eu quero usar o iptables para filtrar o pacote OUTPUT do cliente tftp, mas falhou, você poderia me ajudar?
Minhas regras:
iptables -A OUTPUT -m udp -p udp --dport 69 -j NFQUEUE
iptables -A OUTPUT -m string --algo kmp --string "nessus" -j NFQUEUE
O pacote OUTPUT do cliente é mais ou menos assim:
No. Time Source Destination Protocol Info
9 1.432738 192.168.9.76 192.168.9.114 TFTP Read Request, File: nessus713610685iptables -A OUTPUT -m udp -p udp --dport 69 -j NFQUEUE
iptables -A OUTPUT -m string --algo kmp --string "nessus" -j NFQUEUE
0, Transfer type: netasciiNo. Time Source Destination Protocol Info
9 1.432738 192.168.9.76 192.168.9.114 TFTP Read Request, File: nessus713610685%pre%0, Transfer type: netascii%pre%0
Frame 9 (69 bytes on wire, 69 bytes captured)
Ethernet II, Src: Vmware_bc:00:59 (00:0c:29:bc:00:59), Dst: 60:a4:4c:34:bd:ac (60:a4:4c:34:bd:ac)
Internet Protocol, Src: 192.168.9.76 (192.168.9.76), Dst: 192.168.9.114 (192.168.9.114)
User Datagram Protocol, Src Port: 4239 (4239), Dst Port: tftp (69)
Source port: 4239 (4239)
Destination port: tftp (69)
Length: 35
Checksum: 0x3d14 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Trivial File Transfer Protocol
[Source File: nessus713610685]
Opcode: Read Request (1)
Source File: nessus713610685
Type: netascii
0
Frame 9 (69 bytes on wire, 69 bytes captured)
Ethernet II, Src: Vmware_bc:00:59 (00:0c:29:bc:00:59), Dst: 60:a4:4c:34:bd:ac (60:a4:4c:34:bd:ac)
Internet Protocol, Src: 192.168.9.76 (192.168.9.76), Dst: 192.168.9.114 (192.168.9.114)
User Datagram Protocol, Src Port: 4239 (4239), Dst Port: tftp (69)
Source port: 4239 (4239)
Destination port: tftp (69)
Length: 35
Checksum: 0x3d14 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Trivial File Transfer Protocol
[Source File: nessus713610685]
Opcode: Read Request (1)
Source File: nessus713610685
Type: netascii