¿ù°£ Àα⠰Խù°

°Ô½Ã¹° 111°Ç
   
Netfilter TTL Match / Length Match
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2009-12-14 (¿ù) 18:33 Á¶È¸ : 5992
±ÛÁÖ¼Ò :
                             

   ttl
       This module matches the time to live field in the IP header.
       --ttl-eq ttl
              Matches the given TTL value.
       --ttl-gt ttl
              Matches if TTL is greater than the given TTL value.
       --ttl-lt ttl
              Matches if TTL is less than the given TTL value.


   length
       This module matches the length of a packet against a specific value or range of values.
      --length [!] length[:length]


ÆÐŶĸó...

14:04:56.343489 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 99.244.131.44.3072 > 211.119.250.44.80: S, cksum 0xe66c (correct), 2801376866:2801376866(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343490 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 139.33.57.122.3072 > 211.119.250.44.80: S, cksum 0xba97 (correct), 4050821184:4050821184(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343534 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 46.84.109.92.1024 > 211.119.250.44.80: S, cksum 0x131e (correct), 3944112980:3944112980(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343583 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 71.230.124.45.3072 > 211.119.250.44.80: S, cksum 0x8649 (correct), 2441399602:2441399602(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343597 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 248.94.172.109.3072 > 211.119.250.44.80: S, cksum 0x7ebd (correct), 429211666:429211666(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343683 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 141.130.131.111.1024 > 211.119.250.44.80: S, cksum 0xcc5e (correct), 1731552791:1731552791(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343691 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 75.84.158.8.1024 > 211.119.250.44.80: S, cksum 0xcf4a (correct), 2652552451:2652552451(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343734 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 179.126.250.61.3072 > 211.119.250.44.80: S, cksum 0xbe00 (correct), 3281222990:3281222990(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343783 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 177.249.67.127.1024 > 211.119.250.44.80: S, cksum 0xaf6f (correct), 2318100532:2318100532(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343833 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 201.168.160.5.3072 > 211.119.250.44.80: S, cksum 0xf060 (correct), 1705853456:1705853456(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343882 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 61.246.108.20.1024 > 211.119.250.44.80: S, cksum 0x738e (correct), 3552304441:3552304441(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343982 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 164.107.243.93.3072 > 211.119.250.44.80: S, cksum 0x390a (correct), 1982465848:1982465848(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343984 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 149.116.115.48.1024 > 211.119.250.44.80: S, cksum 0xbadd (correct), 2199928847:2199928847(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.343990 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 97.165.200.74.3072 > 211.119.250.44.80: S, cksum 0x62c0 (correct), 651365132:651365132(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.344032 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 101.84.126.51.3072 > 211.119.250.44.80: S, cksum 0x60e2 (correct), 2774438248:2774438248(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.344082 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 254.172.168.107.3072 > 211.119.250.44.80: S, cksum 0x6750 (correct), 396523787:396523787(0) win 8192 <mss 1460,nop,nop,sackOK>
14:04:56.344084 IP (tos 0x0, ttl 123, id 766, offset 0, flags [DF], proto TCP (6), length 48) 125.149.66.63.1024 > 211.119.250.44.80: S, cksum 0xa776 (correct), 2080389964:2080389964(0) win 8192 <mss 1460,nop,nop,sackOK>



ƯÀÌÁ¡ : TCP SYN ÆÐŶ  TTL °ªÀÌ 123ÀÌ°í LENGTH 48

-A INPUT -p tcp --dport 80 -d 211.119.250.44 -m ttl --ttl-eq 123 -m length --length 48 -j DROP
 »ìÆ÷½Ã Â÷´ÜÇÑ´Ù.... 

[ÀÌ °Ô½Ã¹°Àº ÃÖ°í°ü¸®ÀÚ´Ô¿¡ ÀÇÇØ 2009-12-14 20:59:39 ¸®´ª½º¿¡¼­ À̵¿ µÊ]

À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.