Публикации vit75 - Страница 7

Новые трояны. Как защититься?

тема додав vit75 до Софт

Видел как на компе с обновленным AGV, только что просканированным. Сидит некое ПО типа трона, с списке задач ничего левого, антивирус его не видит. Конектится с "хозяином" через НАТ. Хозяин может смотреть и делать все. Очевидно самодельное. На окошке клиента у хозяина нет названия проги, только цифры. Его не видит ни майкрософтовский антивирь ни Аваст. Как от такого защититься?

30 січня, 2018
10 ответов
- трояны

SpeedTest для локалки (альтернатива mini.speedtest.net)

тема ответил в vit75 пользователя vit75 в Софт

на их сайте не нашел как это сделать онлайн? писать письма?

30 січня, 2018
8 ответов
- speedtest

SpeedTest для локалки (альтернатива mini.speedtest.net)

тема ответил в vit75 пользователя vit75 в Софт

Нужно мерить именно локалку, установив у себя на сервере.

15 січня, 2018
8 ответов
- speedtest

SpeedTest для локалки (альтернатива mini.speedtest.net)

тема додав vit75 до Софт

Был хороший mini.speedtest.net для локалки. Но больше не поддерживается. Эти и подобные на HTML5 врут https://github.com/topics/html5-speedtest https://github.com/adolfintel/speedtest Кто какой использует? Может есть способ крякнуть старый mini.speedtest.net?

15 січня, 2018
8 ответов
- speedtest

Как вычислить arp-флуд?

тема ответил в vit75 пользователя vit75 в Залізо

Можете показать пример как выглядит флуд и как петля? Вот пример тсрдамп. есть что то подозрительное? 13:03:18.941859 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:18.953934 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.107 tell 192.168.7.101 13:03:18.959853 18:d6:c7:60:50:81 33:33:0:1:0:2 86dd 128: fe80::1ad6:c7ff:fe60:5081.546 > ff02::1:2.547: dhcp6 solicit 13:03:19.223880 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.160 tell 192.168.7.101 13:03:19.223883 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.6 tell 192.168.7.101 13:03:19.227424 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:19.243793 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:19.252299 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:19.257525 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:19.307065 0:27:22:1f:2d:8b 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:27:22:1e:2d:8b.8001 root 8000.00:c0:f6:64:6f:61 pathcost 119 age 0 max 20 hello 2 fdelay 15 13:03:19.375715 0:24:54:43:fb:24 1:0:5e:0:0:fc 0800 60: 192.168.24.6 > 224.0.0.252: igmp v2 report 224.0.0.252 [ttl 1] 13:03:19.445977 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0800 134: 192.168.7.101.5678 > 255.255.255.255.5678: udp 92 (DF) 13:03:19.445980 0:11:22:33:44:9f 1:0:c:cc:cc:cc 0050 94: CDP v1, ttl=120s DevID 'M' Addr (1): IPv4 192.168.7.101 PortID 'ether2-108' CAP 0x01 Version: (suppressed) Platform: 'MikroTik' 13:03:19.483125 0:11:22:33:44:9f 1:0:c:cc:cc:cc 0050 98: CDP v1, ttl=120s DevID 'M' Addr (1): IPv4 192.168.7.101 PortID 'ether2-108' CAP 0x01 Version: (suppressed) Platform: 'MikroTik'[!cdp] 13:03:19.484057 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.176 tell 192.168.7.101 13:03:19.533936 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.109 tell 192.168.7.101 13:03:19.533955 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.64 tell 192.168.7.101 13:03:19.548757 84:16:f9:53:9a:65 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe53:9a65.546 > ff02::1:2.547: dhcp6 solicit 13:03:19.582125 84:16:f9:91:76:b3 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe91:76b3.546 > ff02::1:2.547: dhcp6 solicit 13:03:19.600122 14:cc:20:2a:4:7 1:0:5e:0:0:7 0800 60: 192.168.7.128 > 224.0.0.7: igmp v2 report 224.0.0.7 (DF) [tos 0xc0] [ttl 1] 13:03:19.661884 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.102 tell 192.168.7.101 13:03:19.700857 18:a6:f7:86:2e:37 33:33:0:1:0:2 86dd 128: fe80::1aa6:f7ff:fe86:2e37.546 > ff02::1:2.547: dhcp6 solicit 13:03:19.760587 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.249 tell 192.168.7.100 13:03:19.764005 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:19.781046 0:15:6d:3e:24:3 1:0:5e:59:bc:1 0800 60: 192.168.1.88 > 233.89.188.1: igmp v2 report 233.89.188.1 (DF) [tos 0xc0] [ttl 1] 13:03:19.903317 0:27:22:1e:2d:12 1:0:5e:59:bc:1 0800 60: 192.168.1.36 > 233.89.188.1: igmp v2 report 233.89.188.1 (DF) [tos 0xc0] [ttl 1] 13:03:19.941479 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:19.951202 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.107 tell 192.168.7.101 13:03:19.960483 f0:b4:29:f2:22:b7 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.9.1 tell 192.168.9.19 13:03:19.977546 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:20.054993 18:d6:c7:4c:57:15 33:33:0:1:0:2 86dd 128: fe80::1ad6:c7ff:fe4c:5715.546 > ff02::1:2.547: dhcp6 solicit 13:03:20.105715 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.242 tell 192.168.7.100 13:03:20.223948 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.160 tell 192.168.7.101 13:03:20.223951 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.6 tell 192.168.7.101 13:03:20.260379 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:20.260837 84:16:f9:9d:e2:51 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe9d:e251.546 > ff02::1:2.547: dhcp6 solicit 13:03:20.272217 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:20.350951 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.101 tell 192.168.7.101 13:03:20.389373 84:16:f9:a8:9a:3d 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fea8:9a3d.546 > ff02::1:2.547: dhcp6 solicit 13:03:20.419001 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.100 tell 192.168.7.101 13:03:20.434041 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:20.482354 0:15:6d:8d:93:da 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:15:6d:8c:93:da.8001 root ffff.00:15:6d:8c:93:da pathcost 0 age 0 max 20 hello 2 fdelay 1 13:03:20.653162 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.102 tell 192.168.7.101 13:03:20.663322 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.109 tell 192.168.7.101 13:03:20.663324 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.64 tell 192.168.7.101 13:03:20.734636 84:16:f9:39:a:ff 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe39:aff.546 > ff02::1:2.547: dhcp6 solicit 13:03:20.757978 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.249 tell 192.168.7.100 13:03:20.761923 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:20.859414 c0:25:e9:d2:e1:9b 1:0:5e:7f:ff:fa 0800 60: 192.168.7.190 > 239.255.255.250: igmp v2 report 239.255.255.250 (DF) [tos 0xc0] [tt l 1] 13:03:20.893431 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.176 tell 192.168.7.101 13:03:20.952862 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.107 tell 192.168.7.101 13:03:21.272819 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:21.279964 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:21.300599 84:16:f9:9d:e2:51 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe9d:e251.546 > ff02::1:2.547: dhcp6 solicit 13:03:21.319156 84:16:f9:53:6f:d1 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe53:6fd1.546 > ff02::1:2.547: dhcp6 solicit 13:03:21.347930 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.101 tell 192.168.7.101 13:03:21.412003 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.100 tell 192.168.7.101 13:03:21.432345 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:21.460889 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.104 tell 192.168.7.101 13:03:21.651261 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.102 tell 192.168.7.101 13:03:21.663763 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.109 tell 192.168.7.101 13:03:21.663765 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.64 tell 192.168.7.101 13:03:21.677215 0:27:22:1f:2d:8b 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:27:22:1e:2d:8b.8001 root 8000.00:c0:f6:64:6f:61 pathcost 119 age 0 max 20 hello 2 fdelay 15 13:03:21.700910 18:a6:f7:86:2e:37 33:33:0:1:0:2 86dd 128: fe80::1aa6:f7ff:fe86:2e37.546 > ff02::1:2.547: dhcp6 solicit 13:03:21.730179 84:16:f9:53:46:c3 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe53:46c3.546 > ff02::1:2.547: dhcp6 solicit 13:03:21.757537 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.249 tell 192.168.7.100 13:03:21.767110 0:27:22:be:60:86 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.9.89 tell 192.168.9.89 13:03:21.767113 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:21.891410 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.176 tell 192.168.7.101 13:03:21.956327 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:21.962244 f0:b4:29:f2:22:b7 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.9.1 tell 192.168.9.19 13:03:22.007839 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.107 tell 192.168.7.101 13:03:22.028074 18:a6:f7:ae:dd:b9 33:33:0:1:0:2 86dd 128: fe80::1aa6:f7ff:feae:ddb9.546 > ff02::1:2.547: dhcp6 solicit 13:03:22.138467 84:16:f9:38:e7:39 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe38:e739.546 > ff02::1:2.547: dhcp6 solicit 13:03:22.204991 6c:c2:17:e4:14:7b 33:33:0:0:0:c 86dd 208: fe80::e51f:3214:b2ca:93e6.55488 > ff02::c.1900: udp 146 [hlim 1] 13:03:22.207320 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.7.87 tell 192.168.7.100 13:03:22.214548 84:16:f9:52:e4:f7 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe52:e4f7.546 > ff02::1:2.547: dhcp6 solicit 13:03:22.283240 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:22.295306 18:d6:c7:43:91:17 33:33:0:1:0:2 86dd 128: fe80::1ad6:c7ff:fe43:9117.546 > ff02::1:2.547: dhcp6 solicit 13:03:22.296962 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:22.341929 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.101 tell 192.168.7.101 13:03:22.365256 0:1f:1f:e2:83:55 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.13.155 tell 192.168.7.30 13:03:22.411916 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.100 tell 192.168.7.101 13:03:22.432118 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:22.453297 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.104 tell 192.168.7.101 13:03:22.482309 0:15:6d:8d:93:da 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:15:6d:8c:93:da.8001 root ffff.00:15:6d:8c:93:da pathcost 0 age 0 max 20 hello 2 fdelay 1 13:03:22.499752 c4:6e:1f:ed:52:5f 1:0:5e:0:0:2 0800 60: 192.168.7.129 > 224.0.0.2: igmp leave 224.0.0.113 (DF) [tos 0xc0] [ttl 1] 13:03:22.500503 0:1a:98:1:3c:58 1:0:5e:0:0:1 0800 60: 192.168.7.5 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 224.0.0.113] [tos 0xc0] [ttl 1] 13:03:22.500708 90:f6:52:89:e2:d7 1:0:5e:0:0:71 0800 60: 192.168.7.121 > 224.0.0.113: igmp v2 report 224.0.0.113 [ttl 1] 13:03:22.511912 c4:6e:1f:ed:52:5f 1:0:5e:0:0:71 0800 60: 192.168.7.129 > 224.0.0.113: igmp v2 report 224.0.0.113 (DF) [tos 0xc0] [ttl 1] 13:03:22.526366 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:22.587341 0:27:22:be:60:86 1:0:5e:59:bc:1 0800 60: 192.168.1.186 > 233.89.188.1: igmp v2 report 233.89.188.1 (DF) [tos 0xc0] [ttl 1] 13:03:22.664000 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.109 tell 192.168.7.101 13:03:22.689603 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.64 tell 192.168.7.101 13:03:22.761973 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:22.893992 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.176 tell 192.168.7.101 13:03:22.951293 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:22.967544 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.160 tell 192.168.7.101 13:03:22.967772 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.6 tell 192.168.7.101 13:03:23.002941 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.107 tell 192.168.7.101 13:03:23.128273 84:16:f9:53:95:69 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe53:9569.546 > ff02::1:2.547: dhcp6 solicit 13:03:23.152562 0:25:22:4c:32:e 33:33:0:1:0:2 86dd 155: fe80::7cf3:addb:4f58:9117.546 > ff02::1:2.547: dhcp6 solicit [hlim 1] 13:03:23.193526 84:16:f9:38:e7:39 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe38:e739.546 > ff02::1:2.547: dhcp6 solicit 13:03:23.279972 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:23.298437 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:23.300688 84:16:f9:9d:e2:51 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe9d:e251.546 > ff02::1:2.547: dhcp6 solicit 13:03:23.310244 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:23.451833 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.104 tell 192.168.7.101 13:03:23.554369 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:23.584932 0:27:22:1f:2d:8b 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:27:22:1e:2d:8b.8001 root 8000.00:c0:f6:64:6f:61 pathcost 119 age 0 max 20 hello 2 fdelay 15 13:03:23.599536 e8:94:f6:3:e4:6b 1:0:5e:2:0:fc 0800 60: 192.168.7.47 > 239.2.0.252: igmp v2 report 239.2.0.252 (DF) [tos 0xc0] [ttl 1] 13:03:23.719149 84:16:f9:f5:ca:ef ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.9.63 tell 192.168.9.63 13:03:23.737811 18:d6:c7:43:78:f 33:33:0:1:0:2 86dd 128: fe80::1ad6:c7ff:fe43:780f.546 > ff02::1:2.547: dhcp6 solicit 13:03:23.761974 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:23.788822 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.249 tell 192.168.7.100 13:03:23.943301 0:15:6d:9c:91:7b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.3.208 tell 192.168.3.208 13:03:23.953543 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:23.963081 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.160 tell 192.168.7.101 13:03:23.963084 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.6 tell 192.168.7.101 13:03:23.966951 f0:b4:29:f2:22:b7 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.9.1 tell 192.168.9.19 13:03:24.003243 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.107 tell 192.168.7.101 13:03:24.016378 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.100 tell 192.168.7.101 13:03:24.022094 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:24.181883 84:16:f9:53:95:69 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe53:9569.546 > ff02::1:2.547: dhcp6 solicit 13:03:24.185528 0:25:22:4c:32:e 33:33:0:1:0:2 86dd 155: fe80::7cf3:addb:4f58:9117.546 > ff02::1:2.547: dhcp6 solicit [hlim 1] 13:03:24.263831 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.176 tell 192.168.7.101 13:03:24.264325 0:15:6d:9e:52:ec 1:0:c:cc:cc:cc 0062 112: CDP v1, ttl=120s DevID '125' Addr (2): IPv4 192.168.1.25 IPv4 169.254.82.236 CAP 0x02 [!cdp] 13:03:24.315962 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:24.324485 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:24.471247 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:24.494365 0:15:6d:8d:93:da 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:15:6d:8c:93:da.8001 root ffff.00:15:6d:8c:93:da pathcost 0 age 0 max 20 hello 2 fdelay 1 13:03:24.552012 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:24.712738 e8:de:27:fd:47:5 1:0:5e:0:0:fb 0800 60: 192.168.7.53 > 224.0.0.251: igmp v2 report 224.0.0.251 (DF) [tos 0xc0] [ttl 1] 13:03:24.739574 18:d6:c7:71:b8:4f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.239 tell 192.168.0.239 13:03:24.764105 18:d6:c7:cd:8f:9d 33:33:0:1:0:2 86dd 128: fe80::1ad6:c7ff:fecd:8f9d.546 > ff02::1:2.547: dhcp6 solicit 13:03:24.779722 24:a4:3c:46:a0:7c 33:33:0:1:0:2 86dd 128: fe80::9ade:d0ff:fee4:6c87.546 > ff02::1:2.547: dhcp6 solicit 13:03:24.787378 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.249 tell 192.168.7.100 13:03:24.795277 18:d6:c7:4c:57:15 33:33:0:1:0:2 86dd 128: fe80::1ad6:c7ff:fe4c:5715.546 > ff02::1:2.547: dhcp6 solicit 13:03:24.873101 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:24.965198 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.101 tell 192.168.7.101 13:03:24.965203 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.160 tell 192.168.7.101 13:03:24.965206 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.6 tell 192.168.7.101 13:03:25.013013 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.100 tell 192.168.7.101 13:03:25.179133 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:25.205992 6c:c2:17:e4:14:7b 33:33:0:0:0:c 86dd 208: fe80::e51f:3214:b2ca:93e6.55488 > ff02::c.1900: udp 146 [hlim 1] 13:03:25.218721 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:25.262441 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.176 tell 192.168.7.101 13:03:25.330421 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:25.335697 84:16:f9:38:e7:39 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe38:e739.546 > ff02::1:2.547: dhcp6 solicit 13:03:25.341104 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:25.444917 0:50:8d:9e:b1:4f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.3.1 tell 192.168.3.158 13:03:25.539234 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.109 tell 192.168.7.101 13:03:25.539238 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.64 tell 192.168.7.101 13:03:25.552379 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:25.557085 18:a6:f7:86:2e:37 33:33:0:1:0:2 86dd 128: fe80::1aa6:f7ff:fe86:2e37.546 > ff02::1:2.547: dhcp6 solicit 13:03:25.726094 0:27:22:1f:2d:8b 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:27:22:1e:2d:8b.8001 root 8000.00:c0:f6:64:6f:61 pathcost 119 age 0 max 20 hello 2 fdelay 15 13:03:25.787426 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.249 tell 192.168.7.100 13:03:25.846609 24:a4:3c:46:a0:7c 33:33:0:1:0:2 86dd 128: fe80::9ade:d0ff:fee4:6c87.546 > ff02::1:2.547: dhcp6 solicit 13:03:25.871552 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:25.899201 18:d6:c7:4c:57:15 33:33:0:1:0:2 86dd 128: fe80::1ad6:c7ff:fe4c:5715.546 > ff02::1:2.547: dhcp6 solicit 13:03:25.952852 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.101 tell 192.168.7.101 13:03:25.965848 0:24:54:43:fb:24 ff:ff:ff:ff:ff:ff 0800 92: 192.168.24.6.137 > 192.168.24.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCA ST 13:03:26.013062 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.100 tell 192.168.7.101 13:03:26.125119 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.104 tell 192.168.7.101 13:03:26.173060 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:26.190070 0:25:22:4c:32:e 33:33:0:1:0:2 86dd 155: fe80::7cf3:addb:4f58:9117.546 > ff02::1:2.547: dhcp6 solicit [hlim 1] 13:03:26.261430 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.176 tell 192.168.7.101 13:03:26.307672 6c:c2:17:e4:14:7b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.1 tell 192.168.5.236 13:03:26.330823 84:16:f9:53:95:69 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe53:9569.546 > ff02::1:2.547: dhcp6 solicit 13:03:26.347161 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 255.255.255.255.2008: udp 20 13:03:26.357565 c8:5b:76:5b:9d:68 ff:ff:ff:ff:ff:ff 0800 62: 192.168.9.76.2008 > 192.168.255.255.2008: udp 20 13:03:26.465970 0:1f:1f:e2:83:55 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.13.156 tell 192.168.7.30 13:03:26.532156 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.109 tell 192.168.7.101 13:03:26.532242 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.64 tell 192.168.7.101 13:03:26.562751 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.5.87 tell 192.168.7.101 13:03:26.700932 84:16:f9:9d:de:65 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe9d:de65.546 > ff02::1:2.547: dhcp6 solicit 13:03:26.714217 54:e6:fc:ba:20:3f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.141 tell 192.168.0.141 13:03:26.741318 0:15:6d:8d:93:da 1:80:c2:0:0:0 0026 64: 802.1d config ffff.00:15:6d:8c:93:da.8001 root ffff.00:15:6d:8c:93:da pathcost 0 age 0 max 20 hello 2 fdelay 1 13:03:26.746556 f0:b4:29:f2:22:b7 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.9.1 tell 192.168.9.19 13:03:33.733387 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.100 tell 192.168.7.101 13:03:33.849810 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.249 tell 192.168.7.100 13:03:33.860725 84:16:f9:53:99:5 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe53:9905.546 > ff02::1:2.547: dhcp6 solicit 13:03:33.955718 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.65 tell 192.168.7.101 13:03:34.014205 0:27:22:be:60:86 1:0:5e:59:bc:1 0800 60: 192.168.1.186 > 233.89.188.1: igmp v2 report 233.89.188.1 (DF) [tos 0xc0] [ttl 1] 13:03:34.020868 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.0.107 tell 192.168.7.101 13:03:34.037835 84:16:f9:91:74:37 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe91:7437.546 > ff02::1:2.547: dhcp6 solicit 13:03:34.079549 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.95.97 tell 192.168.7.101 13:03:34.080270 84:16:f9:9e:0:8b 33:33:0:1:0:2 86dd 128: fe80::8616:f9ff:fe9e:8b.546 > ff02::1:2.547: dhcp6 solicit 13:03:34.091167 4c:72:b9:73:19:38 33:33:0:1:0:3 86dd 84: fe80::f521:a653:46a4:b8c1.56643 > ff02::1:3.5355: udp 22 [hlim 1]

15 січня, 2018
12 ответов
- флуд

Как вычислить arp-флуд?

тема ответил в vit75 пользователя vit75 в Залізо

Вот пример tcpdump. Как должен выглядеть флуд? Можно ли на Линуксе определить, что есть петля? Свич то как то умеет? /usr/sbin/tcpdump -e -i eth0 -nn arp tcpdump: listening on eth0 20:04:09.518585 0:11:22:33:44:9f ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.7.112 tell 192.168.7.101 20:04:09.539926 f0:b4:29:f2:22:b7 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.9.1 tell 192.168.9.19 20:04:09.592818 0:e0:4c:1a:3d:97 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 77.234.45.21 tell 77.109.34.129 20:04:09.686315 60:e3:27:24:98:cb ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.10.1 tell 192.168.7.166 20:04:09.723291 0:e0:4c:1a:3d:97 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 77.234.42.107 tell 77.109.34.129 20:04:09.802902 0:e0:4c:1a:3d:97 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 77.234.43.44 tell 77.109.34.129 20:04:09.826188 0:2:b3:2e:e4:af ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.1.249 tell 192.168.7.100 20:04:09.910602 0:2:b3:2e:e4:af 0:25:22:4c:32:e 0806 42: arp who-has 192.168.7.242 tell 192.168.7.100 20:04:09.911311 0:25:22:4c:32:e 0:2:b3:2e:e4:af 0806 60: arp reply 192.168.7.242 is-at 0:25:22:4c:32:e 20:04:10.140585 0:2:b3:2e:e4:af 0:e0:4c:1a:3d:97 0806 42: arp who-has 192.168.0.1 tell 192.168.7.100

14 січня, 2018
12 ответов
- флуд

Как вычислить arp-флуд?

тема додав vit75 до Залізо

Есть небольшая сетка. Часть по оптике, часть медь. Несколько управляемых коммутаторов, остальные нет. Сервер на Линукс. Изредка, иногда пару раз в день, иногда в час, появляется очевидно arp-флуд. Так как пинги между любыми компами идут с потерями 90%. Так 1-2 мин. Зайти на коммутатор отключить ветку тогда невозможно. Выключать часть сети и ждать пол дня не вариант. Какие есть способы вычислить? Возможно ли это увидеть по tcpdump на сервере? [root@]# /usr/sbin/tcpdump -n arp tcpdump: listening on eth0 13:20:08.314922 arp who-has 192.168.0.102 tell 192.168.7.101 13:20:08.365384 arp who-has 192.168.1.42 tell 192.168.7.101 13:20:08.443489 arp who-has 192.168.9.58 tell 192.168.0.1 13:20:08.443513 arp who-has 192.168.9.135 tell 192.168.9.1

12 січня, 2018
12 ответов
- флуд

Увійти

vit75

Всього повідомлень

Приєднався

Останній візит

Тип контенту

Профили

Форум

Календарь

Все, що було написано vit75

Новые трояны. Как защититься?

SpeedTest для локалки (альтернатива mini.speedtest.net)

SpeedTest для локалки (альтернатива mini.speedtest.net)

SpeedTest для локалки (альтернатива mini.speedtest.net)

Как вычислить arp-флуд?

Как вычислить arp-флуд?

Как вычислить arp-флуд?

Спільнота

Активність