其實這個東西一聽就知道不用開迴向規則,因為FTP都不用了。不過還是測試一下,以下是RSH的測試情形:
rsh:很典型的運作,我並沒有開立迴向規則,但rsh client還是可以執行指令
在此可以看出rsh的port使用的是比較低的port (1022)
KS080-FW-FG100A-~ # diagnose sniffer packet internal 'host 59.105.191.159 and host 10.100.32.37'
interfaces=[internal]
filters=[host 59.105.191.159 and host 10.100.32.37]
17.383345 59.105.191.159.1023 -> 10.100.32.37.514: syn 124813949
17.383546 10.100.32.37.514 -> 59.105.191.159.1023: syn 3328922962 ack 124813950
17.384945 59.105.191.159.1023 -> 10.100.32.37.514: ack 3328922963
17.385015 59.105.191.159.1023 -> 10.100.32.37.514: psh 124813950 ack 3328922963
17.385180 10.100.32.37.514 -> 59.105.191.159.1023: ack 124813955
17.386397 10.100.32.37.1022 -> 59.105.191.159.1022: syn 2828457835
17.387884 59.105.191.159.1022 -> 10.100.32.37.1022: syn 313646095 ack 2828457836
17.388055 10.100.32.37.1022 -> 59.105.191.159.1022: ack 313646096
17.389497 59.105.191.159.1023 -> 10.100.32.37.514: psh 124813955 ack 3328922963
17.389670 10.100.32.37.514 -> 59.105.191.159.1023: ack 124813972
17.392663 10.100.32.37.514 -> 59.105.191.159.1023: psh 3328922963 ack 124813972
17.394048 59.105.191.159.1023 -> 10.100.32.37.514: ack 3328922964
17.394721 10.100.32.37.514 -> 59.105.191.159.1023: 3328922964 ack 124813972
17.394845 10.100.32.37.514 -> 59.105.191.159.1023: 3328924412 ack 124813972
17.394952 10.100.32.37.514 -> 59.105.191.159.1023: psh 3328925860 ack 124813972
17.395035 10.100.32.37.514 -> 59.105.191.159.1023: psh fin 3328927060 ack 124813972
17.395068 10.100.32.37.1022 -> 59.105.191.159.1022: fin 2828457836 ack 313646096
17.396794 59.105.191.159.1023 -> 10.100.32.37.514: ack 3328924412
17.397112 59.105.191.159.1023 -> 10.100.32.37.514: ack 3328925860
17.397317 59.105.191.159.1023 -> 10.100.32.37.514: ack 3328927060
17.397369 59.105.191.159.1022 -> 10.100.32.37.1022: ack 2828457837
17.398629 59.105.191.159.1022 -> 10.100.32.37.1022: fin 313646096 ack 2828457837
17.398680 59.105.191.159.1023 -> 10.100.32.37.514: fin 124813972 ack 3328927067
17.398802 10.100.32.37.1022 -> 59.105.191.159.1022: ack 313646097
17.398839 10.100.32.37.514 -> 59.105.191.159.1023: ack 124813973
以下是REXEC的測試情形,同樣沒有開立迴向規則,但還是會通。
Port位高很多。
KS080-FW-FG100A-~ # diagnose sniffer packet internal 'host 59.105.191.159 and host 10.100.32.37'
interfaces=[internal]
filters=[host 59.105.191.159 and host 10.100.32.37]
6.071296 59.105.191.159.59432 -> 10.100.32.37.512: syn 1770357772
6.071556 10.100.32.37.512 -> 59.105.191.159.59432: syn 1011819499 ack 1770357773
6.073041 59.105.191.159.59432 -> 10.100.32.37.512: ack 1011819500
6.073099 59.105.191.159.59432 -> 10.100.32.37.512: psh 1770357773 ack 1011819500
6.073226 10.100.32.37.512 -> 59.105.191.159.59432: ack 1770357779
6.074641 10.100.32.37.47809 -> 59.105.191.159.58852: syn 1063549796
6.076164 59.105.191.159.58852 -> 10.100.32.37.47809: syn 1201608936 ack 1063549797
6.076351 10.100.32.37.47809 -> 59.105.191.159.58852: ack 1201608937
6.077699 59.105.191.159.59432 -> 10.100.32.37.512: psh 1770357779 ack 1011819500
6.077874 10.100.32.37.512 -> 59.105.191.159.59432: ack 1770357799
6.084569 10.100.32.37.512 -> 59.105.191.159.59432: psh 1011819500 ack 1770357799
6.085916 59.105.191.159.59432 -> 10.100.32.37.512: ack 1011819501
6.086326 10.100.32.37.512 -> 59.105.191.159.59432: 1011819501 ack 1770357799
6.086450 10.100.32.37.512 -> 59.105.191.159.59432: 1011820949 ack 1770357799
6.086575 10.100.32.37.512 -> 59.105.191.159.59432: psh 1011822397 ack 1770357799
6.086620 10.100.32.37.47809 -> 59.105.191.159.58852: fin 1063549797 ack 1201608937
6.086655 10.100.32.37.512 -> 59.105.191.159.59432: psh fin 1011823597 ack 1770357799
6.088397 59.105.191.159.59432 -> 10.100.32.37.512: ack 1011820949
6.088708 59.105.191.159.59432 -> 10.100.32.37.512: ack 1011822397
6.088858 59.105.191.159.59432 -> 10.100.32.37.512: ack 1011823597
6.090055 59.105.191.159.58852 -> 10.100.32.37.47809: fin 1201608937 ack 1063549798
6.090114 59.105.191.159.59432 -> 10.100.32.37.512: fin 1770357799 ack 1011823604
6.090242 10.100.32.37.47809 -> 59.105.191.159.58852: ack 1201608938
6.090279 10.100.32.37.512 -> 59.105.191.159.59432: ack 1770357800
順便看一下rcp,並未看到開其它的Port,所以更單純。
klting@ubuntu:~$ vi rcp
827.296534 59.105.191.159.1023 -> 10.100.32.37.514: syn 4192287855
827.296709 10.100.32.37.514 -> 59.105.191.159.1023: syn 2950407792 ack 4192287856
827.298139 59.105.191.159.1023 -> 10.100.32.37.514: ack 2950407793
827.298192 59.105.191.159.1023 -> 10.100.32.37.514: psh 4192287856 ack 2950407793
827.298313 10.100.32.37.514 -> 59.105.191.159.1023: ack 4192287857
827.299695 59.105.191.159.1023 -> 10.100.32.37.514: psh 4192287857 ack 2950407793
827.299871 10.100.32.37.514 -> 59.105.191.159.1023: ack 4192287889
827.302149 10.100.32.37.514 -> 59.105.191.159.1023: psh 2950407793 ack 4192287889
827.302412 10.100.32.37.514 -> 59.105.191.159.1023: fin 2950407794 ack 4192287889
827.303561 59.105.191.159.1023 -> 10.100.32.37.514: ack 2950407794
827.303620 59.105.191.159.1023 -> 10.100.32.37.514: psh 4192287889 ack 2950407794
827.303782 10.100.32.37.514 -> 59.105.191.159.1023: rst 2950407794
827.303875 59.105.191.159.1023 -> 10.100.32.37.514: fin 4192287890 ack 2950407795
827.304030 10.100.32.37.514 -> 59.105.191.159.1023: rst 2950407795
沒有留言:
張貼留言