[Ninux-Calabria] routing, sicurezza e buona fortuna

Giuseppe De Marco peppelinux a yahoo.it
Lun 17 Giu 2013 00:11:44 UTC 

per dialogare in ninux dalla mia postazione ho creato un'interfaccia virtuale.
I miei dispositivi Ninux confluiscono in uno switch domestico, mi è bastato:


ifconfig eth0:0 10.87.7.34.34 netmask 255.255.255.0

per il routing in 172.17.87.0/24 ho aggiunto
route add -net 172.17.87.0 netmask 255.255.255.0 gw 10.87.7.27

Sembra che tutto vada per il verso giusto...

nmap -sS -v -O 172.17.87.0/24 

Starting Nmap 5.00 ( http://nmap.org ) at 2013-06-17 02:05 CEST
NSE: Loaded 0 scripts for scanning.
Initiating Ping Scan at 02:05
Scanning 256 hosts [4 ports/host]
Completed Ping Scan at 02:06, 7.64s elapsed (256 total hosts)
Initiating Parallel DNS resolution of 256 hosts. at 02:06
Completed Parallel DNS resolution of 256 hosts. at 02:06, 0.04s elapsed
Initiating SYN Stealth Scan at 02:06
Scanning 2 hosts [1000 ports/host]
Discovered open port 53/tcp on 172.17.87.9
Discovered open port 80/tcp on 172.17.87.9
Discovered open port 22/tcp on 172.17.87.9
Discovered open port 443/tcp on 172.17.87.3
Discovered open port 53/tcp on 172.17.87.3
Discovered open port 80/tcp on 172.17.87.3
Discovered open port 22/tcp on 172.17.87.3
Discovered open port 2007/tcp on 172.17.87.3
Completed SYN Stealth Scan against 172.17.87.9 in 0.29s (1 host left)
Discovered open port 2006/tcp on 172.17.87.3
Completed SYN Stealth Scan at 02:06, 2.69s elapsed (2000 total ports)
Initiating OS detection (try #1) against 2 hosts
Retrying OS detection (try #2) against 172.17.87.3
Retrying OS detection (try #3) against 172.17.87.3
Retrying OS detection (try #4) against 172.17.87.3
Retrying OS detection (try #5) against 172.17.87.3
Host 172.17.87.3 is up (0.080s latency).
Interesting ports on 172.17.87.3:
Not shown: 994 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
443/tcp  open  https
2006/tcp open  invokator
2007/tcp open  dectalk
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=6/17%OT=22%CT=1%CU=34894%PV=Y%DS=1%G=Y%TM=51BE5300%P=i686-
OS:pc-linux-gnu)SEQ(SP=CE%GCD=1%ISR=CF%TI=Z%CI=I%II=I%TS=A)SEQ(SP=CE%GCD=1%
OS:ISR=CE%TI=Z%CI=I%II=I%TS=A)OPS(O1=M5B4ST11NW1%O2=M5B4ST11NW1%O3=M5B4NNT1
OS:1NW1%O4=M5B4ST11NW1%O5=M5B4ST11NW1%O6=M5B4ST11)WIN(W1=16A0%W2=16A0%W3=16
OS:A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M5B4NNSNW1%CC=N%Q=
OS:)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W
OS:=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
OS:T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=
OS:164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Uptime guess: 5.194 days (since Tue Jun 11 21:27:03 2013)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=206 (Good luck!)
IP ID Sequence Generation: All zeros

Host 172.17.87.9 is up (0.00054s latency).
Interesting ports on 172.17.87.9:
Not shown: 997 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
53/tcp open  domain
80/tcp open  http
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.9 - 2.6.19
Uptime guess: 0.046 days (since Mon Jun 17 01:00:35 2013)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IP ID Sequence Generation: All zeros

Read data files from: /usr/share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (2 hosts up) scanned in 26.69 seconds
           Raw packets sent: 4085 (174.096KB) | Rcvd: 2899 (142.436KB)

Che mi dite in quanto a sicurezza di AirOS ?
Ha un logging serio oppure con un bruteforce distribuito è solo una questione di tempo ?
Sono state testate firewalls adaptive su questo genere di dispositivi ? Tipo: "è la quarta volta che rompi le scatole, rimarrai in DROP per 10minuti"

Inoltre, ancora più preoccupante, essendo la nostra LAN di ninux una WLAN abbiamo una cache ARP oppure possiamo dirottare le connessioni a sbafo ? Su AirOS non sembra essere disponibile il comando arp. Ditemi, ditemi...
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: <http://ml.ninux.org/pipermail/calabria/attachments/20130617/20ee9a88/attachment.htm>

Maggiori informazioni sulla lista Calabria