ip6tables设置阻止ipv6碎片

时间:2014-05-23 04:50:32

标签: linux ipv6 rhel

是否可以编写ip6tables规则来阻止格式错误的ipv6碎片数据包。 这基本上是我们的设备盒的ipv6认证。我们运行的是:rhel 5.5和kernel:2.6.18-238.1.1.el5

我们目前失败的测试是:

1)片段重组 - 片段ID不匹配应该给出错误2)片段重组 - 片段之间的源地址不同3)片段重组 - 目标地址在片段之间不同

欢迎任何其他解决此问题的想法:)

1 个答案:

答案 0 :(得分:0)

我们可以通过像snort这样的工具解决这个问题。以下是在RHEL 5.5中安装,配置和运行的步骤

INSTALL PREREQUISITES

对于SNORT,我们需要安装以下内容:

  • flex byacc bison pcre-devel libdnet-devel zlib-devel

  • 我们可以从以下网址下载:

ftp://ftp.univie.ac.at/systems/linux/dag/redhat/el5/en/x86_64/buildtools/RPMS/flex-2.5.35-0.8.el5.rfb.x86_64.rpm

ftp://fr2.rpmfind.net/linux/centos/5.10/os/x86_64/CentOS/byacc-1.9-29.2.2.x86_64.rpm

http://vault.centos.org/5.5/os/x86_64/CentOS/zlib-devel-1.2.3-3.x86_64.rpm

http://vault.centos.org/5.5/os/x86_64/CentOS/bison-2.3-2.1.x86_64.rpm

http://vault.centos.org/5.5/os/x86_64/CentOS/pcre-devel-6.6-2.el5_1.7.x86_64.rpm

ftp://ftp.univie.ac.at/systems/linux/dag/redhat/el5/en/x86_64/dag/RPMS/libdnet-1.11-1.2.el5.rf.x86_64.rpm

http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/libdnet-devel-1.11-1.2.el5.rf.x86_64.rpm 

* Install the above said rpm in the below order:
rpm -ivh flex-2.5.35-0.8.el5.rfb.x86_64.rpm
rpm -ivh byacc-1.9-29.2.2.x86_64.rpm
rpm -ivh zlib-devel-1.2.3-3.x86_64.rpm
rpm -ivh bison-2.3-2.1.x86_64.rpm
rpm -ivh pcre-devel-6.6-2.el5_1.7.x86_64.rpm
rpm -ivh libdnet-1.11-1.2.el5.rf.x86_64.rpm
rpm -ivh libdnet-devel-1.11-1.2.el5.rf.x86_64.rpm

下载所需的SNORT& ALLIED LIBRARIES

http://www.tcpdump.org/release/libpcap-1.5.3.tar.gz http://sourceforge.net/projects/snort.mirror/files/Snort%202.9.5.6/snort-2.9.5.6.tar.gz/download http://sourceforge.net/projects/snort.mirror/files/Snort%202.9.5.6/daq-2.0.1.tar.gz/download

[注意:以下假设以上3个已下载到/ opt / CSCOlumos / SNORT]

安装LIBPCAP

cd / opt / CSCOlumos / SNORT

tar -xf libpcap-1.5.3.tar.gz

mv libpcap-1.5.3 / usr / local / src /

cd /usr/local/src/libpcap-1.5.3

./ configure --prefix = / usr

make install

/ sbin目录/ LDCONFIG

安装DAQ和SNORT

cd / opt / CSCOlumos / SNORT

tar -xf daq-2.0.1.tar.gz

cd daq-2.0.1

./配置

cd os-daq-modules

cd ..

make install

cd / opt / CSCOlumos / SNORT

tar -xf snort-2.9.5.6.tar.gz

cd snort-2.9.5.6

./配置

make install

修复libdnet LIBRARY ISSUES

cp -rp /usr/lib/vmware-tools/lib32/libdnet.so.1 / usr / local / lib /

/ sbin目录/ LDCONFIG

更新

mkdir -p / var / log / snort /

触摸/ var / log / snort / alert

测试SNORT

snort --version

,, _ - >哼了一声! < -   o“)〜版本2.9.5.6 GRE(Build 208)    ''''由Martin Roesch& Snort团队:http://www.snort.org/snort/snort-team            版权所有(C)1998-2013 Sourcefire,Inc.,et al。            使用libpcap 1.5.3版            使用PCRE版本:6.6 06-Feb-2006            使用ZLIB版本:1.2.3

配置IPV6过滤器和运行

vi /opt/test/SNORT/SNORT.conf

预处理程序frag3_global:max_frags 65536

预处理器frag3_engine:策略linux                     bind_to 2001 :: 99ed:d7c6:86f0:8e0a                     detect_anomalies

预处理器frag3_engine:policy linux detect_anomalies

现在运行:

snort -c /opt/test/SNORT/SNORT.conf

注意:这里的2001 :: 99ed:d7c6:86f0:8e0a是eth0(通信接口)ipv6地址。

相关问题
最新问题