API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 14th, 2011
4,897
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.90 KB | None | 0 0
raw download clone embed print report
  1. <hatter> so
  2. <hatter> I think we'll do a little iptables session
  3. <hatter> kso
  4. <hatter> by default
  5. <tengu> TheEnigma: if you were being illegal, would you still use it?
  6. <hatter> you've got 3 chains of iptables
  7. <m4tr1c3s> there are no good free vpns
  8. <tengu> ok
  9. * hatter sets mode +m #school
  10. <Terminal> LESSON
  11. <hatter> IPTABLES
  12. <hatter> go
  13. <hatter> so
  14. <hatter> by default iptables has 3 traffic chains.
  15. <hatter> these chains are INPUT, OUTPUT, and FORWARD
  16. <hatter> you can view these chains by typing (as root)
  17. <hatter> iptables -nL
  18. <hatter> it will also show you all of your firewall rules.
  19. <hatter> Now then
  20. <hatter> when adding a firewall rule
  21. <hatter> you can either use INSERT or APPEND.
  22. <hatter> INSERT puts the rule at the BEGINNING of the chain.
  23. <hatter> APPEND puts the rule at the END of the chain.
  24. <hatter> iptables -A INPUT ....
  25. <hatter> would append a rule to the INPUT chain
  26. <hatter> additionally
  27. <hatter> Each chain has a default policy
  28. <hatter> you can access this policy with -P
  29. * TheEnigma has quit (Quit: Page closed)
  30. <hatter> here's an example default firewall
  31. <hatter> root ~ # iptables -nL
  32. <hatter> Chain INPUT (policy ACCEPT)
  33. <hatter> target prot opt source destination
  34. <hatter> Chain FORWARD (policy ACCEPT)
  35. <hatter> target prot opt source destination
  36. <hatter> Chain OUTPUT (policy ACCEPT)
  37. <hatter> target prot opt source destination
  38. <hatter> obviously all of the chains have the ACCEPT policy
  39. <hatter> To whitelist traffic, you may want to give the chains DROP policies
  40. <hatter> and then whitelist traffic with ACCEPT rules.
  41. * h0II0w has quit (Quit: http://www.mibbit.com ajax IRC Client)
  42. <hatter> there are several options that iptables provides for reacting to traffic.
  43. <hatter> these are specified with -j
  44. <hatter> and can be DROP, REJECT, ACCEPT, LOG, etc
  45. <hatter> REJECT for the tcp protocol has additional features
  46. <hatter> (you may use -p to specify a protocol)
  47. <hatter> You can specify the type of traffic rejection using --reject-with
  48. <hatter> for example,
  49. <hatter> iptables -I INPUT -p tcp -s 10.0.0.3 -j REJECT --reject-with icmp-host-unreachable
  50. <hatter> The -s switch in that is the source flag
  51. <hatter> for the source IP
  52. <hatter> during a ddos you might need to drop some traffic for outbound as wekk.
  53. <hatter> *well
  54. <kratos> (just an aside here, you'll need the iptables modules in your kernel - ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state would be a useful starting point, remember to modprobe them)
  55. <hatter> (unless you built them into your kernel)
  56. <hatter> ipt_string
  57. <hatter> is another good one
  58. <kratos> (oh, and the obvious ip_tables - and exactly, hatter, you don't need to modprobe them if they are built within your kernel as */Y)
  59. <hatter> You can then make iptables string matches
  60. <hatter> with ipt_string
  61. <hatter> n I think you can do qos
  62. <hatter> with ipt_conntrack
  63. <hatter> or something like that
  64. <hatter> iptables has a ton of modules
  65. <hatter> so
  66. <hatter> If you wanted to whitelist traffic on a webserver
  67. <hatter> you'd run
  68. <hatter> iptables -P INPUT DROP
  69. <hatter> iptables -P OUTPUT DROP
  70. <hatter> (no one run this right now)
  71. <hatter> iptables -I INPUT -j ACCEPT -p tcp --dport 80
  72. <hatter> iptables -I OUTPUT -j ACCEPT -p tcp --sport 80
  73. <hatter> now obviously
  74. <hatter> you will only want to do this if you have physical acccess to the machine
  75. <hatter> otherwise
  76. <hatter> you will need to whitelist port 22
  77. <hatter> as well
  78. <hatter> for ssh
  79. <hatter> etc
  80. <turbopinko> i have a really baller iptable script if anyone wants it...
  81. <kratos> it's suggested to make a script with a 5min timeout or so that restores your iptables config to it's previous state before making any changes
  82. <hatter> ^
  83. <kratos> this will ensure that you can test the configuration, and always have a chance of recovery
  84. <hatter> kratos is correct
  85. <hatter> one wrong move
  86. <hatter> on iptables
  87. <hatter> and you could be dropping all traffic to/from the box
  88. <turbopinko> if that happens and you have physical access iptables -F
  89. * TheCookling_ is now known as ThrCookling
  90. <hatter> won't fix it if the policies are set to drop, turbopinko
  91. * ThrCookling is now known as TheCookling
  92. <hatter> you'll just have no whitelisted traffic n drop everythin
  93. <hatter> need the backups
  94. <hatter> like kratos was sayin
  95. <kratos> oh, and be aware that if you're using this in conjunction with the port knocking from one of the last tutorials, you'll need to ensure that all the ports accept the correct traffic
  96. * k4n0n has quit (Ping timeout: 121 seconds)
  97. <kratos> all the ports involved in your knocking sequence, that is
  98. * A26D6F75 has quit (Ping timeout: 121 seconds)
  99. <m4tr1c3s> so iptables lets you selectively block ports?
  100. * TheCookling has quit (Quit: This is faggotry)
  101. <hatter> yep
  102. <kratos> yes
  103. <hatter> or just
  104. <kratos> any firewall does
  105. <hatter> small bits of traffic
  106. <hatter> string match
  107. <hatter> for example
  108. <kratos> indeed
  109. <kratos> or header match
  110. <m4tr1c3s> ah, cool
  111. <turbopinko> almost anything really..
  112. <kratos> it's a stateful firewall
  113. <hatter> you can block any packets containing a string
  114. <hatter> this can come in handy with some ddos types
  115. <hatter> because you can drop all the traffic with a particular user agent,
  116. <hatter> or going to a particular url
  117. <hatter> etc
  118. <kratos> you really don't want to reject, if it's any chance of being a ddos
  119. <hatter> ^
  120. <hatter> you really just want drop
  121. <hatter> reject will send traffic back
  122. <hatter> saying its not available
  123. <hatter> might not sound like a big deal
  124. <hatter> but during a ddos
  125. <hatter> you will spam your outbound pipe with tcpresets
  126. <hatter> if you don't drop traffic
  127. <hatter> lol
  128. <kratos> so both inbound and outbound will be clogged
  129. <hatter> ^
  130. <kratos> = server hell
  131. <hatter> ^
  132. * hatter sets mode -m #school
  133. <hatter> Gonna have a smoke
  134. <hatter> class = paused
  135. <kratos> :) ok
  136. <m4tr1c3s> so drop = fuck off, ignore = politely tell them to go away
  137. <kratos> yep
  138. <uno-5> m4tr1c3s: Drop just does nothing
  139. <kratos> exactly
  140. <kratos> drop just drops
  141. <kratos> as it says on the tin
  142. <kratos> drop = ignore
  143. <kratos> reject = politely request that the packet be returned to sender
  144. <turbopinko> http://pastebin.com/07LvEnJX
  145. <uno-5> Soo you have these 3 chains, but you can specify more?
  146. <turbopinko> there is a script of rules that are bawz
  147. <turbopinko> blocks port scans traceroute etc
  148. <turbopinko> but allows all the stuffs you want
  149. <xchg> will you cover other than filter table?
  150. <Terminal> well u can use iptables for SNAT and IP Masquerading if you have a network too right
  151. <Terminal> use them as a transparent proxy, port forwarding
  152. <atze> if you reboot, iptables is empty ^^
  153. <Terminal> etc...
  154. <xchg> and policy routing
  155. <atze> right?
  156. * toxology (toxology@AN-h5e.5ch.msrtiv.IP) has left #school
  157. <Terminal> atze if you reboot you can have linux load your iptables
  158. <Terminal> for example
  159. <Terminal> on a Fedora
  160. <Terminal> you copy to /etc/sysconfig/iptables
  161. <Terminal> but you can manually load
  162. <Terminal> saved iptables using the restore switch
  163. <Terminal> as in
  164. <Terminal> iptables--restore < /root/iptables
  165. <Terminal> if /root/iptables is where they were saved
  166. <Terminal> with iptables-save > /root/iptables
  167. <m4tr1c3s> just put it in your startup script
  168. <atze> i only wanted you to remember to say this not that the ppl later thing "WTF?" :D
  169. <Terminal> lol
  170. <hatter> kback
  171. <kratos> wb
  172. <hatter> sec
  173. <hatter> lemme tweet this class out
  174. <hatter> forgot about that
  175. * impact has quit (Quit: .)
  176. <Terminal> lol
  177. <hatter> kback
  178. <kratos> wb
  179. <hatter> sec
  180. <hatter> lemme tweet this class out
  181. <hatter> forgot about that
  182. * impact has quit (Quit: .)
  183. >Terminal< Hey, may I get the key to the new academy room, please?
  184. <hatter> Ok guys
  185. * fabrianchi is now known as tty0
  186. * Free_Speech (Free@a.place.with.rainbows) has joined #school
  187. * adrian1695 (adrianchen@AN-9s8.94g.eajctb.IP) has joined #school
  188. * ph0enix (ph0enix@we.are.all.alike) has joined #school
  189. * TheCookling (TheCookling@bless.this.faggotry) has joined #school
  190. * Goodk4t (Goodk4t@AN-4cg.6uj.ha358e.IP) has joined #school
  191. * Incognito (afraid@irc.here) has joined #school
  192. * joesm0d (joesm0d@AN-oc6.ae5.5mqbv0.IP) has joined #school
  193. * k4n0n (k4non@AN-dd1.ns9.5o5j1d.IP) has joined #school
  194. * Luuke (anon-mIRC@AN-n8h.o9h.8vc9rt.IP) has joined #school
  195. * MisterK (MisterK@AN-7eo.94t.kql9ch.IP) has joined #school
  196. * Moloch (Moloch@ride.my.dick) has joined #school
  197. * orbit (lawlertrawler@AN-5pr.jbe.2pkmgv.IP) has joined #school
  198. * janssen (janssen@AN-7u6.dqa.ql51ru.IP) has joined #school
  199. * toxology (toxology@AN-h5e.5ch.msrtiv.IP) has joined #school
  200. * jugh34d666 (Fuck@you.bitch) has joined #school
  201. * hatter sets mode -D #school
  202. * hatter sets mode +D #school
  203. * mcformat has quit (Ping timeout: 121 seconds)
  204. <hatter> kratos: shall we continue?
  205. <kratos> sure :)
  206. <hatter> awesome
  207. * hatter sets mode +m #school
  208. * jugh34d666 has quit (Quit: Cyaaaa)
  209. * hatter sets mode -D #school
  210. <hatter> anyway
  211. * AnonGato (Mibbit@AN-nge.5v2.a1gud7.IP) has joined #school
  212. <hatter> so, the -p flag of iptables designates protocol
  213. <hatter> options are (iirc) tcp,udp,icmp
  214. * r0t0 (Mibbit@AN-ob3.m31.nh5m2i.IP) has joined #school
  215. <hatter> when using the -p flag, you can then use two additional arguments
  216. <hatter> --sport and --dport
  217. <hatter> source port and destination port, respectively
  218. <kratos> also -i for interface and obviously -A for the chain you want to add it to
  219. * joesm0d has quit (Quit: Page closed)
  220. <hatter> right.
  221. <hatter> but you can't use --sport or --dport without the -p option.
  222. <kratos> INPUT for ingress traffic, ie from an external source and OUTPUT for traffic going out, ie egress. FORWARD for traffic routed through your machine.
  223. <kratos> yes
  224. <hatter> ^
  225. * No_Name2 has quit (Ping timeout: 121 seconds)
  226. <hatter> FORWARD rules are a real pain in the ass
  227. <hatter> and there are dozens of better solutions
  228. <hatter> although iptables is nice, lightweight, and scalable
  229. * larissa (larissa@ab.bc.cd) has left #school (Leaving)
  230. <hatter> writing the rules are more difficult for routing.
  231. <kratos> indeed
  232. <hatter> if you aren't going to be forwarding any traffic
  233. <hatter> iptables -P FORWARD DROP
  234. <hatter> is the way to go
  235. <hatter> you don't really need forwarding
  236. <m4tr1c3s> in what situations would you need to worry about traffic forwarding?
  237. <hatter> hmm,
  238. <hatter> Using iptables
  239. <hatter> you could build a router
  240. <hatter> like
  241. * tefaire (tefaire@va.net) has joined #school
  242. <kratos> if your box was a router or a gateway
  243. <hatter> the same thing as your linksys
  244. <kratos> yeah
  245. <hatter> except in a machine
  246. <m4tr1c3s> cool
  247. <kratos> like if you connected the box to the internet and had a switch behind it
  248. * janssen has quit (Quit: bya...)
  249. <hatter> yep.
  250. <hatter> Additionally,
  251. <MacGyver> could you not use it as a firewall
  252. <kratos> it would become a router, because it would route the packets through to the internal network
  253. <kratos> yes, MacGyver
  254. <kratos> iptables is firewall software
  255. <hatter> MacGyver: certainly
  256. <hatter> iptables also supports supports CIDR notation.
  257. <MacGyver> no i mean setup a box using iptables to be your firewall
  258. <Terminal> if you have only 1 public IP address but you want to use a pc other than your fiewall pc to provide Web, Ftp, etc
  259. <kratos> yes MacGyver
  260. <Terminal> *firewall
  261. <kratos> this is perfectly possible
  262. * tefaire (tefaire@va.net) has left #school
  263. <kratos> both locally, via a local network behind the box
  264. <hatter> ^
  265. <kratos> or exernally, via a VPN
  266. <hatter> ^
  267. <hatter> iptables also supports CIDR notation
  268. * Alucard112 has quit (Quit: )
  269. <hatter> so that part makes routing a /little/ easier
  270. <hatter> Since you can pass a range of hosts (e.g. 10.0.0.0/8)
  271. <hatter> for the entire 10.* subnet
  272. <hatter> or w/e
  273. <kratos> cidr notation is a method for allocating ip addresses and splitting them up into odd sizes, if you're not familiar with it
  274. <hatter> You can also block entire countries this way
  275. <hatter> http://en.wikipedia.org/wiki/CIDR_notation
  276. <kratos> basically, there are 32 bits in an ip address, you specify how many bits are the network
  277. <hatter> (4 bytes total for the ip address, lets it be held in a cpu register)
  278. <kratos> want me to go through subnetting?
  279. <hatter> do eet
  280. <kratos> ok
  281. <kratos> so an ip address is 32 bits, we got that
  282. <kratos> it's also split into 4 octets
  283. <kratos> each of them 8 bits
  284. <kratos> bits are just binary numbers, which can be 0 or 1
  285. <kratos> the easiest way to start out counting in binary
  286. * Goodk4t has quit (Quit: Computer has gone to sleep.)
  287. <kratos> is to use a table
  288. <kratos> simply start on the right
  289. <kratos> 1
  290. * binary (binary@from.lithuania.with.love) has left #school
  291. * binary (binary@from.lithuania.with.love) has joined #school
  292. <kratos> then double up
  293. <kratos> so an 8 bit binary number table is like so:
  294. * daytaehrzr has quit (A TLS packet with unexpected length was received.)
  295. * binary (binary@from.lithuania.with.love) has left #school
  296. * binary (binary@from.lithuania.with.love) has joined #school
  297. <MacGyver> 128 64 32 16 8 4 2 1
  298. <kratos> thanks
  299. * dystopia (j@AN-44b.261.iggv29.IP) has joined #school
  300. <kratos> so then you place your bits under that
  301. <turbopinko> we getting into subnetting now?
  302. <kratos> one bit under each number
  303. <kratos> for example, 11111111.11111111.111111111.00000000
  304. <kratos> this is pretty clear
  305. <kratos> 255.255.255.255
  306. * dystopia (j@AN-44b.261.iggv29.IP) has left #school
  307. <kratos> i mean
  308. <MacGyver> 255.255.255.0
  309. <kratos> 255.255.255.0
  310. <kratos> *
  311. <kratos> thanks
  312. <kratos> pretty tired
  313. <kratos> but yes, each set of 8 bits
  314. <kratos> when you apply the table to them
  315. <kratos> and add the numbers above each bit
  316. <kratos> you find that all 1s means 255
  317. <kratos> all 0s means 0
  318. <kratos> now, in this case
  319. <kratos> it's a class C subnet mask using the old system
  320. <kratos> this means you can have 254 hosts
  321. * ButtKickingForGoodness (Administrator@AN-02k.glh.tffpu4.IP) has joined #school
  322. <MacGyver> also if the most right bit is a 1 then it will always be an odd number
  323. <kratos> useful trick
  324. <kratos> but yes
  325. * kratos sets mode -m #school
  326. <kratos> is everybody following this so far?
  327. <uno-5> ya
  328. <patri0t> yes
  329. <m4tr1c3s> mm
  330. <AnonGato> si
  331. <kratos> any questions? :)
  332. <hatter> if anyone needs voice
  333. <hatter> pm any op
  334. <hatter> who is not talking
  335. <hatter> at the time
  336. <binary> lol
  337. <hatter> lol
  338. <kratos> :)
  339. <m4tr1c3s> i'm making killer log btw
  340. <hatter> thx
  341. <binary> [21:06:18] <@kratos> the easiest way to start out counting in binary
  342. <hatter> haha you got hilighted.
  343. <binary> counting on me
  344. <binary> lol
  345. <m4tr1c3s> logging lesson, will include man iptables and turbopinko's pastebin with them
  346. <patri0t> join #kill guys to get the killer logs :P
  347. <kratos> haha
  348. <m4tr1c3s> lol
  349. <hatter> no
  350. <kratos> ok
  351. <turbopinko> i like how it went from iptables to subnetting good stuffs
  352. <hatter> dont join #kill
  353. <kratos> let's continue
  354. * kratos sets mode +m #school
  355. <hatter> :)
  356. <kratos> now a class C is a /24 in CIDR notation
  357. <kratos> because CIDR simply states the amount of bits allocated to the network
  358. <kratos> let's say the ip we had was 123.233.122.121
  359. * Anon9e (androirc@AN-i3a.c8t.82ejq6.IP) has joined #school
  360. <hatter> which leaves 8 bits for the hosts
  361. <kratos> we know that with a cidr mask of /24
  362. <kratos> we can count 24 bits to the right
  363. <kratos> and that will be the network
  364. <kratos> this lets us know the size of that network, or the expected growth size depending on how it's been designed
  365. <kratos> 121 is the host
  366. <kratos> all the rest is the network :)
  367. * eggs has quit (Ping timeout: 121 seconds)
  368. <kratos> networks are an important concept in routing, as you need routers to transfer packets between networks, generally speaking
  369. <kratos> and addresses obviously signify networks and hosts, like streets and houses
  370. <kratos> so let's get on to the other two most common subnet classes
  371. <kratos> A and B
  372. <kratos> oh, i should add
  373. <kratos> these classes are kinda antiquated
  374. <kratos> created when the internet was still young
  375. <kratos> they are one of the main reasons why we are out of ipv4 addresses now
  376. * sublimepua has quit (Ping timeout: 121 seconds)
  377. <kratos> because so many companies have been sold massive blocks
  378. <kratos> of class as
  379. <kratos> class As are 255.0.0.0
  380. <kratos> or /8
  381. <hatter> yeah
  382. <kratos> with over 16 million hosts
  383. <MacGyver> class B /16 255.255.0.0
  384. <kratos> yep
  385. <hatter> +1
  386. <kratos> so there's an obvious pattern there
  387. <Theruler> its funny too because they dnt use half of the shit they have anyway
  388. <Theruler> pisses me
  389. <Theruler> off
  390. <kratos> ^
  391. <kratos> i dunno what they were thinking
  392. <Theruler> company buys a netblock of /16 and then only uses 1/2 it
  393. <kratos> now we've invented technologies like NAT to get around this problem
  394. <kratos> but the original concept was to have every machine have a public IP
  395. <kratos> let's give an example of an odd cidr mask
  396. * eggs (eggs@AN-p0g.6ce.jj0kbl.IP) has joined #school
  397. <kratos> /30
  398. <kratos> this will give you 4 hosts
  399. * Luuke has quit (Quit: anon-mIRC www.anonops.net)
  400. <kratos> and it's subnet mask is 255.255.255.252
  401. <kratos> let's ignore the 255s
  402. <kratos> we know they're all 1s
  403. <kratos> but for the 252
  404. <kratos> 128 64 32 16 8 4 2 1
  405. <kratos> 1 1 1 1 1 0 0
  406. <kratos> lol
  407. <kratos> *
  408. <hatter> because 2 + 1 = 3 and 255 - 3 = 252
  409. <kratos> yeah erm
  410. <kratos> excuse me there
  411. * Theruler gives voice to Incognito
  412. <kratos> mindfart
  413. <hatter> :)
  414. <kratos> so where were we?
  415. <kratos> ah yes
  416. <kratos> so yes, those two bits
  417. * ph0enix has quit (Connection closed)
  418. <kratos> can be flipped around in multiple different ways
  419. <kratos> 1 0, 0 1, 0 0, 1 1
  420. * ph0enix (ph0enix@we.are.all.alike) has joined #school
  421. <kratos> right?
  422. * kratos sets mode -m #school
  423. * Dsr has quit (Quit: Page closed)
  424. <kratos> you see it? :)
  425. <m4tr1c3s> mostly
  426. <kratos> well
  427. <m4tr1c3s> could you go over how we find out the size of a network from its last byte again?
  428. <Terminal> lol at least you have the balls to answer
  429. <Terminal> i see it
  430. * finJAN (finJAN@AN-32v.pmu.88df5u.IP) has joined #school
  431. <Incognito> u should give a lesson about subnetting
  432. <kratos> i'm going to move to vlsm in a mo
  433. <kratos> sorry, one sec
  434. <kratos> messages lol
  435. <kratos> ok
  436. <turbopinko> this basicly is subnetting...
  437. <Terminal> yes and kratos is finishing with subnet arithmetic for the most part
  438. * kratos sets mode +m #school
  439. <kratos> right
  440. <kratos> excuse me there
  441. * Captain|Akademika has quit (SSL Connection closed)
  442. <kratos> this gives us 4 different hosts
  443. <kratos> but we can't use all 4.
  444. <kratos> you know why?
  445. * Captain|Akademika (DerpyHooves@AN-7ek.tie.emtk3n.IP) has joined #school
  446. <Incognito> broadcast and network addreses
  447. <MacGyver> network address and broadcast
  448. <kratos> yep
  449. <kratos> the broadcast address is always the top address
  450. * JohnnyLurg (johnnylurg@you.watch.this.and.want.to.scratch.your.nose.now) has joined #school
  451. <kratos> network address is always the bottom address
  452. <kratos> in the subnet
  453. <kratos> now
  454. * JohnnyLurg has quit (SSL Connection closed)
  455. <kratos> 11111100
  456. <kratos> is the network address
  457. <kratos> or
  458. <kratos> well
  459. <kratos> yes
  460. <kratos> if you xor that
  461. <kratos> with the address
  462. <kratos> you'll get the network addresses
  463. * hatter sets mode -m #school
  464. <kratos> you can take this bit, hatter :)
  465. <kratos> if you want
  466. <hatter> well
  467. * Terminal gives voice to uno-5
  468. <kratos> xor and broadcast
  469. <hatter> if they want teh xor
  470. <hatter> i will teach them
  471. <kratos> :D
  472. <hatter> bitwise math
  473. <yngjungian> I would say yes
  474. <kratos> yep
  475. <uno-5> So
  476. <kratos> i'll brb then
  477. <hatter> the broadcast address sends to all the hosts on the network (and a lot of stuff won't let it go)
  478. <hatter> or won't let you send to broadcasts
  479. <xchg> I wrote small (tens of lines) tools in C to list all IPs from cidr notation and convert ip range to cidr notation for me to use in scripts, maybe someone could be intrested
  480. <hatter> pastebin it :)
  481. <hatter> now guys, xo
  482. <hatter> *xor
  483. * Terminal sets mode +m #school
  484. <uno-5> The cidr-notation tells me how much bytes of a network are reserved?
  485. <hatter> yep
  486. <uno-5> kk thx
  487. <hatter> xor is a bitwise operation that determines if two bits are the same or different.
  488. <hatter> if they are different, the result is 1
  489. <hatter> if they are the same, the result is 0
  490. <hatter> for example
  491. <hatter> 10101010 xor 01010101 = 11111111
  492. <hatter> 11111111 xor 11111111 = 00000000
  493. <hatter> anything xor'd with itself
  494. <hatter> is zero
  495. * Shaggy|away (Trouble@CSM.me) has joined #school
  496. * Max_95 (Maxbk_32@AN-shj.71f.vst3mh.IP) has joined #school
  497. * OrCuS (Scott@AN-v13.ek8.rt1an0.IP) has joined #school
  498. <Theruler> basicly all of the bad parts of the bible
  499. <Theruler> :P
  500. <Theruler> sorry im watching team america
  501. <Theruler> lol
  502. * hatter sets mode -m #school
  503. <hatter> any questions right now?
  504. * Elude (Elude@AN-p4j.3cr.129s7s.IP) has joined #school
  505. <m4tr1c3s> so, we find out the last byte of the address. convert it to binary. find out how many possible combinations there are between that address and 11111111, and that's how big the network is?
  506. <xchg> http://pastebin.com/Ez3wPK0n , here, also with xor example :)
  507. <kratos> not always the last byte, you want to grab all the bits that aren't covered by the CIDR mask or subnet mask
  508. <kratos> ie in 255.255.224.0
  509. <kratos> you'll be looking at the 254 bit
  510. <kratos> 224*
  511. <kratos> and xoring that
  512. <m4tr1c3s> ah ok
  513. <m4tr1c3s> thank you
  514. <kratos> or the equivilent block of ip, i should sya
  515. <kratos> so if the address is then 128.112.121.222
  516. <kratos> you'd be xoring the 121
  517. * reactor has quit (Ping timeout: 121 seconds)
  518. * reactor (cr4ck@AN-gag.bc1.c5gln5.IP) has joined #school
  519. <kratos> for the next part
  520. <kratos> grab a pen and paper if you can
  521. <kratos> it makes it so much easier
  522. <hatter> ^
  523. * ChanServ gives voice to reactor
  524. <hatter> especially your first time.
  525. <kratos> with space at the bottom
  526. <kratos> :)
  527. * m4tr1c3s wrote a binary converter 3 months ago in C which is very useful :)
  528. * lilybet (Mibbit@AN-r11.sll.2plrfq.IP) has joined #school
  529. <kratos> heh or that m4tr1c3s
  530. <kratos> also draw a box
  531. <kratos> nice and biggish
  532. <xchg> http://pastebin.com/GnHL9fp9, the other tool, to list ips
  533. <kratos> you all got that?
  534. <kratos> the box and binary table? :)
  535. * Sheska (Rene@AN-vqh.uha.kdo8r4.IP) has joined #school
  536. * cassan0va (aiem@girl.lover) has joined #school
  537. <kratos> waiting for a couple of ayes before i continue :P
  538. <Irradiate> Aye aye!
  539. <Anon9e> Aye
  540. <Irradiate> ... cap'n or something.
  541. <yngjungian> aye
  542. <patri0t> aye
  543. <Irradiate> Nay.
  544. * patri0t is now known as troll
  545. <troll> aye
  546. <Irradiate> Naye.
  547. * troll is now known as foo
  548. <toxology> yan
  549. <foo> aye
  550. * menot has quit (Quit: )
  551. * foo is now known as patri0t
  552. <kratos> ok
  553. * kratos sets mode +m #school
  554. <Irradiate> kratos, this means you should go further.
  555. <kratos> now
  556. <kratos> we have just been given the ip range
  557. <kratos> 126.181.212.0
  558. <kratos> we have a class C subnet, that means
  559. <kratos> or a /24
  560. <kratos> but we have a couple of different sized networks
  561. <kratos> and only that range
  562. <kratos> this isn't the most realistic scenario but the tools we use and techniques are very realistic
  563. <kratos> and will help you understand ip addresses indepth
  564. <kratos> so we know our subnet mask is 255.255.255.0
  565. <kratos> um
  566. <kratos> let's say we have 3 routers
  567. <kratos> with point to point connections
  568. <kratos> ie only requiring 2 ips for each connection
  569. <kratos> router a -> router b -> router c
  570. <kratos> so there are two connections there, for which we need two groups of 2 ips
  571. <kratos> we also have a large group of hosts
  572. <kratos> about 50 computers
  573. <kratos> and we have 2 groups of ~20 computers
  574. <kratos> let's make it a little more realistic
  575. <kratos> each of these networks
  576. <kratos> is connected to one of the routers
  577. <kratos> so
  578. <kratos> router a -> router b -> router c
  579. <kratos> 50 computers ^ 20 comps ^ 20 comps^
  580. <kratos> 50 to a, 20 to b, 20 to c
  581. <kratos> there are switches inbetween
  582. <kratos> but we don't need to worry about them when considering this address scheme, as they don't need addresses in our configuration
  583. <kratos> they use a different protocol lol
  584. <kratos> but ok
  585. * kratos sets mode -m #school
  586. <kratos> you all got that?
  587. <kratos> draw it up
  588. <Irradiate> Aye aye.
  589. <Irradiate> O wait.
  590. * MisterK has quit (Quit: Bye!)
  591. <Irradiate> The ->s represent a switch?
  592. <kratos> forget the switches for now
  593. <Irradiate> Right.
  594. <hatter> the -> are cat5 cords
  595. <kratos> they're not important to us in this example
  596. <hatter> lol
  597. <kratos> yes
  598. <AnonGato> the arrows represent a point to point connectiuon
  599. <kratos> A -> B -> C
  600. <Irradiate> Cuase the switches were kinda OT :D
  601. <turbopinko> so 90 hosts total?
  602. <Irradiate> *cause
  603. <kratos> yes
  604. <kratos> 90 total
  605. <cassan0va> how to join class?
  606. <Irradiate> Woo, somebody give him a math degree!
  607. <Irradiate> You are in one, cassan0va.
  608. <kratos> and we have the connections to the routers to consider too
  609. <turbopinko> well he said fifty at first then 20 20 so i got confused
  610. <cassan0va> yeah but am late
  611. <kratos> we only need to worry about one connection each group of hosts to router
  612. <cassan0va> when next class start?
  613. <kratos> so that's 2 router p2p
  614. <Irradiate> cassan0va: Just sit and listen, check the topic for records.
  615. <cassan0va> ok thanks
  616. <Irradiate> cassan0va: One class is here atm so shush, please.
  617. <kratos> and 3 hosts to router ptp
  618. <kratos> ptp it should be, p2p is peer to peer
  619. <kratos> ptp is point to point
  620. <kratos> so
  621. <kratos> we need
  622. <kratos> 5 ptp connections
  623. <kratos> and 90 hosts, split up 50-20-20
  624. <kratos> we need to give them all addresses
  625. <kratos> all got that?
  626. <Irradiate> Aye aye.
  627. <kratos> like understand it i mean?
  628. <Irradiate> I'm not gonna say aye for them :D
  629. <kratos> they can say aye for them :P
  630. <kratos> any questions, fire away?
  631. <Irradiate> Yuh.
  632. * Irradiate raises a hand.
  633. <kratos> what's up?
  634. <Irradiate> Never mind.
  635. <kratos> oh well
  636. * MissWonderful (a@AN-ein.ts5.h9h4mo.IP) has joined #school
  637. * kratos sets mode +m #school
  638. <kratos> let's continue
  639. * greenFingers (greenFingers@AN-60b.bli.nsfdo0.IP) has joined #school
  640. * Alucard112 (Alucard112@AN-vmh.sbp.4k1c1a.IP) has joined #school
  641. <kratos> but we don't want to just shove all these machines on the same network
  642. <kratos> splitting them up will seperate them, which is what we want
  643. <kratos> because they all hate each other and there was much drama between them
  644. <turbopinko> collision domains
  645. <kratos> indeed
  646. <kratos> or subnets
  647. <kratos> :)
  648. <kratos> so let's start with that box
  649. * Nil (Nil@AN-qpl.pk2.16f43b.IP) has joined #school
  650. <kratos> that represents all 255 addresses we have
  651. <kratos> the best way to start to segment them, is to split the number in half
  652. <kratos> so draw a line, horizontal or vertical
  653. * greenFingers has quit (Quit: Leaving)
  654. * Smokey024 has quit (Quit: http://www.mibbit.com ajax IRC Client)
  655. <kratos> now it's 126 hosts
  656. * MissWonderful has quit (Quit: Lost terminal)
  657. <kratos> for each of these networks
  658. <kratos> thing is, we need to half it again
  659. <kratos> because that's still far too much
  660. <kratos> and we're not planning for any expansions
  661. <kratos> infact, we know it's never going to happen
  662. <kratos> so split one of those boxes
  663. <kratos> and bam, you have two sets of 64 hosts
  664. <kratos> now
  665. <kratos> i should add that we can approximate network addresses with our picture
  666. <kratos> when we first split it, we created 2 networks
  667. <kratos> the first network started with 0
  668. * ZZ (Usu@AN-rn4.hko.auhuh6.IP) has joined #school
  669. <kratos> the next one with .128
  670. * eggs has quit (Ping timeout: 121 seconds)
  671. <hatter> yep
  672. * greenFingers (greenFingers@AN-60b.bli.nsfdo0.IP) has joined #school
  673. <kratos> :)
  674. <kratos> and when we split it again
  675. <kratos> presuming we split from the 0 subnet
  676. * AnonVon (AnonVon@AN-5h2.uvf.lc76do.IP) has joined #school
  677. <kratos> this used to be bad practise btw
  678. <kratos> but is now accepted
  679. <kratos> you would have .0 and .64
  680. <kratos> and .128
  681. <kratos> so ie. 2 sets of 64 addresses and one set of 128
  682. * Nil has quit (Connection closed)
  683. <kratos> now halfing it again would bring us down to 32
  684. <kratos> we don't need to worry about that yet
  685. <kratos> so let's reserve one of these blocks for our 50 host one
  686. <kratos> because it couldn't fit in a 32 host subnet
  687. <kratos> it'll have to go in a 64 host subnet
  688. <kratos> colour it in or name it :)
  689. <kratos> let's just go with the one starting with 0
  690. <kratos> why not?
  691. <kratos> 0 to 64 is now the 50 host block
  692. <kratos> note we started with the largest, i bet you can see why
  693. * kratos sets mode -m #school
  694. <kratos> still following?
  695. <Irradiate> Of course I am.
  696. * t0nicwater (Mibbit@google.com) has joined #school
  697. <xchg> why would someone split /24 subnet if they can work with whole 192.168./16 (and 172.. 10..) subnet? like 192.168.1/24 for first network and 192.168.2/24 for second and so on..
  698. <Anon9e> Si
  699. * miHah (Anonymous@AN-avo.hdt.4qr4b5.IP) has joined #school
  700. <kratos> because /24 is 255.255.255.0
  701. * t0nicwater (Mibbit@google.com) has left #school
  702. <kratos> ie this means you can only use the last 255 addresses
  703. <kratos> or the addresses in the last octet
  704. <xchg> i know
  705. <kratos> i know what you mean
  706. <kratos> but that's not the point
  707. <kratos> the example here is for publically routed ips
  708. <xchg> ah
  709. <kratos> the privately allocated ips
  710. <kratos> are not publically routable
  711. <kratos> :)
  712. <kratos> any other qs?
  713. <Irradiate> Prolly not.
  714. <hatter> ...
  715. <kratos> ok
  716. * kratos sets mode +m #school
  717. <hatter> :)
  718. <kratos> so basically, we now have 0-64
  719. * blueintheface (nicky@AN-ruh.qah.jqkctk.IP) has joined #school
  720. <kratos> for that network
  721. <kratos> write that down
  722. <kratos> it's important :)
  723. <kratos> now we need to worry about our two 20 host networks
  724. <kratos> well, that seems intuitive now, doesn't it?
  725. <kratos> we just use the other block from the half of the address space we're already using
  726. <kratos> easily done
  727. <kratos> so half that :)
  728. <kratos> now we have 64-96 and 96-128
  729. <kratos> the addresses we are writing overlap, but i'll explain how to sort that out after
  730. <kratos> we just need the ranges for now, even if they're roughish
  731. <kratos> now that's half of our space used
  732. * Idonthas (your@add.here) has joined #school
  733. <kratos> but that's fine, all we've got left to address is the 5 point to point connections
  734. * guest (guest@AN-87p.8pn.l18msa.IP) has joined #school
  735. <kratos> so for that, we're going to just keep splitting the first section of the second half until we get our 5 sets of 2 addresses
  736. <kratos> now this is where it's important to note that you'll be wanting 252s or /30s
  737. <kratos> ie you're really wanting 4 addresses
  738. <kratos> because you always add on the network and broadcast
  739. <kratos> +2
  740. * ti has quit (Quit: Client excited!)
  741. * kratos sets mode -m #school
  742. <kratos> so how are you guys getting on with that?
  743. <AnonGato> I thought you said it was two sets of two addresses
  744. <kratos> connections to routers + connections between routers
  745. <kratos> 5 sets
  746. <Irradiate> One set for each PtP connection, three for net-to-router, two for router-to-router.
  747. <Irradiate> ...
  748. <Irradiate> -.-
  749. <AnonGato> ah, lo ciento
  750. <kratos> if you run out of box space, draw a bigger box
  751. <kratos> 'zoom in' so to speak
  752. <kratos> :)
  753. <Irradiate> <insert cheesy laughter here>
  754. <kratos> brb
  755. <Irradiate> In the meantime, why don't we play a nice round of Absolute Silence?
  756. * AnonGato (Mibbit@AN-nge.5v2.a1gud7.IP) has left #school
  757. * Incognito has quit (Ping timeout: 121 seconds)
  758. * _polyurethane (pawlyurethane@AN-l7m.dit.531gt0.IP) has joined #school
  759. * Schadenfreude (schadenfreude@AN-6om.mqq.f56u1a.IP) has joined #school
  760. <RichyB> guys roughly what percentage of sqli lead to getting root or some sort of os-level breach
  761. * lilybet has quit (Quit: http://www.mibbit.com ajax IRC Client)
  762. * MissWonderful (MissW@nderfu.l) has joined #school
  763. <MissWonderful> sswonderful
  764. <Irradiate> Probably <10%...
  765. <Irradiate> <5% even...
  766. * JH (JH@AN-j97.5js.n69kba.IP) has joined #school
  767. <RichyB> so it is a really low % thats ok just so i know :)
  768. <Irradiate> I mean not a lot of root-permissive passwords are stored with SQL.
  769. <RichyB> yh
  770. * Alucard112 has quit (Ping timeout: 121 seconds)
  771. * nunes (n@AN-a6k.acp.phf5cd.IP) has joined #school
  772. * blueintheface has quit (Ping timeout: 121 seconds)
  773. <kratos> ok
  774. <kratos> all done?
  775. * kratos sets mode +m #school
  776. * Alucard112 (Alucard112@AN-u67.93k.4k1c1a.IP) has joined #school
  777. * orbit has quit (Client exited)
  778. * blueintheface (nicky@AN-ruh.qah.jqkctk.IP) has joined #school
  779. <kratos> so now we should have 5 sets of .252 or /30 address ranges
  780. * nyx- has quit (Ping timeout: 121 seconds)
  781. * Xeross (Xeross@AN-t2k.lbt.fleaq1.IP) has left #school (Kthxbai)
  782. <kratos> with 4 hosts each
  783. * hatter sets mode +D #school
  784. * kratos sets mode -m #school
  785. <kratos> what have you guys got?
  786. <r0t0> 'or1=1--
  787. * OrCuS (Scott@AN-v13.ek8.rt1an0.IP) has left #school
  788. <kratos> as far as ranges, i mean?
  789. <Irradiate> r0t0 hush with the SQLis.
  790. <kratos> 126.181.212.128, 136, 132, 140, 144 here
  791. <kratos> i'm not sure if anybody is actually doing this lol
  792. <kratos> leaving it till later, guys?
  793. <Irradiate> ;)
  794. <Irradiate> Don't worry, it still gets recorded...
  795. <Irradiate> Somehow...
  796. <MissWonderful> i came in late so not sure where we r otherwise i would =)
  797. <Irradiate> No need to pester everyone with their homework :D
  798. * Schadenfreude has quit (Quit: Logging off. . . . .)
  799. <r0t0> is there a schedule of upcoming subject matter/topics to be covered?
  800. <m4tr1c3s> I am reading
  801. <m4tr1c3s> although I'm a bit bewildered
  802. <kratos> go ahead and ask some questions if you want, m4tr1c3s
  803. <turbopinko> i was with you all the way till the last bit
  804. <kratos> don't worry too much about it, just ask
  805. <kratos> ok
  806. <m4tr1c3s> I need... to understand more
  807. <kratos> well here's a way you can do it
  808. <m4tr1c3s> in order to ask questions
  809. <kratos> take your extra block
  810. <kratos> the 128
  811. <MissWonderful> my question is r u gonna be writing for everything like the gen2 thing
  812. <kratos> divide it by 2
  813. <kratos> both half become seperate blocks
  814. <kratos> then divide those by 2
  815. <kratos> etc etc etc
  816. <MissWonderful> divide by 0
  817. <kratos> each time, divide the number of addresses by 2
  818. * kratos has kicked MissWonderful from #school (no, 2)
  819. <reactor> CEDT = CEST ?
  820. <kratos> you get it m4tr1c3s?
  821. <m4tr1c3s> nope
  822. <m4tr1c3s> you have 120 hosts
  823. <m4tr1c3s> connecting to 3 routers
  824. <m4tr1c3s> 50-20-20
  825. <m4tr1c3s> with 2 sets of ptp connections
  826. <kratos> the routers are connected to each other
  827. <kratos> with 2 ptp connections
  828. <kratos> each block of hosts
  829. <kratos> that is all 3 blocks
  830. <tengu> where do all the #school lesson copys get put please?
  831. <kratos> are connected via ptp connections too
  832. <Irradiate> !topic
  833. <m4tr1c3s> ok
  834. <Irradiate> tengu, topic.
  835. <m4tr1c3s> so
  836. <m4tr1c3s> 126.181.212.0 is the address of what?
  837. <m4tr1c3s> the minimum ip range?
  838. <kratos> that's the start address of the network
  839. <Alucard112> dam.. this stuff looks hard o:|.. question what time do lessions start :)?
  840. <m4tr1c3s> ok
  841. <kratos> we allocated that to our biggest group of hosts
  842. <kratos> this is a lesson, Alucard112
  843. <m4tr1c3s> then you xor that to find out how many connections there are
  844. <m4tr1c3s> right?
  845. <kratos> sorry, what?
  846. <kratos> you CAN xor the ip address to provide you with the subnet mask
  847. <kratos> or the network address, rather
  848. <kratos> with the subnet mask
  849. <kratos> xor the ip address with the subnet mask to produce a network address
  850. <kratos> lol i'm confusing myself
  851. <Irradiate> Indeed :D
  852. <kratos> yes
  853. <kratos> the last one
  854. <m4tr1c3s> lol
  855. <kratos> but yeah, so we're just taking the block of addresses
  856. <kratos> and splitting them
  857. <kratos> .0 becomes .0 and .128
  858. <r0t0> do you play on covering inverse masks?
  859. <kratos> erm, no
  860. <m4tr1c3s> oh
  861. <kratos> inverse masks would just confuse things, lol
  862. <Irradiate> Inverse mask = XOR 255.255.255.255?
  863. <Irradiate> With the original mask?
  864. * anonoops has quit (Client exited)
  865. <m4tr1c3s> so .0 to .255
  866. <m4tr1c3s> becomes
  867. <m4tr1c3s> .0 to .128 and .129 to .255
  868. <m4tr1c3s> and then we split again
  869. <kratos> yes m4tr1c3s
  870. <Alucard112> no i mean in genreal what time do they start :) missed this one and highly doubt id understand whats going on any ways :P but wana be here 4 tomorows one and would like to know time :)
  871. <kratos> so
  872. <Irradiate> Alucard112 at least wait till the end of this one with the schedule questions...
  873. * kratos sets mode +m #school
  874. <kratos> so
  875. <kratos> 126.181.212.0
  876. <kratos> 126.181.212.64
  877. <kratos> 126.181.212.96
  878. <kratos> 126.181.212.128
  879. <kratos> urgh lost focus
  880. <kratos> 126.181.212.132
  881. <kratos> 126.181.212.136
  882. <kratos> 126.181.212.140
  883. * Max_95 has quit (Quit: Saliendo)
  884. <kratos> 126.181.212.144
  885. <kratos> excuse the combobreaker
  886. <kratos> leaned on my mouse and it clicked and lost focus
  887. <kratos> those are our new networks
  888. <kratos> 255.255.255.192
  889. <kratos> 255.255.255.224
  890. <kratos> 255.255.255.224
  891. <kratos> 255.255.255.252
  892. <kratos> 255.255.255.252
  893. <kratos> 255.255.255.252
  894. <kratos> 255.255.255.252
  895. <kratos> 255.255.255.252
  896. <kratos> ok
  897. <kratos> so there's our subnets
  898. <kratos> now let's confirm this
  899. <kratos> 00000000
  900. <kratos> 11000000
  901. <kratos> = 00000000
  902. <kratos> xor
  903. <kratos> 1 + 0 = 0, 0 + 1 = 0, 0 + 0 = 0
  904. <kratos> only 1 + 1 = 1
  905. <kratos> oops
  906. <kratos> rightly noted
  907. <kratos> and
  908. <kratos> rightly notedmixed up for a sec
  909. <kratos> that's a bitwise and
  910. <kratos> but anyway
  911. <kratos> hm
  912. <kratos> ok hold on guys
  913. <kratos> i'm going to go check my shit for a sec, think i've made a little mistake here
  914. * Elude has quit (Quit: Leaving)
  915. <kratos> ok
  916. <kratos> correction
  917. <kratos> what you want is a bitwise and, i have been incorrectly calling it an xor
  918. <kratos> that will tell you the NETWORK addresses
  919. * JH has quit (Ping timeout: 121 seconds)
  920. <kratos> yes, the xor is a totally different thing, this is totally my bad and i apologise
  921. <kratos> to clean this up, xor is very useful in certain circumstances
  922. <kratos> but what we want to do here is an and
  923. <kratos> so, as i mentioned
  924. <kratos> 1 + 1 = 1, anything else = 0
  925. <kratos> that will give you the subnet mask
  926. <kratos> so r/xor/and will what i said above
  927. <kratos> *with
  928. * kratos sets mode -m #school
  929. <kratos> sorry guys :<
  930. <Irradiate> You are kinda confusing, you know :D
  931. * ZZ has quit (Quit: leaving)
  932. <kratos> indeed
  933. <hatter> Its cool kratos
  934. <hatter> you done good <3
  935. <kratos> just a mixup of terms
  936. <Irradiate> Yup.
  937. <hatter> kso
  938. <hatter> who was logging?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!