zoukankan      html  css  js  c++  java
  • openwrt拦截snmp报文

    SNMP使用的协议为UDP,默认端口为161和162.

    使用iptables

    命令如下:

    iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP

    使用mib browser采集设备上的节点,会超时(timeout)

    在串口打开tcpdump打印消息如下:

    root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP
    root@hbg:/#
    root@hbg:/#
    root@hbg:/# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        
    DROP       udp  --  anywhere             anywhere             udp dpts:snmp:snmp-trap

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination  

    root@hbg:/# tcpdump
    tcpdump: WARNING: eth0: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    12:12:53.215582 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:53.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:12:54.215559 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:55.215538 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:55.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:12:55.509887 LLDP, length 138: TVWS
    12:12:55.899593 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
    12:12:55.899857 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
    12:12:55.900431 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime 查询报文
    12:12:56.215514 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:57.215491 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:57.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:12:58.215468 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:59.215445 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:12:59.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:00.215421 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:00.898934 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime 查询报文
    12:13:01.215396 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:01.449712 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:02.215372 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:02.339996 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
    12:13:03.215351 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:03.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:04.215327 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:05.215304 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:05.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:13:05.899351 IP 192.168.2.234.64411 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime  查询报文
    12:13:06.215279 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:13:07.215260 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    ^C
    29 packets captured
    29 packets received by filter
    0 packets dropped by kernel

    查询报文的次数在于你配置mib browser中retransmits的次数

    允许通过为:

    iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT

    root@hbg:/# iptables -D INPUT 1
    root@hbg:/# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination        
    root@hbg:/#
    root@hbg:/#
    root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT
    root@hbg:/# iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        
    ACCEPT     udp  --  anywhere             anywhere             udp dpts:snmp:snmp-trap

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

    root@hbg:/# tcpdump
    tcpdump: WARNING: eth0: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    12:15:55.211339 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:55.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:15:55.629877 LLDP, length 138: TVWS
    12:15:56.211318 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:57.211291 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:57.449708 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:15:58.211269 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:58.702348 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
    12:15:58.702588 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
    12:15:58.703184 IP 192.168.2.234.58494 > 192.168.2.125.snmp:  C=world GetNextRequest(24)  system.sysUpTime   查询报文
    12:15:58.704048 IP 192.168.2.125.snmp > 192.168.2.234.58494:  C=world GetResponse(28)  system.sysUpTime.0=304450  响应报文
    12:15:59.211246 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:15:59.449711 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:00.211223 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:00.561467 IP 192.168.2.234.58496 > 192.168.2.125.snmp:  C=world GetRequest(31)  E:45138.3030.1.1.4.0    查询报文
    12:16:00.598459 IP 192.168.2.125.snmp > 192.168.2.234.58496:  C=world GetResponse(35)  E:45138.3030.1.1.4.0=192.168.2.125  响应报文
    12:16:01.211198 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:01.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:02.211178 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:03.211152 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:03.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:03.709734 ARP, Request who-has 192.168.2.234 tell 192.168.2.125, length 28
    12:16:03.710467 ARP, Reply 192.168.2.234 is-at 54:ee:75:4a:37:b5 (oui Unknown), length 46
    12:16:04.211128 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:05.211106 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:05.338555 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
    12:16:05.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:06.211083 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:07.211060 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:07.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    12:16:08.211035 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:09.211012 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
    12:16:09.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
    ^C
    33 packets captured
    34 packets received by filter
    0 packets dropped by kernel

  • 相关阅读:
    Windows 2003 服务器 关闭IIS中FTP匿名访问
    Linux 服务器 关闭FTP匿名访问
    CentOS 7 配置本地 YUM源
    Linux中使用MegaCli工具查看、管理Raid卡信息
    Linux 6 本地网络配置方法
    勒索病毒,华为/H3C三层交换机/路由器用ACL访问控制实现端口禁用
    Linux RedHat7.0_64位系统中安装Oracle_11g_R2
    Linux 7 重置root密码
    windows 系统防火墙 添加端口号方法
    SpringBoot 2.x (12):整合Elasticsearch
  • 原文地址:https://www.cnblogs.com/rohens-hbg/p/5489557.html
Copyright © 2011-2022 走看看