ukecana stanice

Jan Pechanec jp at devnull.cz
Wed Aug 2 13:58:17 CEST 2006


On Wed, 2 Aug 2006, Marian Hercek wrote:

>Pre SSH sa tusim verzia neda ani utajit, mozno editovanim zdrojakov a
>rekompilaciou.
>Mam tusenie, ze sshd_banner s tym nema nic spolocne.

	opravdu nema, banner je pro hlasky typu "to je muj stroj a jestli 
zkusis zadat login/heslo tak te bracha zastreli".

	verze SSH proste je pristupna, pokud chces mit SSH otevreny do 
sveta:

$ telnet localhost 22
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.2p1 FreeBSD-20050903

	h.

>
>> -----Original Message-----
>> From: users-l-bounces at freebsd.cz 
>> [mailto:users-l-bounces at freebsd.cz] On Behalf Of lucielukes
>> Sent: Wednesday, August 02, 2006 12:56 PM
>> To: users-l at freebsd.cz
>> Subject: ukecana stanice
>> 
>> Dobry den,
>> obracim se na Vas s prosbou o radu. Mam hodne ukecanou domaci 
>> stanici s FreeBSD 6.1-RELEASE.
>> Kluci od nas z baraku, pres ktere jsme pripojeni, nam 
>> skenovali PC s: nmap -A -P0 nebo nmap  -sV -P0. System im 
>> toho zdelil pomerne dost hodne. 
>> Da se s tim neco udelat? Staci upravit pravidla na PF Filtru 
>> aby FreeBSD nedalo o sobe nic znat ? 
>> 
>> Predem dekuji za odpoved.
>> 
>> Lucie
>> 
>> lulu ~$ nmap  -sV -P0 10.42.10.23
>> 
>> Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 
>> 2006-08-02 12:29 CEST
>> Interesting ports on 10.42.10.23:
>> Not shown: 1678 filtered ports
>> PORT    STATE SERVICE  VERSION
>> 22/tcp  open  ssh      OpenSSH 4.2p1 (FreeBSD 20050903; protocol 2.0)
>> 443/tcp open  ssl/http Apache httpd 2.0.58 ((FreeBSD) 
>> PHP/4.4.2 mod_ssl/2.0.58 OpenSSL/0.9.7e-p1 mod_perl/2.0.2 Perl/v5.8.8)
>> Service Info: OS: FreeBSD
>> 
>> Nmap finished: 1 IP address (1 host up) scanned in 88.985 seconds
>> 
>> Ruleset pf.conf:
>> --------------------------------------------------------------
>> --------------
>> ext_if="rl0"
>> scrub in all
>> 
>> block in quick on $ext_if inet from { 127.0.0.0/8, 192.168.0.0/16, \
>> 172.16.0.0/12 } to any
>> block out quick on $ext_if inet from any to { 127.0.0.0/8, 
>> 192.168.0.0/16, \
>> 172.16.0.0/12}
>> 
>> block in on $ext_if all
>> 
>> pass in log on $ext_if inet proto tcp from any to any port 22 \
>> flags S/SA keep state
>> 
>> pass in log on $ext_if inet proto tcp from any to any port 443 \
>> flags S/SA keep state
>> 
>> block out on $ext_if all
>> pass out on $ext_if inet proto tcp all flags S/SA keep state
>> pass out on $ext_if inet proto udp all keep state
>> pass out on $ext_if inet proto icmp all keep state
>> --------------------------------------------------------------
>> ------------------
>> -- 
>> FreeBSD mailing list (users-l at freebsd.cz)
>> http://www.freebsd.cz/listserv/listinfo/users-l
>> 
>> 
>> ________ Information from NOD32 ________
>> This message was checked by NOD32 Antivirus System for Linux 
>> Mail Server.
>
>
>
>________ Information from NOD32 ________
>This message was checked by NOD32 Antivirus System for Linux Mail Server.
>
>



More information about the Users-l mailing list