Re: (PM) Dialup ISDN w/ORU Problems

Rick Smith (rsmith@nac.net)
Sun, 14 Jun 1998 17:35:33 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Boyle: "Re: (PM) Dialup ISDN w/ORU Problems"
Previous message: Robert Boyle: "Re: (PM) SMURF Filter"

can I use these filters if I'm telnetted into the router from the
outside ? Probably not. I should dial into it i presume ?

On Sun, 14 Jun 1998, Jason Marshall wrote:

> > They methodically removed each computer (mostly Unix, some Win95) from
> > the network, and waited for a connection. When they took the NT4.0 machine
>
> > bothered to put a sniffer on it, but the theory was that it had to keep
> > checking in with the mothership!
>
> If they have an OR-U at their end, just install a filter like "everything"
> and run ptrace against it. Instant sniffer... Here's an example from
> one of our remote OR-Us:
>
> xxxxx> sh filter everything
> 1 deny aaa.bbb.ccc.1/32 0.0.0.0/0 ip
> 2 deny 0.0.0.0/0 aaa.bbb.ccc.1/32 ip
> 3 permit 0.0.0.0/0 0.0.0.0/0 tcp
> 4 permit 0.0.0.0/0 0.0.0.0/0 udp
> 5 permit 0.0.0.0/0 0.0.0.0/0 icmp
>
> (rule 3 could be set to "permit" negating the need for 4 and 5, but I
> prefer to be explicit wherever I can)
>
> Where aaa.bbb.ccc.1 is the address of the OR-u itself (make sure you
> already know it's not the OR-u doing the talking *8-). If you want to see
> if it's the router doing the talking, set up another filter called
> something else, and make it look like this:
>
> add filter justme
> set filter justme 1 deny tcp estab
> set filter justme 2 deny aa.bb.cc.1/32 ww.xx.yy.zz/32 tcp dst eq 23
> set filter justme 3 deny ww.xx.yy.zz/32 aa.bb.cc.1/32 tcp dst eq 23
> set filter justme 4 permit aa.bb.cc.1/32 0.0.0.0/0
> set filter justme 5 permit 0.0.0.0/0 aa.bb.cc.1/32
> save filter
> set console
> ptrace justme
>
> aa.bb.cc.1 is the OR-u, ww.xx.yy.zz is the machine you're telneting into
> the OR-u from.
>
> Telnet in, set console, ptrace everything, and watch for crap being sent
> out. It's amazing how noisy some equipment can be if not properly tamed.
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> | Jason Marshall, marshalj@spots.ab.ca. Spots InterConnect, Inc. Calgary, AB |
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Robert Boyle: "Re: (PM) Dialup ISDN w/ORU Problems"
Previous message: Robert Boyle: "Re: (PM) SMURF Filter"