Erinevus lehekülje "Itx8071-task2" redaktsioonide vahel
Mine navigeerimisribale
Mine otsikasti
(Lehekülg asendatud tekstiga 'To be announced.') Märgis: Asendamine |
|||
| 1. rida: | 1. rida: | ||
| − | + | This homework assignment requires the knowledge from Modules 6 and 7. | |
| + | |||
| + | === Create SEC rules that accomplish the following event correlation task: === | ||
| + | |||
| + | 1) the rules must process netfilter firewall syslog events about blocked | ||
| + | packets sent to local TCP and UDP ports. For example, the following two | ||
| + | events represent accesses to local ports 23/tcp and 25/tcp which were blocked | ||
| + | by the local firewall: | ||
| + | |||
| + | Oct 25 01:13:02 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.67 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=20049 DF PROTO=TCP SPT=44963 DPT=23 WINDOW=49640 RES=0x00 SYN URGP=0 | ||
| + | Oct 25 01:13:08 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.104 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=36362 DF PROTO=TCP SPT=56918 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0 | ||
Redaktsioon: 29. oktoober 2023, kell 14:58
This homework assignment requires the knowledge from Modules 6 and 7.
Create SEC rules that accomplish the following event correlation task:
1) the rules must process netfilter firewall syslog events about blocked packets sent to local TCP and UDP ports. For example, the following two events represent accesses to local ports 23/tcp and 25/tcp which were blocked by the local firewall:
Oct 25 01:13:02 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.67 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=20049 DF PROTO=TCP SPT=44963 DPT=23 WINDOW=49640 RES=0x00 SYN URGP=0 Oct 25 01:13:08 localhost kernel: iptables: IN=eth0 OUT= MAC=X SRC=192.168.1.104 DST=192.168.1.107 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=36362 DF PROTO=TCP SPT=56918 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0