Erinevus lehekülje "Itx8071-task2" redaktsioonide vahel
Mine navigeerimisribale
Mine otsikasti
(Lehekülg asendatud tekstiga 'To be announced.') Märgis: Asendamine |
|||
1. rida: | 1. rida: | ||
− | + | This homework assignment requires the knowledge from Modules 6 and 7. | |
+ | |||
+ | === Create SEC rules that accomplish the following event correlation task: === | ||
+ | |||
+ | 1) the rules must process netfilter firewall syslog events about blocked | ||
+ | packets sent to local TCP and UDP ports. For example, the following two | ||
+ | events represent accesses to local ports 23/tcp and 25/tcp which were blocked | ||
+ | by the local firewall: | ||
+ | |||
+ | Oct 25 01:13:02 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.67 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=20049 DF PROTO=TCP SPT=44963 DPT=23 WINDOW=49640 RES=0x00 SYN URGP=0 | ||
+ | Oct 25 01:13:08 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.104 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=36362 DF PROTO=TCP SPT=56918 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 |
Redaktsioon: 29. oktoober 2023, kell 14:58
This homework assignment requires the knowledge from Modules 6 and 7.
Create SEC rules that accomplish the following event correlation task:
1) the rules must process netfilter firewall syslog events about blocked packets sent to local TCP and UDP ports. For example, the following two events represent accesses to local ports 23/tcp and 25/tcp which were blocked by the local firewall:
Oct 25 01:13:02 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.67 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=20049 DF PROTO=TCP SPT=44963 DPT=23 WINDOW=49640 RES=0x00 SYN URGP=0 Oct 25 01:13:08 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.104 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=36362 DF PROTO=TCP SPT=56918 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0