (1 host up) scanned in 88.985 seconds
>>
>> Ruleset pf.conf:
>> --------------------------------------------------------------
>> --------------
>> ext_if="rl0"
>> scrub in all
>>
>> block in quick on $ext_if inet from { 127.0.0.0/8, 192.168.0.0/16, \
>> 172.16.0.0/12 } to any
>> block out quick on $ext_if inet from any to { 127.0.0.0/8,
>> 192.168.0.0/16, \
>> 172.16.0.0/12}
>>
>> block in on $ext_if all
>>
>> pass in log on $ext_if inet proto tcp from any to any port 22 \
>> flags S/SA keep state
>>
>> pass in log on $ext_if inet proto tcp from any to any port 443 \
>> flags S/SA keep state
>>
>> block out on $ext_if all
>> pass out on $ext_if inet proto tcp all flags S/SA keep state
>> pass out on $ext_if inet proto udp all keep state
>> pass out on $ext_if inet proto icmp all keep state
>> --------------------------------------------------------------
>> ------------------
>> --
>> FreeBSD mailing list (users-l at freebsd.cz)
>> http://www.freebsd.cz/listserv/listinfo/users-l
>>
>>
>> ________ Information from NOD32 ________
>> This message was checked by NOD32 Antivirus System for Linux
>> Mail Server.
>
>
>
>________ Information from NOD32 ________
>This message was checked by NOD32 Antivirus System for Linux Mail Server.
>
>
More information about the Users-l
mailing list