Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <hatter> so
- <hatter> I think we'll do a little iptables session
- <hatter> kso
- <hatter> by default
- <tengu> TheEnigma: if you were being illegal, would you still use it?
- <hatter> you've got 3 chains of iptables
- <m4tr1c3s> there are no good free vpns
- <tengu> ok
- * hatter sets mode +m #school
- <Terminal> LESSON
- <hatter> IPTABLES
- <hatter> go
- <hatter> so
- <hatter> by default iptables has 3 traffic chains.
- <hatter> these chains are INPUT, OUTPUT, and FORWARD
- <hatter> you can view these chains by typing (as root)
- <hatter> iptables -nL
- <hatter> it will also show you all of your firewall rules.
- <hatter> Now then
- <hatter> when adding a firewall rule
- <hatter> you can either use INSERT or APPEND.
- <hatter> INSERT puts the rule at the BEGINNING of the chain.
- <hatter> APPEND puts the rule at the END of the chain.
- <hatter> iptables -A INPUT ....
- <hatter> would append a rule to the INPUT chain
- <hatter> additionally
- <hatter> Each chain has a default policy
- <hatter> you can access this policy with -P
- * TheEnigma has quit (Quit: Page closed)
- <hatter> here's an example default firewall
- <hatter> root ~ # iptables -nL
- <hatter> Chain INPUT (policy ACCEPT)
- <hatter> target prot opt source destination
- <hatter> Chain FORWARD (policy ACCEPT)
- <hatter> target prot opt source destination
- <hatter> Chain OUTPUT (policy ACCEPT)
- <hatter> target prot opt source destination
- <hatter> obviously all of the chains have the ACCEPT policy
- <hatter> To whitelist traffic, you may want to give the chains DROP policies
- <hatter> and then whitelist traffic with ACCEPT rules.
- * h0II0w has quit (Quit: http://www.mibbit.com ajax IRC Client)
- <hatter> there are several options that iptables provides for reacting to traffic.
- <hatter> these are specified with -j
- <hatter> and can be DROP, REJECT, ACCEPT, LOG, etc
- <hatter> REJECT for the tcp protocol has additional features
- <hatter> (you may use -p to specify a protocol)
- <hatter> You can specify the type of traffic rejection using --reject-with
- <hatter> for example,
- <hatter> iptables -I INPUT -p tcp -s 10.0.0.3 -j REJECT --reject-with icmp-host-unreachable
- <hatter> The -s switch in that is the source flag
- <hatter> for the source IP
- <hatter> during a ddos you might need to drop some traffic for outbound as wekk.
- <hatter> *well
- <kratos> (just an aside here, you'll need the iptables modules in your kernel - ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state would be a useful starting point, remember to modprobe them)
- <hatter> (unless you built them into your kernel)
- <hatter> ipt_string
- <hatter> is another good one
- <kratos> (oh, and the obvious ip_tables - and exactly, hatter, you don't need to modprobe them if they are built within your kernel as */Y)
- <hatter> You can then make iptables string matches
- <hatter> with ipt_string
- <hatter> n I think you can do qos
- <hatter> with ipt_conntrack
- <hatter> or something like that
- <hatter> iptables has a ton of modules
- <hatter> so
- <hatter> If you wanted to whitelist traffic on a webserver
- <hatter> you'd run
- <hatter> iptables -P INPUT DROP
- <hatter> iptables -P OUTPUT DROP
- <hatter> (no one run this right now)
- <hatter> iptables -I INPUT -j ACCEPT -p tcp --dport 80
- <hatter> iptables -I OUTPUT -j ACCEPT -p tcp --sport 80
- <hatter> now obviously
- <hatter> you will only want to do this if you have physical acccess to the machine
- <hatter> otherwise
- <hatter> you will need to whitelist port 22
- <hatter> as well
- <hatter> for ssh
- <hatter> etc
- <turbopinko> i have a really baller iptable script if anyone wants it...
- <kratos> it's suggested to make a script with a 5min timeout or so that restores your iptables config to it's previous state before making any changes
- <hatter> ^
- <kratos> this will ensure that you can test the configuration, and always have a chance of recovery
- <hatter> kratos is correct
- <hatter> one wrong move
- <hatter> on iptables
- <hatter> and you could be dropping all traffic to/from the box
- <turbopinko> if that happens and you have physical access iptables -F
- * TheCookling_ is now known as ThrCookling
- <hatter> won't fix it if the policies are set to drop, turbopinko
- * ThrCookling is now known as TheCookling
- <hatter> you'll just have no whitelisted traffic n drop everythin
- <hatter> need the backups
- <hatter> like kratos was sayin
- <kratos> oh, and be aware that if you're using this in conjunction with the port knocking from one of the last tutorials, you'll need to ensure that all the ports accept the correct traffic
- * k4n0n has quit (Ping timeout: 121 seconds)
- <kratos> all the ports involved in your knocking sequence, that is
- * A26D6F75 has quit (Ping timeout: 121 seconds)
- <m4tr1c3s> so iptables lets you selectively block ports?
- * TheCookling has quit (Quit: This is faggotry)
- <hatter> yep
- <kratos> yes
- <hatter> or just
- <kratos> any firewall does
- <hatter> small bits of traffic
- <hatter> string match
- <hatter> for example
- <kratos> indeed
- <kratos> or header match
- <m4tr1c3s> ah, cool
- <turbopinko> almost anything really..
- <kratos> it's a stateful firewall
- <hatter> you can block any packets containing a string
- <hatter> this can come in handy with some ddos types
- <hatter> because you can drop all the traffic with a particular user agent,
- <hatter> or going to a particular url
- <hatter> etc
- <kratos> you really don't want to reject, if it's any chance of being a ddos
- <hatter> ^
- <hatter> you really just want drop
- <hatter> reject will send traffic back
- <hatter> saying its not available
- <hatter> might not sound like a big deal
- <hatter> but during a ddos
- <hatter> you will spam your outbound pipe with tcpresets
- <hatter> if you don't drop traffic
- <hatter> lol
- <kratos> so both inbound and outbound will be clogged
- <hatter> ^
- <kratos> = server hell
- <hatter> ^
- * hatter sets mode -m #school
- <hatter> Gonna have a smoke
- <hatter> class = paused
- <kratos> :) ok
- <m4tr1c3s> so drop = fuck off, ignore = politely tell them to go away
- <kratos> yep
- <uno-5> m4tr1c3s: Drop just does nothing
- <kratos> exactly
- <kratos> drop just drops
- <kratos> as it says on the tin
- <kratos> drop = ignore
- <kratos> reject = politely request that the packet be returned to sender
- <turbopinko> http://pastebin.com/07LvEnJX
- <uno-5> Soo you have these 3 chains, but you can specify more?
- <turbopinko> there is a script of rules that are bawz
- <turbopinko> blocks port scans traceroute etc
- <turbopinko> but allows all the stuffs you want
- <xchg> will you cover other than filter table?
- <Terminal> well u can use iptables for SNAT and IP Masquerading if you have a network too right
- <Terminal> use them as a transparent proxy, port forwarding
- <atze> if you reboot, iptables is empty ^^
- <Terminal> etc...
- <xchg> and policy routing
- <atze> right?
- * toxology (toxology@AN-h5e.5ch.msrtiv.IP) has left #school
- <Terminal> atze if you reboot you can have linux load your iptables
- <Terminal> for example
- <Terminal> on a Fedora
- <Terminal> you copy to /etc/sysconfig/iptables
- <Terminal> but you can manually load
- <Terminal> saved iptables using the restore switch
- <Terminal> as in
- <Terminal> iptables--restore < /root/iptables
- <Terminal> if /root/iptables is where they were saved
- <Terminal> with iptables-save > /root/iptables
- <m4tr1c3s> just put it in your startup script
- <atze> i only wanted you to remember to say this not that the ppl later thing "WTF?" :D
- <Terminal> lol
- <hatter> kback
- <kratos> wb
- <hatter> sec
- <hatter> lemme tweet this class out
- <hatter> forgot about that
- * impact has quit (Quit: .)
- <Terminal> lol
- <hatter> kback
- <kratos> wb
- <hatter> sec
- <hatter> lemme tweet this class out
- <hatter> forgot about that
- * impact has quit (Quit: .)
- >Terminal< Hey, may I get the key to the new academy room, please?
- <hatter> Ok guys
- * fabrianchi is now known as tty0
- * Free_Speech (Free@a.place.with.rainbows) has joined #school
- * adrian1695 (adrianchen@AN-9s8.94g.eajctb.IP) has joined #school
- * ph0enix (ph0enix@we.are.all.alike) has joined #school
- * TheCookling (TheCookling@bless.this.faggotry) has joined #school
- * Goodk4t (Goodk4t@AN-4cg.6uj.ha358e.IP) has joined #school
- * Incognito (afraid@irc.here) has joined #school
- * joesm0d (joesm0d@AN-oc6.ae5.5mqbv0.IP) has joined #school
- * k4n0n (k4non@AN-dd1.ns9.5o5j1d.IP) has joined #school
- * Luuke (anon-mIRC@AN-n8h.o9h.8vc9rt.IP) has joined #school
- * MisterK (MisterK@AN-7eo.94t.kql9ch.IP) has joined #school
- * Moloch (Moloch@ride.my.dick) has joined #school
- * orbit (lawlertrawler@AN-5pr.jbe.2pkmgv.IP) has joined #school
- * janssen (janssen@AN-7u6.dqa.ql51ru.IP) has joined #school
- * toxology (toxology@AN-h5e.5ch.msrtiv.IP) has joined #school
- * jugh34d666 (Fuck@you.bitch) has joined #school
- * hatter sets mode -D #school
- * hatter sets mode +D #school
- * mcformat has quit (Ping timeout: 121 seconds)
- <hatter> kratos: shall we continue?
- <kratos> sure :)
- <hatter> awesome
- * hatter sets mode +m #school
- * jugh34d666 has quit (Quit: Cyaaaa)
- * hatter sets mode -D #school
- <hatter> anyway
- * AnonGato (Mibbit@AN-nge.5v2.a1gud7.IP) has joined #school
- <hatter> so, the -p flag of iptables designates protocol
- <hatter> options are (iirc) tcp,udp,icmp
- * r0t0 (Mibbit@AN-ob3.m31.nh5m2i.IP) has joined #school
- <hatter> when using the -p flag, you can then use two additional arguments
- <hatter> --sport and --dport
- <hatter> source port and destination port, respectively
- <kratos> also -i for interface and obviously -A for the chain you want to add it to
- * joesm0d has quit (Quit: Page closed)
- <hatter> right.
- <hatter> but you can't use --sport or --dport without the -p option.
- <kratos> INPUT for ingress traffic, ie from an external source and OUTPUT for traffic going out, ie egress. FORWARD for traffic routed through your machine.
- <kratos> yes
- <hatter> ^
- * No_Name2 has quit (Ping timeout: 121 seconds)
- <hatter> FORWARD rules are a real pain in the ass
- <hatter> and there are dozens of better solutions
- <hatter> although iptables is nice, lightweight, and scalable
- * larissa (larissa@ab.bc.cd) has left #school (Leaving)
- <hatter> writing the rules are more difficult for routing.
- <kratos> indeed
- <hatter> if you aren't going to be forwarding any traffic
- <hatter> iptables -P FORWARD DROP
- <hatter> is the way to go
- <hatter> you don't really need forwarding
- <m4tr1c3s> in what situations would you need to worry about traffic forwarding?
- <hatter> hmm,
- <hatter> Using iptables
- <hatter> you could build a router
- <hatter> like
- * tefaire (tefaire@va.net) has joined #school
- <kratos> if your box was a router or a gateway
- <hatter> the same thing as your linksys
- <kratos> yeah
- <hatter> except in a machine
- <m4tr1c3s> cool
- <kratos> like if you connected the box to the internet and had a switch behind it
- * janssen has quit (Quit: bya...)
- <hatter> yep.
- <hatter> Additionally,
- <MacGyver> could you not use it as a firewall
- <kratos> it would become a router, because it would route the packets through to the internal network
- <kratos> yes, MacGyver
- <kratos> iptables is firewall software
- <hatter> MacGyver: certainly
- <hatter> iptables also supports supports CIDR notation.
- <MacGyver> no i mean setup a box using iptables to be your firewall
- <Terminal> if you have only 1 public IP address but you want to use a pc other than your fiewall pc to provide Web, Ftp, etc
- <kratos> yes MacGyver
- <Terminal> *firewall
- <kratos> this is perfectly possible
- * tefaire (tefaire@va.net) has left #school
- <kratos> both locally, via a local network behind the box
- <hatter> ^
- <kratos> or exernally, via a VPN
- <hatter> ^
- <hatter> iptables also supports CIDR notation
- * Alucard112 has quit (Quit: )
- <hatter> so that part makes routing a /little/ easier
- <hatter> Since you can pass a range of hosts (e.g. 10.0.0.0/8)
- <hatter> for the entire 10.* subnet
- <hatter> or w/e
- <kratos> cidr notation is a method for allocating ip addresses and splitting them up into odd sizes, if you're not familiar with it
- <hatter> You can also block entire countries this way
- <hatter> http://en.wikipedia.org/wiki/CIDR_notation
- <kratos> basically, there are 32 bits in an ip address, you specify how many bits are the network
- <hatter> (4 bytes total for the ip address, lets it be held in a cpu register)
- <kratos> want me to go through subnetting?
- <hatter> do eet
- <kratos> ok
- <kratos> so an ip address is 32 bits, we got that
- <kratos> it's also split into 4 octets
- <kratos> each of them 8 bits
- <kratos> bits are just binary numbers, which can be 0 or 1
- <kratos> the easiest way to start out counting in binary
- * Goodk4t has quit (Quit: Computer has gone to sleep.)
- <kratos> is to use a table
- <kratos> simply start on the right
- <kratos> 1
- * binary (binary@from.lithuania.with.love) has left #school
- * binary (binary@from.lithuania.with.love) has joined #school
- <kratos> then double up
- <kratos> so an 8 bit binary number table is like so:
- * daytaehrzr has quit (A TLS packet with unexpected length was received.)
- * binary (binary@from.lithuania.with.love) has left #school
- * binary (binary@from.lithuania.with.love) has joined #school
- <MacGyver> 128 64 32 16 8 4 2 1
- <kratos> thanks
- * dystopia (j@AN-44b.261.iggv29.IP) has joined #school
- <kratos> so then you place your bits under that
- <turbopinko> we getting into subnetting now?
- <kratos> one bit under each number
- <kratos> for example, 11111111.11111111.111111111.00000000
- <kratos> this is pretty clear
- <kratos> 255.255.255.255
- * dystopia (j@AN-44b.261.iggv29.IP) has left #school
- <kratos> i mean
- <MacGyver> 255.255.255.0
- <kratos> 255.255.255.0
- <kratos> *
- <kratos> thanks
- <kratos> pretty tired
- <kratos> but yes, each set of 8 bits
- <kratos> when you apply the table to them
- <kratos> and add the numbers above each bit
- <kratos> you find that all 1s means 255
- <kratos> all 0s means 0
- <kratos> now, in this case
- <kratos> it's a class C subnet mask using the old system
- <kratos> this means you can have 254 hosts
- * ButtKickingForGoodness (Administrator@AN-02k.glh.tffpu4.IP) has joined #school
- <MacGyver> also if the most right bit is a 1 then it will always be an odd number
- <kratos> useful trick
- <kratos> but yes
- * kratos sets mode -m #school
- <kratos> is everybody following this so far?
- <uno-5> ya
- <patri0t> yes
- <m4tr1c3s> mm
- <AnonGato> si
- <kratos> any questions? :)
- <hatter> if anyone needs voice
- <hatter> pm any op
- <hatter> who is not talking
- <hatter> at the time
- <binary> lol
- <hatter> lol
- <kratos> :)
- <m4tr1c3s> i'm making killer log btw
- <hatter> thx
- <binary> [21:06:18] <@kratos> the easiest way to start out counting in binary
- <hatter> haha you got hilighted.
- <binary> counting on me
- <binary> lol
- <m4tr1c3s> logging lesson, will include man iptables and turbopinko's pastebin with them
- <patri0t> join #kill guys to get the killer logs :P
- <kratos> haha
- <m4tr1c3s> lol
- <hatter> no
- <kratos> ok
- <turbopinko> i like how it went from iptables to subnetting good stuffs
- <hatter> dont join #kill
- <kratos> let's continue
- * kratos sets mode +m #school
- <hatter> :)
- <kratos> now a class C is a /24 in CIDR notation
- <kratos> because CIDR simply states the amount of bits allocated to the network
- <kratos> let's say the ip we had was 123.233.122.121
- * Anon9e (androirc@AN-i3a.c8t.82ejq6.IP) has joined #school
- <hatter> which leaves 8 bits for the hosts
- <kratos> we know that with a cidr mask of /24
- <kratos> we can count 24 bits to the right
- <kratos> and that will be the network
- <kratos> this lets us know the size of that network, or the expected growth size depending on how it's been designed
- <kratos> 121 is the host
- <kratos> all the rest is the network :)
- * eggs has quit (Ping timeout: 121 seconds)
- <kratos> networks are an important concept in routing, as you need routers to transfer packets between networks, generally speaking
- <kratos> and addresses obviously signify networks and hosts, like streets and houses
- <kratos> so let's get on to the other two most common subnet classes
- <kratos> A and B
- <kratos> oh, i should add
- <kratos> these classes are kinda antiquated
- <kratos> created when the internet was still young
- <kratos> they are one of the main reasons why we are out of ipv4 addresses now
- * sublimepua has quit (Ping timeout: 121 seconds)
- <kratos> because so many companies have been sold massive blocks
- <kratos> of class as
- <kratos> class As are 255.0.0.0
- <kratos> or /8
- <hatter> yeah
- <kratos> with over 16 million hosts
- <MacGyver> class B /16 255.255.0.0
- <kratos> yep
- <hatter> +1
- <kratos> so there's an obvious pattern there
- <Theruler> its funny too because they dnt use half of the shit they have anyway
- <Theruler> pisses me
- <Theruler> off
- <kratos> ^
- <kratos> i dunno what they were thinking
- <Theruler> company buys a netblock of /16 and then only uses 1/2 it
- <kratos> now we've invented technologies like NAT to get around this problem
- <kratos> but the original concept was to have every machine have a public IP
- <kratos> let's give an example of an odd cidr mask
- * eggs (eggs@AN-p0g.6ce.jj0kbl.IP) has joined #school
- <kratos> /30
- <kratos> this will give you 4 hosts
- * Luuke has quit (Quit: anon-mIRC www.anonops.net)
- <kratos> and it's subnet mask is 255.255.255.252
- <kratos> let's ignore the 255s
- <kratos> we know they're all 1s
- <kratos> but for the 252
- <kratos> 128 64 32 16 8 4 2 1
- <kratos> 1 1 1 1 1 0 0
- <kratos> lol
- <kratos> *
- <hatter> because 2 + 1 = 3 and 255 - 3 = 252
- <kratos> yeah erm
- <kratos> excuse me there
- * Theruler gives voice to Incognito
- <kratos> mindfart
- <hatter> :)
- <kratos> so where were we?
- <kratos> ah yes
- <kratos> so yes, those two bits
- * ph0enix has quit (Connection closed)
- <kratos> can be flipped around in multiple different ways
- <kratos> 1 0, 0 1, 0 0, 1 1
- * ph0enix (ph0enix@we.are.all.alike) has joined #school
- <kratos> right?
- * kratos sets mode -m #school
- * Dsr has quit (Quit: Page closed)
- <kratos> you see it? :)
- <m4tr1c3s> mostly
- <kratos> well
- <m4tr1c3s> could you go over how we find out the size of a network from its last byte again?
- <Terminal> lol at least you have the balls to answer
- <Terminal> i see it
- * finJAN (finJAN@AN-32v.pmu.88df5u.IP) has joined #school
- <Incognito> u should give a lesson about subnetting
- <kratos> i'm going to move to vlsm in a mo
- <kratos> sorry, one sec
- <kratos> messages lol
- <kratos> ok
- <turbopinko> this basicly is subnetting...
- <Terminal> yes and kratos is finishing with subnet arithmetic for the most part
- * kratos sets mode +m #school
- <kratos> right
- <kratos> excuse me there
- * Captain|Akademika has quit (SSL Connection closed)
- <kratos> this gives us 4 different hosts
- <kratos> but we can't use all 4.
- <kratos> you know why?
- * Captain|Akademika (DerpyHooves@AN-7ek.tie.emtk3n.IP) has joined #school
- <Incognito> broadcast and network addreses
- <MacGyver> network address and broadcast
- <kratos> yep
- <kratos> the broadcast address is always the top address
- * JohnnyLurg (johnnylurg@you.watch.this.and.want.to.scratch.your.nose.now) has joined #school
- <kratos> network address is always the bottom address
- <kratos> in the subnet
- <kratos> now
- * JohnnyLurg has quit (SSL Connection closed)
- <kratos> 11111100
- <kratos> is the network address
- <kratos> or
- <kratos> well
- <kratos> yes
- <kratos> if you xor that
- <kratos> with the address
- <kratos> you'll get the network addresses
- * hatter sets mode -m #school
- <kratos> you can take this bit, hatter :)
- <kratos> if you want
- <hatter> well
- * Terminal gives voice to uno-5
- <kratos> xor and broadcast
- <hatter> if they want teh xor
- <hatter> i will teach them
- <kratos> :D
- <hatter> bitwise math
- <yngjungian> I would say yes
- <kratos> yep
- <uno-5> So
- <kratos> i'll brb then
- <hatter> the broadcast address sends to all the hosts on the network (and a lot of stuff won't let it go)
- <hatter> or won't let you send to broadcasts
- <xchg> I wrote small (tens of lines) tools in C to list all IPs from cidr notation and convert ip range to cidr notation for me to use in scripts, maybe someone could be intrested
- <hatter> pastebin it :)
- <hatter> now guys, xo
- <hatter> *xor
- * Terminal sets mode +m #school
- <uno-5> The cidr-notation tells me how much bytes of a network are reserved?
- <hatter> yep
- <uno-5> kk thx
- <hatter> xor is a bitwise operation that determines if two bits are the same or different.
- <hatter> if they are different, the result is 1
- <hatter> if they are the same, the result is 0
- <hatter> for example
- <hatter> 10101010 xor 01010101 = 11111111
- <hatter> 11111111 xor 11111111 = 00000000
- <hatter> anything xor'd with itself
- <hatter> is zero
- * Shaggy|away (Trouble@CSM.me) has joined #school
- * Max_95 (Maxbk_32@AN-shj.71f.vst3mh.IP) has joined #school
- * OrCuS (Scott@AN-v13.ek8.rt1an0.IP) has joined #school
- <Theruler> basicly all of the bad parts of the bible
- <Theruler> :P
- <Theruler> sorry im watching team america
- <Theruler> lol
- * hatter sets mode -m #school
- <hatter> any questions right now?
- * Elude (Elude@AN-p4j.3cr.129s7s.IP) has joined #school
- <m4tr1c3s> so, we find out the last byte of the address. convert it to binary. find out how many possible combinations there are between that address and 11111111, and that's how big the network is?
- <xchg> http://pastebin.com/Ez3wPK0n , here, also with xor example :)
- <kratos> not always the last byte, you want to grab all the bits that aren't covered by the CIDR mask or subnet mask
- <kratos> ie in 255.255.224.0
- <kratos> you'll be looking at the 254 bit
- <kratos> 224*
- <kratos> and xoring that
- <m4tr1c3s> ah ok
- <m4tr1c3s> thank you
- <kratos> or the equivilent block of ip, i should sya
- <kratos> so if the address is then 128.112.121.222
- <kratos> you'd be xoring the 121
- * reactor has quit (Ping timeout: 121 seconds)
- * reactor (cr4ck@AN-gag.bc1.c5gln5.IP) has joined #school
- <kratos> for the next part
- <kratos> grab a pen and paper if you can
- <kratos> it makes it so much easier
- <hatter> ^
- * ChanServ gives voice to reactor
- <hatter> especially your first time.
- <kratos> with space at the bottom
- <kratos> :)
- * m4tr1c3s wrote a binary converter 3 months ago in C which is very useful :)
- * lilybet (Mibbit@AN-r11.sll.2plrfq.IP) has joined #school
- <kratos> heh or that m4tr1c3s
- <kratos> also draw a box
- <kratos> nice and biggish
- <xchg> http://pastebin.com/GnHL9fp9, the other tool, to list ips
- <kratos> you all got that?
- <kratos> the box and binary table? :)
- * Sheska (Rene@AN-vqh.uha.kdo8r4.IP) has joined #school
- * cassan0va (aiem@girl.lover) has joined #school
- <kratos> waiting for a couple of ayes before i continue :P
- <Irradiate> Aye aye!
- <Anon9e> Aye
- <Irradiate> ... cap'n or something.
- <yngjungian> aye
- <patri0t> aye
- <Irradiate> Nay.
- * patri0t is now known as troll
- <troll> aye
- <Irradiate> Naye.
- * troll is now known as foo
- <toxology> yan
- <foo> aye
- * menot has quit (Quit: )
- * foo is now known as patri0t
- <kratos> ok
- * kratos sets mode +m #school
- <Irradiate> kratos, this means you should go further.
- <kratos> now
- <kratos> we have just been given the ip range
- <kratos> 126.181.212.0
- <kratos> we have a class C subnet, that means
- <kratos> or a /24
- <kratos> but we have a couple of different sized networks
- <kratos> and only that range
- <kratos> this isn't the most realistic scenario but the tools we use and techniques are very realistic
- <kratos> and will help you understand ip addresses indepth
- <kratos> so we know our subnet mask is 255.255.255.0
- <kratos> um
- <kratos> let's say we have 3 routers
- <kratos> with point to point connections
- <kratos> ie only requiring 2 ips for each connection
- <kratos> router a -> router b -> router c
- <kratos> so there are two connections there, for which we need two groups of 2 ips
- <kratos> we also have a large group of hosts
- <kratos> about 50 computers
- <kratos> and we have 2 groups of ~20 computers
- <kratos> let's make it a little more realistic
- <kratos> each of these networks
- <kratos> is connected to one of the routers
- <kratos> so
- <kratos> router a -> router b -> router c
- <kratos> 50 computers ^ 20 comps ^ 20 comps^
- <kratos> 50 to a, 20 to b, 20 to c
- <kratos> there are switches inbetween
- <kratos> but we don't need to worry about them when considering this address scheme, as they don't need addresses in our configuration
- <kratos> they use a different protocol lol
- <kratos> but ok
- * kratos sets mode -m #school
- <kratos> you all got that?
- <kratos> draw it up
- <Irradiate> Aye aye.
- <Irradiate> O wait.
- * MisterK has quit (Quit: Bye!)
- <Irradiate> The ->s represent a switch?
- <kratos> forget the switches for now
- <Irradiate> Right.
- <hatter> the -> are cat5 cords
- <kratos> they're not important to us in this example
- <hatter> lol
- <kratos> yes
- <AnonGato> the arrows represent a point to point connectiuon
- <kratos> A -> B -> C
- <Irradiate> Cuase the switches were kinda OT :D
- <turbopinko> so 90 hosts total?
- <Irradiate> *cause
- <kratos> yes
- <kratos> 90 total
- <cassan0va> how to join class?
- <Irradiate> Woo, somebody give him a math degree!
- <Irradiate> You are in one, cassan0va.
- <kratos> and we have the connections to the routers to consider too
- <turbopinko> well he said fifty at first then 20 20 so i got confused
- <cassan0va> yeah but am late
- <kratos> we only need to worry about one connection each group of hosts to router
- <cassan0va> when next class start?
- <kratos> so that's 2 router p2p
- <Irradiate> cassan0va: Just sit and listen, check the topic for records.
- <cassan0va> ok thanks
- <Irradiate> cassan0va: One class is here atm so shush, please.
- <kratos> and 3 hosts to router ptp
- <kratos> ptp it should be, p2p is peer to peer
- <kratos> ptp is point to point
- <kratos> so
- <kratos> we need
- <kratos> 5 ptp connections
- <kratos> and 90 hosts, split up 50-20-20
- <kratos> we need to give them all addresses
- <kratos> all got that?
- <Irradiate> Aye aye.
- <kratos> like understand it i mean?
- <Irradiate> I'm not gonna say aye for them :D
- <kratos> they can say aye for them :P
- <kratos> any questions, fire away?
- <Irradiate> Yuh.
- * Irradiate raises a hand.
- <kratos> what's up?
- <Irradiate> Never mind.
- <kratos> oh well
- * MissWonderful (a@AN-ein.ts5.h9h4mo.IP) has joined #school
- * kratos sets mode +m #school
- <kratos> let's continue
- * greenFingers (greenFingers@AN-60b.bli.nsfdo0.IP) has joined #school
- * Alucard112 (Alucard112@AN-vmh.sbp.4k1c1a.IP) has joined #school
- <kratos> but we don't want to just shove all these machines on the same network
- <kratos> splitting them up will seperate them, which is what we want
- <kratos> because they all hate each other and there was much drama between them
- <turbopinko> collision domains
- <kratos> indeed
- <kratos> or subnets
- <kratos> :)
- <kratos> so let's start with that box
- * Nil (Nil@AN-qpl.pk2.16f43b.IP) has joined #school
- <kratos> that represents all 255 addresses we have
- <kratos> the best way to start to segment them, is to split the number in half
- <kratos> so draw a line, horizontal or vertical
- * greenFingers has quit (Quit: Leaving)
- * Smokey024 has quit (Quit: http://www.mibbit.com ajax IRC Client)
- <kratos> now it's 126 hosts
- * MissWonderful has quit (Quit: Lost terminal)
- <kratos> for each of these networks
- <kratos> thing is, we need to half it again
- <kratos> because that's still far too much
- <kratos> and we're not planning for any expansions
- <kratos> infact, we know it's never going to happen
- <kratos> so split one of those boxes
- <kratos> and bam, you have two sets of 64 hosts
- <kratos> now
- <kratos> i should add that we can approximate network addresses with our picture
- <kratos> when we first split it, we created 2 networks
- <kratos> the first network started with 0
- * ZZ (Usu@AN-rn4.hko.auhuh6.IP) has joined #school
- <kratos> the next one with .128
- * eggs has quit (Ping timeout: 121 seconds)
- <hatter> yep
- * greenFingers (greenFingers@AN-60b.bli.nsfdo0.IP) has joined #school
- <kratos> :)
- <kratos> and when we split it again
- <kratos> presuming we split from the 0 subnet
- * AnonVon (AnonVon@AN-5h2.uvf.lc76do.IP) has joined #school
- <kratos> this used to be bad practise btw
- <kratos> but is now accepted
- <kratos> you would have .0 and .64
- <kratos> and .128
- <kratos> so ie. 2 sets of 64 addresses and one set of 128
- * Nil has quit (Connection closed)
- <kratos> now halfing it again would bring us down to 32
- <kratos> we don't need to worry about that yet
- <kratos> so let's reserve one of these blocks for our 50 host one
- <kratos> because it couldn't fit in a 32 host subnet
- <kratos> it'll have to go in a 64 host subnet
- <kratos> colour it in or name it :)
- <kratos> let's just go with the one starting with 0
- <kratos> why not?
- <kratos> 0 to 64 is now the 50 host block
- <kratos> note we started with the largest, i bet you can see why
- * kratos sets mode -m #school
- <kratos> still following?
- <Irradiate> Of course I am.
- * t0nicwater (Mibbit@google.com) has joined #school
- <xchg> why would someone split /24 subnet if they can work with whole 192.168./16 (and 172.. 10..) subnet? like 192.168.1/24 for first network and 192.168.2/24 for second and so on..
- <Anon9e> Si
- * miHah (Anonymous@AN-avo.hdt.4qr4b5.IP) has joined #school
- <kratos> because /24 is 255.255.255.0
- * t0nicwater (Mibbit@google.com) has left #school
- <kratos> ie this means you can only use the last 255 addresses
- <kratos> or the addresses in the last octet
- <xchg> i know
- <kratos> i know what you mean
- <kratos> but that's not the point
- <kratos> the example here is for publically routed ips
- <xchg> ah
- <kratos> the privately allocated ips
- <kratos> are not publically routable
- <kratos> :)
- <kratos> any other qs?
- <Irradiate> Prolly not.
- <hatter> ...
- <kratos> ok
- * kratos sets mode +m #school
- <hatter> :)
- <kratos> so basically, we now have 0-64
- * blueintheface (nicky@AN-ruh.qah.jqkctk.IP) has joined #school
- <kratos> for that network
- <kratos> write that down
- <kratos> it's important :)
- <kratos> now we need to worry about our two 20 host networks
- <kratos> well, that seems intuitive now, doesn't it?
- <kratos> we just use the other block from the half of the address space we're already using
- <kratos> easily done
- <kratos> so half that :)
- <kratos> now we have 64-96 and 96-128
- <kratos> the addresses we are writing overlap, but i'll explain how to sort that out after
- <kratos> we just need the ranges for now, even if they're roughish
- <kratos> now that's half of our space used
- * Idonthas (your@add.here) has joined #school
- <kratos> but that's fine, all we've got left to address is the 5 point to point connections
- * guest (guest@AN-87p.8pn.l18msa.IP) has joined #school
- <kratos> so for that, we're going to just keep splitting the first section of the second half until we get our 5 sets of 2 addresses
- <kratos> now this is where it's important to note that you'll be wanting 252s or /30s
- <kratos> ie you're really wanting 4 addresses
- <kratos> because you always add on the network and broadcast
- <kratos> +2
- * ti has quit (Quit: Client excited!)
- * kratos sets mode -m #school
- <kratos> so how are you guys getting on with that?
- <AnonGato> I thought you said it was two sets of two addresses
- <kratos> connections to routers + connections between routers
- <kratos> 5 sets
- <Irradiate> One set for each PtP connection, three for net-to-router, two for router-to-router.
- <Irradiate> ...
- <Irradiate> -.-
- <AnonGato> ah, lo ciento
- <kratos> if you run out of box space, draw a bigger box
- <kratos> 'zoom in' so to speak
- <kratos> :)
- <Irradiate> <insert cheesy laughter here>
- <kratos> brb
- <Irradiate> In the meantime, why don't we play a nice round of Absolute Silence?
- * AnonGato (Mibbit@AN-nge.5v2.a1gud7.IP) has left #school
- * Incognito has quit (Ping timeout: 121 seconds)
- * _polyurethane (pawlyurethane@AN-l7m.dit.531gt0.IP) has joined #school
- * Schadenfreude (schadenfreude@AN-6om.mqq.f56u1a.IP) has joined #school
- <RichyB> guys roughly what percentage of sqli lead to getting root or some sort of os-level breach
- * lilybet has quit (Quit: http://www.mibbit.com ajax IRC Client)
- * MissWonderful (MissW@nderfu.l) has joined #school
- <MissWonderful> sswonderful
- <Irradiate> Probably <10%...
- <Irradiate> <5% even...
- * JH (JH@AN-j97.5js.n69kba.IP) has joined #school
- <RichyB> so it is a really low % thats ok just so i know :)
- <Irradiate> I mean not a lot of root-permissive passwords are stored with SQL.
- <RichyB> yh
- * Alucard112 has quit (Ping timeout: 121 seconds)
- * nunes (n@AN-a6k.acp.phf5cd.IP) has joined #school
- * blueintheface has quit (Ping timeout: 121 seconds)
- <kratos> ok
- <kratos> all done?
- * kratos sets mode +m #school
- * Alucard112 (Alucard112@AN-u67.93k.4k1c1a.IP) has joined #school
- * orbit has quit (Client exited)
- * blueintheface (nicky@AN-ruh.qah.jqkctk.IP) has joined #school
- <kratos> so now we should have 5 sets of .252 or /30 address ranges
- * nyx- has quit (Ping timeout: 121 seconds)
- * Xeross (Xeross@AN-t2k.lbt.fleaq1.IP) has left #school (Kthxbai)
- <kratos> with 4 hosts each
- * hatter sets mode +D #school
- * kratos sets mode -m #school
- <kratos> what have you guys got?
- <r0t0> 'or1=1--
- * OrCuS (Scott@AN-v13.ek8.rt1an0.IP) has left #school
- <kratos> as far as ranges, i mean?
- <Irradiate> r0t0 hush with the SQLis.
- <kratos> 126.181.212.128, 136, 132, 140, 144 here
- <kratos> i'm not sure if anybody is actually doing this lol
- <kratos> leaving it till later, guys?
- <Irradiate> ;)
- <Irradiate> Don't worry, it still gets recorded...
- <Irradiate> Somehow...
- <MissWonderful> i came in late so not sure where we r otherwise i would =)
- <Irradiate> No need to pester everyone with their homework :D
- * Schadenfreude has quit (Quit: Logging off. . . . .)
- <r0t0> is there a schedule of upcoming subject matter/topics to be covered?
- <m4tr1c3s> I am reading
- <m4tr1c3s> although I'm a bit bewildered
- <kratos> go ahead and ask some questions if you want, m4tr1c3s
- <turbopinko> i was with you all the way till the last bit
- <kratos> don't worry too much about it, just ask
- <kratos> ok
- <m4tr1c3s> I need... to understand more
- <kratos> well here's a way you can do it
- <m4tr1c3s> in order to ask questions
- <kratos> take your extra block
- <kratos> the 128
- <MissWonderful> my question is r u gonna be writing for everything like the gen2 thing
- <kratos> divide it by 2
- <kratos> both half become seperate blocks
- <kratos> then divide those by 2
- <kratos> etc etc etc
- <MissWonderful> divide by 0
- <kratos> each time, divide the number of addresses by 2
- * kratos has kicked MissWonderful from #school (no, 2)
- <reactor> CEDT = CEST ?
- <kratos> you get it m4tr1c3s?
- <m4tr1c3s> nope
- <m4tr1c3s> you have 120 hosts
- <m4tr1c3s> connecting to 3 routers
- <m4tr1c3s> 50-20-20
- <m4tr1c3s> with 2 sets of ptp connections
- <kratos> the routers are connected to each other
- <kratos> with 2 ptp connections
- <kratos> each block of hosts
- <kratos> that is all 3 blocks
- <tengu> where do all the #school lesson copys get put please?
- <kratos> are connected via ptp connections too
- <Irradiate> !topic
- <m4tr1c3s> ok
- <Irradiate> tengu, topic.
- <m4tr1c3s> so
- <m4tr1c3s> 126.181.212.0 is the address of what?
- <m4tr1c3s> the minimum ip range?
- <kratos> that's the start address of the network
- <Alucard112> dam.. this stuff looks hard o:|.. question what time do lessions start :)?
- <m4tr1c3s> ok
- <kratos> we allocated that to our biggest group of hosts
- <kratos> this is a lesson, Alucard112
- <m4tr1c3s> then you xor that to find out how many connections there are
- <m4tr1c3s> right?
- <kratos> sorry, what?
- <kratos> you CAN xor the ip address to provide you with the subnet mask
- <kratos> or the network address, rather
- <kratos> with the subnet mask
- <kratos> xor the ip address with the subnet mask to produce a network address
- <kratos> lol i'm confusing myself
- <Irradiate> Indeed :D
- <kratos> yes
- <kratos> the last one
- <m4tr1c3s> lol
- <kratos> but yeah, so we're just taking the block of addresses
- <kratos> and splitting them
- <kratos> .0 becomes .0 and .128
- <r0t0> do you play on covering inverse masks?
- <kratos> erm, no
- <m4tr1c3s> oh
- <kratos> inverse masks would just confuse things, lol
- <Irradiate> Inverse mask = XOR 255.255.255.255?
- <Irradiate> With the original mask?
- * anonoops has quit (Client exited)
- <m4tr1c3s> so .0 to .255
- <m4tr1c3s> becomes
- <m4tr1c3s> .0 to .128 and .129 to .255
- <m4tr1c3s> and then we split again
- <kratos> yes m4tr1c3s
- <Alucard112> no i mean in genreal what time do they start :) missed this one and highly doubt id understand whats going on any ways :P but wana be here 4 tomorows one and would like to know time :)
- <kratos> so
- <Irradiate> Alucard112 at least wait till the end of this one with the schedule questions...
- * kratos sets mode +m #school
- <kratos> so
- <kratos> 126.181.212.0
- <kratos> 126.181.212.64
- <kratos> 126.181.212.96
- <kratos> 126.181.212.128
- <kratos> urgh lost focus
- <kratos> 126.181.212.132
- <kratos> 126.181.212.136
- <kratos> 126.181.212.140
- * Max_95 has quit (Quit: Saliendo)
- <kratos> 126.181.212.144
- <kratos> excuse the combobreaker
- <kratos> leaned on my mouse and it clicked and lost focus
- <kratos> those are our new networks
- <kratos> 255.255.255.192
- <kratos> 255.255.255.224
- <kratos> 255.255.255.224
- <kratos> 255.255.255.252
- <kratos> 255.255.255.252
- <kratos> 255.255.255.252
- <kratos> 255.255.255.252
- <kratos> 255.255.255.252
- <kratos> ok
- <kratos> so there's our subnets
- <kratos> now let's confirm this
- <kratos> 00000000
- <kratos> 11000000
- <kratos> = 00000000
- <kratos> xor
- <kratos> 1 + 0 = 0, 0 + 1 = 0, 0 + 0 = 0
- <kratos> only 1 + 1 = 1
- <kratos> oops
- <kratos> rightly noted
- <kratos> and
- <kratos> rightly notedmixed up for a sec
- <kratos> that's a bitwise and
- <kratos> but anyway
- <kratos> hm
- <kratos> ok hold on guys
- <kratos> i'm going to go check my shit for a sec, think i've made a little mistake here
- * Elude has quit (Quit: Leaving)
- <kratos> ok
- <kratos> correction
- <kratos> what you want is a bitwise and, i have been incorrectly calling it an xor
- <kratos> that will tell you the NETWORK addresses
- * JH has quit (Ping timeout: 121 seconds)
- <kratos> yes, the xor is a totally different thing, this is totally my bad and i apologise
- <kratos> to clean this up, xor is very useful in certain circumstances
- <kratos> but what we want to do here is an and
- <kratos> so, as i mentioned
- <kratos> 1 + 1 = 1, anything else = 0
- <kratos> that will give you the subnet mask
- <kratos> so r/xor/and will what i said above
- <kratos> *with
- * kratos sets mode -m #school
- <kratos> sorry guys :<
- <Irradiate> You are kinda confusing, you know :D
- * ZZ has quit (Quit: leaving)
- <kratos> indeed
- <hatter> Its cool kratos
- <hatter> you done good <3
- <kratos> just a mixup of terms
- <Irradiate> Yup.
- <hatter> kso
- <hatter> who was logging?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement