'signature' filtering

'signature' filtering

Post by Jack Snodgras » Wed, 23 Mar 2005 22:56:49



Say that I am running a ssh server on port 22.
Normally, if you do
telnet servername 22
you get:
Connected to linux.private.net (xx.xx.xx.xx).
Escape character is '^]'.
SSH-1.99-OpenSSH_3.9p1
....

I'd like to be able to

1) set up filtering on my server so that only certain
connect packets are answered... IP Address filtering
is not enough. I want a special flag/trigger/bit/signature/etc
so that only certain machines get the connect message even
if they are all behind the same NAT device.

2) set up something on the initial connect from the client
to trigger #1 above.

Can you do this is TOS and packet mangleing or something else
with linux?  

Thanks - jack

--
D.A.M. - Mothers Against Dyslexia

see http://www.jacksnodgrass.com for my contact info.

jack - Grapevine/Richardson

 
 
 

'signature' filtering

Post by Philippe WEIL » Wed, 23 Mar 2005 23:23:40



> Say that I am running a ssh server on port 22.
> Normally, if you do
> telnet servername 22
> you get:
> Connected to linux.private.net (xx.xx.xx.xx).
> Escape character is '^]'.
> SSH-1.99-OpenSSH_3.9p1
> ....

> I'd like to be able to

> 1) set up filtering on my server so that only certain
> connect packets are answered... IP Address filtering
> is not enough. I want a special flag/trigger/bit/signature/etc
> so that only certain machines get the connect message even
> if they are all behind the same NAT device.

> 2) set up something on the initial connect from the client
> to trigger #1 above.

> Can you do this is TOS and packet mangleing or something else
> with linux?  

Perhaps you search for something like port knocking

http://www.portknocking.org/

Quote:

> Thanks - jack

--
  Weill Philippe -  Administrateur Systeme et Reseaux
  CNRS Service Aeronomie - Universite Pierre et Marie Curie -
  Tour 45/46 3e Etage B302 - 4 Place Jussieu - 75252 Paris Cedex 05 -  FRANCE


 
 
 

'signature' filtering

Post by Jack Snodgras » Wed, 23 Mar 2005 23:40:06




>> Say that I am running a ssh server on port 22.
>> Normally, if you do
>> telnet servername 22
>> you get:
>> Connected to linux.private.net (xx.xx.xx.xx).
>> Escape character is '^]'.
>> SSH-1.99-OpenSSH_3.9p1
>> ....

>> I'd like to be able to

>> 1) set up filtering on my server so that only certain
>> connect packets are answered... IP Address filtering
>> is not enough. I want a special flag/trigger/bit/signature/etc
>> so that only certain machines get the connect message even
>> if they are all behind the same NAT device.

>> 2) set up something on the initial connect from the client
>> to trigger #1 above.

>> Can you do this is TOS and packet mangleing or something else
>> with linux?  

> Perhaps you search for something like port knocking

> http://www.portknocking.org/

Thanks. I've never heard of that. That's the concept I want... now
I just have to implement it.

jack

--
D.A.M. - Mothers Against Dyslexia

see http://www.jacksnodgrass.com for my contact info.

jack - Grapevine/Richardson

 
 
 

'signature' filtering

Post by Allen McIntos » Wed, 23 Mar 2005 23:35:34


Quote:> I'd like to be able to

> 1) set up filtering on my server so that only certain
> connect packets are answered... IP Address filtering
> is not enough. I want a special flag/trigger/bit/signature/etc
> so that only certain machines get the connect message even
> if they are all behind the same NAT device.
> 2) set up something on the initial connect from the client
> to trigger #1 above.  
> Can you do this is TOS and packet mangleing or something else
> with linux?  

I guess it depends on what you trying to do.  You could set some TOS
bits on the client.  Filtering would work as long as the NAT device and
everything else inbetween preserves them.  There is nothing to stop
someone else on another machine from setting the TOS bits the same way -
if they know about the scheme, of course.
Another possibility is to have ssh do the authentication for you.
That's what it is designed to do, after all.  The downside is that port
22 might appear open somewhere that you don't want it to...
 
 
 

1. 'filters' in 'elm'

I've tried setting up a filter for elm to use to kill some unwanted mail,
but I can't seem to get it working.

My filter-rules file looks like:

if (subject contains "cron" and subject contains "Output") then delete

Basically, I want to kill all mail that would contain the words "cron" and
"Output" in the subject lines.

For some reason, this still is not working and I still get the mail.

Alternatively, does someone now how to redirect the mailings that 'cron'
sends me to dev/null maybe? (I'm still interested in the kill file, though).

Thanks!

--


 "Thank you for that great round of indifference"  -- Bill Needle, SCTV

2. pcmcia question

3. getting IP-Filter to reread it's configuration-files 'on-the-fly'

4. UNIX - to - MAC text file converter

5. 'No setup signature found' error

6. Performance Turning, possible???

7. Page 'signatures' in Apache

8. 2.4.x and DAC960 issues

9. 'Unable to find swap-space signature' !?

10. Adjusting Ethereal's Capture-Filters for Web-Address filtering?

11. iptables v1.2.2: can't initialize iptables table `filter': Table does not exist

12. iptables "can't initialize iptables table `filter'"

13. iptables v1.2.2: can't initialize iptables table `filter': Table does not exist