openwrt拦截snmp报文

zoukankan html css js c++ java

openwrt拦截snmp报文

SNMP使用的协议为UDP，默认端口为161和162.

使用iptables

命令如下：

iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP

使用mib browser采集设备上的节点，会超时（timeout）

在串口打开tcpdump打印消息如下：

root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j DROP
root@hbg:/#
root@hbg:/#
root@hbg:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp -- anywhere             anywhere             udp dpts:snmp:snmp-trap

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@hbg:/# tcpdump
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:12:53.215582 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:53.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:12:54.215559 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:55.215538 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:55.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:12:55.509887 LLDP, length 138: TVWS
12:12:55.899593 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
12:12:55.899857 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
12:12:55.900431 IP 192.168.2.234.64411 > 192.168.2.125.snmp: C=world GetNextRequest(24) system.sysUpTime 查询报文
12:12:56.215514 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:57.215491 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:57.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:12:58.215468 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:59.215445 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:12:59.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:00.215421 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:00.898934 IP 192.168.2.234.64411 > 192.168.2.125.snmp: C=world GetNextRequest(24) system.sysUpTime 查询报文
12:13:01.215396 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:01.449712 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:02.215372 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:02.339996 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
12:13:03.215351 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:03.449710 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:04.215327 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:05.215304 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:05.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:13:05.899351 IP 192.168.2.234.64411 > 192.168.2.125.snmp: C=world GetNextRequest(24) system.sysUpTime 查询报文
12:13:06.215279 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:13:07.215260 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
^C
29 packets captured
29 packets received by filter
0 packets dropped by kernel

查询报文的次数在于你配置mib browser中retransmits的次数

允许通过为:

iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT

root@hbg:/# iptables -D INPUT 1
root@hbg:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@hbg:/#
root@hbg:/#
root@hbg:/# iptables -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT
root@hbg:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp -- anywhere             anywhere             udp dpts:snmp:snmp-trap

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

root@hbg:/# tcpdump
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:15:55.211339 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:55.449706 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:15:55.629877 LLDP, length 138: TVWS
12:15:56.211318 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:57.211291 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:57.449708 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:15:58.211269 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:58.702348 ARP, Request who-has 192.168.2.125 tell 192.168.2.234, length 46
12:15:58.702588 ARP, Reply 192.168.2.125 is-at 00:11:22:33:44:56 (oui Unknown), length 28
12:15:58.703184 IP 192.168.2.234.58494 > 192.168.2.125.snmp: C=world GetNextRequest(24) system.sysUpTime   查询报文
12:15:58.704048 IP 192.168.2.125.snmp > 192.168.2.234.58494: C=world GetResponse(28) system.sysUpTime.0=304450 响应报文
12:15:59.211246 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:15:59.449711 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:00.211223 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:00.561467 IP 192.168.2.234.58496 > 192.168.2.125.snmp: C=world GetRequest(31) E:45138.3030.1.1.4.0    查询报文
12:16:00.598459 IP 192.168.2.125.snmp > 192.168.2.234.58496: C=world GetResponse(35) E:45138.3030.1.1.4.0=192.168.2.125 响应报文
12:16:01.211198 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:01.449707 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:02.211178 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:03.211152 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:03.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:03.709734 ARP, Request who-has 192.168.2.234 tell 192.168.2.125, length 28
12:16:03.710467 ARP, Reply 192.168.2.234 is-at 54:ee:75:4a:37:b5 (oui Unknown), length 46
12:16:04.211128 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:05.211106 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:05.338555 ARP, Request who-has 192.168.1.16 tell 192.168.1.234, length 46
12:16:05.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:06.211083 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:07.211060 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:07.449715 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
12:16:08.211035 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:09.211012 3c:46:d8:89:70:52 (oui Unknown) > Broadcast, RRCP-0x23 query
12:16:09.449709 STP 802.1d, Config, Flags [none], bridge-id 7fff.00:11:22:33:44:56.8001, length 35
^C
33 packets captured
34 packets received by filter
0 packets dropped by kernel

查看全文

相关阅读:
国内开源缺陷管理系统PPM Bug v1.0发布
 LUA、python、注册表和正则表达式简述
 精通Windows API 线程同步控制源码
 博士生传给硕士生的经验（转载）这实在是一篇少走许多学习弯路的好文章
 得到任务管理器的正在执行的程序列表系统的临时路径及临时文件绝对路径
 创建设一个开机自动运行的计划任务,并且命名和当前登陆用户名相关
 刚踏实入IT行业几个月感悟
 给IT新人的15点建议：苦逼程序员的辛酸反省与总结
 char转换成WCHAR简单方法
 字符操作、文件操作和CMD命令的使用——c/c++编

原文地址：https://www.cnblogs.com/rohens-hbg/p/5489557.html