daidalus Δημοσ. 21 Οκτωβρίου 2003 Δημοσ. 21 Οκτωβρίου 2003 Geia se olous!Exw merikes apories oson afora th ruthmish enos screening router ws firewall. Gia na epitrepsw kat' arxhn web browsing xreiazetai na energopoihsw tis uphresies DNS kai HTTP dhladh na anoiksw thn port 80 (TCP) kai thn port 53 (UDP).Auto shmainei oti prepei na epitrepsw apo kathe pi9anh IP dieu9ynsi thn syndesh sta ports 53 kai 80 twn hosts mou? Dhladh o kanonas gia to HTTP tha einai kapws etsi? Source IP 0.0.0.0 /0 Source port ANY Destination IP 192.168.0.0 /28 Destination port 80 Rule : Allow Kai an einai autos den prepei na valw allo ena kanona wste na einai dynath h apostolh HTTP aithsewn afou mexri stigmhs auto pou exw energopihsei einai h lipsi HTTP aithsewn? Parakalw an mporeite apanthste me paradeigmata kanonwn opos auto parapanw.Thanks!
TheNetPoet Δημοσ. 22 Οκτωβρίου 2003 Δημοσ. 22 Οκτωβρίου 2003 Me exeis mple3ei ligaki. 0eleis na mporoun ta pc sou na kanoun mono http requests pros ta e3w, h na kanoun mono alla e3wterika diktia http requests pros ta pc sou? Gia thn prwth periptwsh anoigeis fysika dns queries (tcp & udp), 80, 8080, 443(https). Gia th deyterh to idio me source e3wterika diktya.. Pantws na 3ereis oti ena rule kanei imply kai alla pragamata, px otan afhneis http requests apo mesa pros ta e3w, einai autonohto oti to reply 0a einai allow..
katrin2323 Δημοσ. 22 Οκτωβρίου 2003 Δημοσ. 22 Οκτωβρίου 2003 Ναι netpoet, προτού απαντήσει ο φίλος μας να βιαστώ να υποθέσω πως αυτό που θέλει να κάνει είναι απλά web surfing και όχι να τον βλέπουν απ'έξω (να σηκώσει web site). Οπότε νομίζω πως το σχόλιό σου για το τι εννοείται και τι όχι του λύνει τα χέρια... Κ.
daidalus Δημοσ. 22 Οκτωβρίου 2003 Μέλος Δημοσ. 22 Οκτωβρίου 2003 Sorry an sas mperdepsa...Auto pou thelw einai tupikes yphresies tou Internet gia to diktyo mou.Na exoume prosvasi sto www,se mail kai se ftp servers.Kammia prosvasi apo eksw pros ta mesa.Dustuxws to firewall pou xrhsimopoiw den imply tipota parapanw apo auto pou tou dhlwnw.Sthn prokeimenh periptosh auto pou kanei einai na epitrepei packeta apo opoiodhpote host kai apo opoiadhpote port na eiserxontai sto diktyo mou an exoun proorismo thn port 80. Gia na mporesw na exw prosvash sto www prepei na exw anoiksei thn port 80 swsta?Kai gia na epitrepsw kai euresh mesw onomatwn (domain name ennow) prepei na anoiksw thn porta 53 swsta? H aporia mou einai h eksis:H epikoinwnia twn ypologistwn tou diktuou mou me web servers ginetai mono mesw ths port 80?Dhladh an anoiksw thn port 80 kai thesw tous eksis kanones Source IP 0.0.0.0 /0 Source port ANY Destination IP 192.168.0.0 /28 Destination port 80 Rule : Allow Source IP 192.168.0.0 /28 Source port 80 Destination IP 0.0.0.0 /0 Destination port ANY Rule : Allow tha exw epitrepsei prosvash sto net?Emena mou fainetai logikos kai asfalhs autos o tropos.Omos to zhthma den einai ti nomizw egw.... :?
TheNetPoet Δημοσ. 23 Οκτωβρίου 2003 Δημοσ. 23 Οκτωβρίου 2003 an ypo0esoume oti ta eswterika soy diktya einai to 192.168.0.0/28 Source IP 192.168.0.0 /28 Source port any Destination IP 0.0.0.0 /0 (any) Destination port 80, 8080, 53, 443,25,110,143 Rule : Allow 80,8080 web browsing 53 dns 443 ssl 25,110,143 smpt, pop3, imap4 auto 0a epitrepsei oles tis parapanw yphresies gia e3erxomena requests, kai fysika 0a epitrepsei na labeis kai ta replies.
katrin2323 Δημοσ. 23 Οκτωβρίου 2003 Δημοσ. 23 Οκτωβρίου 2003 akolouthise auta pou sou leei o netpoet. Apla exe ypopsin sou oti apo kei kai pera pithanon na prokypsoun alles anagkes gia diafora programmata opos ICQ, Messenger etc... Xanaperna apo dw tote... 8) K.
daidalus Δημοσ. 23 Οκτωβρίου 2003 Μέλος Δημοσ. 23 Οκτωβρίου 2003 OK!Telika to esthsa.Mono pou eprepe na grapsw kammia 30aria kanones.Sto sygkekrimeno router opos eipa kai parapanw eprepe rita na epitrepsw thn lipsi twn apanthsewn.Sas euxaristw gia th voitheia sas!!!
bigbrother Δημοσ. 24 Οκτωβρίου 2003 Δημοσ. 24 Οκτωβρίου 2003 OK!Telika to esthsa.Mono pou eprepe na grapsw kammia 30aria kanones.Sto sygkekrimeno router opos eipa kai parapanw eprepe rita na epitrepsw thn lipsi twn apanthsewn.Sas euxaristw gia th voitheia sas!!! Pote den mporeis na eisai sigouros gia to firewall sou....kane apo makrua (allo diktuo) kana portscan kai des ti portes fainontai....pes kanan 'empeiro' filo na kanei kana firewall pen-test.... Kai mh xexnas oti ta firewall rules pote den einai statika....kai egv asxoloumai me firewall (ipfw tou FreeBSD) kai exv grapsei kamia 100 kanones kai kata diasthmata pros8etw 2-3 an xreiastei.... TIP: Check an mporeis na xrhsimopoihseis STATEFULL rules kai oxi STALESS opws twra....8a boh8hsei polh sthn asfaleia sou. Rgz, BB
daidalus Δημοσ. 24 Οκτωβρίου 2003 Μέλος Δημοσ. 24 Οκτωβρίου 2003 Dokimasa to shields up! sto grc.com kai emeina ikanopoihmenos.Alla den kserw an auto kanei douleia.Oxi to firewall mou den xrhsimopoiei statefull rules dystyxws.Auto den xrhsimopoieitai gia na katagrafei prohgoumena gegonota wste na kserei apo prin an tha afhsei na perasei ena paketo h oxi?Auto tha voi9ouse sthn taxuthta perissotero etsi den einai?An hmoun sigouros pantws tha sas edina th dieuthynsh na dokimasete kai eseis...
Lupus Δημοσ. 25 Οκτωβρίου 2003 Δημοσ. 25 Οκτωβρίου 2003 stin porta 80 enos server kanei request o browser gia na tou serviristei mia selida. Apo tin stigmi pou o server lavei ayto to request anoigei sto pc mia opoiadipote porta panw apo tin 1024. Opote an kopseis gia paradeigma tin porta 80 tha mporeis kai pali na vlepeis selides.Tin porta tin afineis anoixth mono stin periptwsi pou exeis stisei kapoion webserver. To idio kai me tin 443. Afou den eksartatai apo ton client an mporei na dei i oxi https paramono apo ton server.
TheNetPoet Δημοσ. 28 Οκτωβρίου 2003 Δημοσ. 28 Οκτωβρίου 2003 an kopsei to e3erxomeno request pros to port 80, pws 0a dei selides afou to e3erxomeno prwto request apo ton browser paei sto port 80? to idio bebaia gia to ssl.....
Lupus Δημοσ. 28 Οκτωβρίου 2003 Δημοσ. 28 Οκτωβρίου 2003 Einai diaforetiko na kopseis kathe kinisi pros tin porta 80 enos server kai diaforetiko na kopseis tin porta 80 tou client. An kleisei o server tin porta 80 h tin porta 443 tote den tha mporei kaneis na dei selida apo ton server. An kleiseis sto pc sou tin porta 80 den tha exeis kanena provlima. Elpizw na egina katanohtos
bigbrother Δημοσ. 29 Οκτωβρίου 2003 Δημοσ. 29 Οκτωβρίου 2003 statefull rules = krataei to state. dhladh an exeis kanei syndesh local: 100.200.300.400 port 8888 remote: 200.100.100.100 port 80 tote 8a meinei sto firewall state table - Ektos apo mia elaxisth [isos ka8olou] ayxhsh sthn taxhthta, to shmantiko einai oti parexei arketa perissoterh asfaleia. Den mporei eukola na xegelasei kapoios to state. Etsi paketa apo tritous den 8a mpoun. Skepsou p.x. xoris state les ""KA8e paketo pou erxetai apo porta 80 to dexomai [giati 8eoreis paketo web]"" ===> Shmainei oti epidoxoi mporoun na kanoun epi8eseis pou xekinan apo thn porta 80 kai na eisoxrhsoun sto systhma sou [penetration]. An omos exeis pei ""Otan kanv syndesh sthn porta 80 tou server ftiaxe ena state gia auth thn syndesh"" + ""Oti erxetai apo to net elexe an exei state"" + ""an den exei state ->>REJECT"" tote 8a erxontai paketa apo porta 80 MONO otan esy exeis kanei syndesh se ena server. Hackers pou 8a sou stelnoun paketa originating apo port 80 den 8a pernane mesa kai 8a ginontai reject. ------------- PAIDIA exete mperdepsei ligo ta firewall rules.... To 8ema me apla logia einai gia to pc mas to client [pou DEN einai server]. [pseudo firewall rules] -ALLOW OUTGOING FROM local 1024-65536 to any 80 -ALLOW INCOMING FROM any 80 to local 1024-65536 -REJECT ALL INCOMING on port 80 auta ta 2 einai.Gia browsing prepei na exoume to 1 kai to 2. den exoume server opote bazoume to 3 gia na mhn exoume problhma. Bebaia auta einai toy codes....to kanoniko to firewall exei arketa pramata....auta aplos mono kai mono gia na katalabete ti paizei me ta firewalls..Opoios endiaferetai as rothsei tipota, kai elpizw na ton boh8hsw se oti zhthsei...exw arketh empeiria me to na ftiaxnw firewalls...
Προτεινόμενες αναρτήσεις
Αρχειοθετημένο
Αυτό το θέμα έχει αρχειοθετηθεί και είναι κλειστό για περαιτέρω απαντήσεις.