[rsbac] restricting network access
Amon Ott
ao at rsbac.org
Thu Dec 18 09:18:51 CET 2003
On Donnerstag, 18. Dezember 2003 08:32, Andreas Baetz wrote:
> On Wednesday 17 December 2003 14:33, Amon Ott wrote:
> I used soft mode to get the connection and logged it with a sniffer.
>
> It seems that there is a SEND to the DNS Server, Port 53 (according to the
sniffer),
> which gets logged as SEND to the DNS Server, remote Port 13568 (according to
RSBAC).
>
> Then there is a reply by the DNS Server from Port 53 (according to the
sniffer),
> which gets logged as RECEIVE from the DNS Server, remote Port 13568
(according to RSBAC).
>
> Local Ports are the same in both logs.
>
> The remote Port which is logged by RSBAC doesn't change over several tries,
always 13568.
>
> I have a firewall in place which would prevent and log UDP's to high ports
such as 13568.
> There is no firewall log, even in softmode, so I suppose the packets really
go to remote Port 53.
OK, we almost got it: The byte order is wrong: 13568 is 256*53.
Please apply the attached patch against rsbac/data_structures/
aci_data_structures.c and retry. It might result in the wrong byte order at
other places, so please be careful.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Bin?rdaten wurde geschreddert...
Dateiname : remote-temp.diff
Dateityp : text/x-diff
Dateigr??e : 556 bytes
Beschreibung: nicht verf?gbar
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20031218/e9783965/remote-temp.bin
More information about the rsbac
mailing list