zoukankan      html  css  js  c++  java
  • openwrt拦截snmp报文

    SNMP使用的协议为UDP,默认端口为161和162.

    使用iptables

    命令如下:

    iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP

    使用mib browser采集设备上的节点,会超时(timeout)

    在串口打开tcpdump打印消息如下:

    root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP
    root@hbg:/#
    root@hbg:/#
    root@hbg:/# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        
    DROP       udp  --  anywhere             anywhere             udp dpts:snmp:snmp-trap

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination  

    root@hbg:/# tcpdump
    tcpdump: WARNING: eth0: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    12:12:53.215582 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:53.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:12:54.215559 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:55.215538 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:55.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:12:55.509887 LLDP, length 138: TVWS
    12:12:55.899593 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
    12:12:55.899857 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
    12:12:55.900431 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime 查询报文
    12:12:56.215514 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:57.215491 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:57.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:12:58.215468 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:59.215445 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:59.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:00.215421 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:00.898934 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime 查询报文
    12:13:01.215396 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:01.449712 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:02.215372 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:02.339996 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
    12:13:03.215351 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:03.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:04.215327 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:05.215304 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:05.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:05.899351 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime  查询报文
    12:13:06.215279 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:07.215260 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    ^C
    29 packets captured
    29 packets received by filter
    0 packets dropped by kernel

    查询报文的次数在于你配置mib browser中retransmits的次数

    允许通过为:

    iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT

    root@hbg:/# iptables -D INPUT 1
    root@hbg:/# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination        
    root@hbg:/#
    root@hbg:/#
    root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT
    root@hbg:/# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        
    ACCEPT     udp  --  anywhere             anywhere             udp dpts:snmp:snmp-trap

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

    root@hbg:/# tcpdump
    tcpdump: WARNING: eth0: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    12:15:55.211339 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:55.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:15:55.629877 LLDP, length 138: TVWS
    12:15:56.211318 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:57.211291 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:57.449708 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:15:58.211269 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:58.702348 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
    12:15:58.702588 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
    12:15:58.703184 IP 192.168.2.234.58494 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime   查询报文
    12:15:58.704048 IP 192.168.2.125.snmp > 192.168.2.234.58494:  C=world GetResponse(28)  system.sysUpTime.0=304450  响应报文
    12:15:59.211246 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:59.449711 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:00.211223 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:00.561467 IP 192.168.2.234.58496 > 192.168.2.125.snmp:  C=world GetRequest(31)  E:45138.3030.1.1.4.0    查询报文
    12:16:00.598459 IP 192.168.2.125.snmp > 192.168.2.234.58496:  C=world GetResponse(35)  E:45138.3030.1.1.4.0=192.168.2.125  响应报文
    12:16:01.211198 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:01.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:02.211178 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:03.211152 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:03.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:03.709734 ARP, Request who-has 192.168.2.234 tell 192.168.2.125, length 28
    12:16:03.710467 ARP, Reply 192.168.2.234 is-at 54:ee:75:4a:37:b5 (oui Unknown), length 46
    12:16:04.211128 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:05.211106 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:05.338555 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
    12:16:05.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:06.211083 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:07.211060 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:07.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:08.211035 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:09.211012 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:09.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    ^C
    33 packets captured
    34 packets received by filter
    0 packets dropped by kernel

  • 相关阅读:
    PHP 使用 GET 传递数组变量
    Java实现 蓝桥杯 算法训练 数据交换
    Java实现 蓝桥杯 算法训练 数据交换
    Java实现 蓝桥杯 算法训练 数据交换
    Java实现 蓝桥杯 算法训练 景点游览
    Java实现 蓝桥杯 算法训练 景点游览
    Java实现 蓝桥杯 算法训练 景点游览
    Java实现 蓝桥杯 算法训练 二进制数数
    Java实现 蓝桥杯 算法训练 二进制数数
    Java实现 蓝桥杯 算法训练 二进制数数
  • 原文地址:https://www.cnblogs.com/rohens-hbg/p/5489557.html
Copyright © 2011-2022 走看看