Seguridad Por Niveles v001

Alejandro Corletti Estrada

!"

#$%&())*++,*))

!"

"

!"#$"#% & " #$%$ " " &()*+#*,-#(# " "./0 "1

""./"$ "1

"./+ "

"./,$ "

"./%$

"2./2#$%$

"3./3* %$ -$ #//)45$$ *#6#)6 $

"*#

#/

6/6$

#6#6$

2(6($46$

3(-(($4$-$($4

5$$)/ 7$%$)$! "

"$ 5$ "

-$$8%$

$7$

-$459

2-$

3$$

15 8

/$%$

#$%$4 ,-#(# 2 5$$4%$+- 2

3 :/ %$ ;55$$ ,-#(####(.**+#,##(*#

(.# (-#(?#..:(&

!% 2

2+5$$ 23

3$ 2

1-5$$ 2

?50$ 3

"$ ;5;5 5$/ !$?#+

75 5$/$4 "

$/5$! 2

*5$%$?#+ 3

2- 740$?#+ 3

3-$5$?#+ 3

() 3 !"% .- -) 3 4$47J $47 "

! "

4

"

4 4 " 7 I GJ5 4 0 *$@7(# $$(#43

"@)5! 3

-($$+5$7-(+

.IG*,$$.*,

,!5

2(#5$7

37$%$(#

1$!B7(#

)-# (# 4 " (-#($$-$7$7#+ -3" "

"$!B(-# " "", )%7$9(-# " (?#($$?5 7$7#+- "

5(#!$ "(?# $!B(?# H-#)$H-$475$#+ -)

/5%$ $@*+# :&&,# 2 "#7$%$$@ 3

$!BH-# 1 75A*7$%$$@@C 2 (#K%$2(#.87$$ 2

-$ 2 "-0 2 $!B(#/2 2 $$(#/2 2 , $ 22 () 4 !% 2

.- -) 4 3 3

! $7 3

$7 3

475 3

5 32 4$ 32 7#G 33 5 0 1 2 ,-#,$ -$#+-31 "11312)"" 1

2!$)$8$ 1 2"-$459E$/$$ 1

2#,6#85$6$/) 1"

2+$%$ 1"

2K$4$ 1

227$,-# 1

2" 6#67#+-321 1 2"$!B6# 1

2"" 7 $$ $8%$ 12

2 I 12 2AD5E5$4IC 13

2"A-%45$$5$4IC 1

2

$ "

!L$ "

$ "

5 "

! "2 454I "1 74 " I:5 " 6 0 " 3 .$.)+-32 ) " 3,,#,/,# "1

31K5$! "

3 H5 " 3#$%$ "

3"& $H "

3-$)/ "

3*5$%$ "

3,M$H ""

324 ) ""

3 ,# ,$4#+-1" 1"" " 35$$$ "

3",8 $)8$$ "

3$9!)$$ "

3-$)%7 "

3#,# "2

32,$70 "3

32 ##&44#+-1"3"3 "3

32-0 "3

32" "1

32(5($$8$$ "1

33 (*#($$7*#K %$+-"33"2

"

33H "

33"9;54 "

33K5$!%$ "

31 .#$7.IG$# " 31$!B "

31".#K%$ ""

3 H,,#H ,8,$4#+- "22 "2" 3-$ "2"

3"5) 5 "2

36+

3"N! "31

3;5$! "3

3#$ "1

3F(.F$I($$./ "1

32

!

& $H ; 2 $$ 2 4$ IG$ $$ 5$ 7$ 8 2 7G! 3 $G5 7 9 G!$ )$8 " I7 8 $$G QIG 2 .5 1 $ ;)D

1""-47 3

1"55$4$B 1

1"- $$5$#R( 1

1"A#R(55$4$BC 1"

1"2A-4 C 1"

1"3K$9)/$9 1

1"1@$#R- 1

1 D5E!5)% 5$$5 1 1-%5$$$ 1

1"+B$ ;55$$5$7 5$$4@ 12

1 ;57$5 12

1, ;5 13

1-% 5$4;5 13

12#!;5 5$$ 11

13;55$ ) ;5 1

1 *5075 1

13-$ 22

13" $ 23

13:" 3

135$9 3

13#$$$ 1

132-$+5 %$ 11

() 8 3 .- -) 8 3 ?#? 3 !#% 2 $/0 2 " $/$ 2 $/+ 2 $/,$ 2 $/* %$ 23 2 & 2" 3 & B%$ 2" 9

*.=& * $ 4%$5$ 2

*.=&" -$$$$5$$5$-# 2

*.=& #075 22 *.=& 70.5J$ 213

!:";%

-5$$9$Q"5$ E$ /75 $4%$ $ 57E$ $ $75 Q 5 $7 %$ !!7@4 ! ;5 $ ! 7 5$ ! ;5QU$ ;545$5 5! $$!$ $

$!7!$$ % 4595$ 5%$ $ !5$$ ;5 5! 40 $ 5$ 5Q ! $$@$!$$; 5 $ 05$$%$

U ;5 E $/$ 7 5!% 5$ $70 ($$ ;5 75 F! ) 5$ %$ / ;5 M$ $$ $ %$ 6$/ H5$ 1 $ $B B $ ) $$ $ ) ! $/$ ;5$/$5$ M! $E 75 $4%$ )5$ 7$B%$ 5 J5$/ $J $7 J$04 J ) $$5$4!$5$ )/

*@ ) $ 0 5 5!$ $ $ 4 %$ ;5 5$4@5B%$;5$ $$5$55)4$$4$$$)$ $5 !$$/$

,$/5$7$4% $ ;5//E5$ $/7 $ 75 $4 %$ ) ;5 $ 5!E7$57@ Q$ 7

# 05$ $5$$5 /!75 5$ 4$ 7 ) ;5 $ 7 $ 05 $4 5 5 ) 8 $ ) ;54$ $ 7$ 75 )55 $45$ 5!%$ %$;5 $ %$$5$ 4$$05 55

;5 5 5 $5 5$5 / / $/ $$$75 $! $4%$$;5$$$$

7"

:";

-@6$/6$/-(((

"7: !(

,#

,#

,$

#

.

.#

+K

#

*#

!

?&*&&!,2"%

+!$/"$/$Q E5% )$/0 $5$$

4$ @$E5% ) $

*75$ 4$ @ 5$ $ + "" K"K"1 =" ="&.,

5$$)/

*//$8%$40

,$5$

?%$ 40

($4%$ 5$8#5$ 5$) 5 5$

5$$!$7!$ $;5!

-$440$

&***!"%

! "@7"

!

&*//!%

"&

&*44!7%

# @7 $ 55 $ , ! 5 5$ $8%$%$

5$$)/

!$@7H4M 85M 8

+%$5$ 5$ !

!$ 5$ $ $ 459 !$$)5 %$5$$4$ /

*!)$;5

$75$9 $/.:(&.: 6((&1"3

&*55!"7%

*7$5$$8-%5$$ !

5$$)/

* %$ $/ $ $7$ $879*-((:-(-

,$4%$ 4$ 9 - %$

-4%$7@4)45$$ $7@4

%$ $

$%$

-4

&*66!#""7%

//$$ %$, $$5$@$7$4

5$$)/

/,$4$/

$9%$

,$/5

"

#$$$

$75$9 $/== ,#,$,#

&/"#"

$ $ $ 04 4$ $ / ) 45$$ $ 5$ @5@$;5 $5$ ;55$$ $ $4%$ $4 $ $ 5$55 6$ /B $B /@$$5$$4;5$/;5 ;5 $&($$$5@ Q5$45$$) /

&3&

""

$/ $4%$ $ ;5 $ 5 $5 75$ 75$

%$

-%7%$

($4%$$

&3/"@7

$ $ !$ $8%$ $4$ ) $8%$ $ $ ;5 5$ $

&33

*;5$4%$/$$$/ $0!E$5$ $ $ 5$$ ) $4 /E / 54$$4$ ) /9 $ 4$ * $/ $! $4$8@$;5$7@ $ $E$$7$/5 5$$5$ $;545!$5$/ $,7$

&341

/ $ $ ! 75 $ $4%$ /E $ 5$$ $ 459 / E$ @ O# ) P OK$$ B$P ;5 $ O$P $ $ $$$7!

&35

$/;5 75$4!$5$$/ ,- @@$$5$$/ )*# 55$!@$

"

$ 5$ 5 ;5 $ 5B $ 5 $!$5$0 8 ;5 !E$E$# / 5$ E$ - I -$ ) :-:GI-$

&36""arp -a

Interfaz: 192.168.1.50 --- 0x3

Direccin IP Direccin fsica Tipo

192.168.1.44 00-22-43-02-aa-bb esttico

H $ $7 $5/ *- ;5 $ /9 (# . 0 4 5 E O $P 5;5 %$ $ ! 5$ $5/ $$ O $7 P , : F$I 5 5$$ $@ 75$ 5O $7P@$$ $ / *+# 5$ *- ;5 , !$;57 5%$(# 5$/*-!/;5$/7E*!9 $O $7P$55

C:\>ping 192.168.1.44

Haciendo ping a 192.168.1.44 con 32 bytes de datos:

Tiempo de espera agotado para esta solicitud.

Tiempo de espera agotado para esta solicitud.

...........

"

(.-

#$$5$$$5$ $$9 $;5 E$O #1 P $!75$ H-# o:+&*-*, H-# *-R

6$ $ H-# $7 5 %$ (# $ ;5 8 $7%$$ $ $ !E$ " :) 5$ $7%$ 554$

*$5$$;5M$ 5$%$( #5) /$8 %$/05$5/H-# : 5 45 7 5$$$$$ 5!/$5$ 4 5 $@ $ 5$ *-R 4;55$$

! *5 /5 %$(#$$5$$7%$7 %$(#/;57%

$!$$$@$7 /$!$5*-R8 / 5@$ 5 !5 !$%$ %$(#

9 " -$ />H-# H-# +;5

"" />H-# -$ H-# *-R

#

-5$5$$ B59

-5$5$$$5$4$7 5%$(#$$(#-&.(?

4 -5$5$$$5,

#

H$$ /E$5/:&&,#H-#$$@

,+*.*-,(&. ( -$$ 5$ $M $ ;5 / $$5) 5

-&. $ $5 ;5 $% %$

$&

1! 1! 1! 1! & %$ , H

$

*75$ , 5$ !$ 9 (-#F(. @$ $$ $ :&&,# /@4

$$4H-# 5 5$ $4$

6$ 7$4/ ;5$ / $4%$ ! !$$4%$$$ 5/$ 808 5 4%$)$!5$ /,,# 9 )$ 75$ ;50! $%$/! 5$;5 $/ 5 $ 5 5 B @4 $ / !96.(=F$I"$$/)5:& &,#$7$/

!$ :&&,# 45 5$ /$ 7$4 / $ 5$ $475%$!$@$5$ @ H$$ ) / 5 $@$ $ 0 /$7

* 4$ \ $ ;5 $ /9$ 5$

($7%$/$ / ($$

$ 5 @

$!

$475%$ (# @ $@ 5 M$ $ $$75$$475%$(# 5$ / 75 $ 7$ !

@ 5$ / H-# $7 5$ @$95

$"

"-5;5 ;5 $40$ !$@5$ %$(# ) ;50$/7@$!

$

5$75$/B$Q ;5 $5 $$$7M$5!@47$ 5$@$

,Q7$$$ ;5 /%$) $5$$5/7X5!7 54$/E5$!$8$%$) $7 ?!)

$#

75$!1 $/ /$ 5E %$$);50$4$5/$

$$

* * %5$ /B 5$ 5 5$ 75$ 5$75

*"** "*

$%

11(#K$2*$7*5

113*$*54(#/26$** $

13(#/2,$7**$

"*- + $$4(#/2*

,$$$4(#/2H$+5

3.7!/)4(#K$2(#/2

3(#/2**5$475$

3"*4,$$4(#/2#G /$.IG

"3*$(#/2#/:6$*

"3,-#$6#/(#/2X5!7

"3*$(#/2*777!?!6$*

"3(#/25**7$$

"2($$#K$2(#/2 4 $

"2.7!/)4(#K$2

"2"(#/2**5$475$

"3(#/2,$7**$

"3?$#G,5$$$7$(#/2 4$

"34$$444$/ $(#/$(#/2H

"(#/2/.$:5 *.:* $IG

""2+/(#/25!$*$)*

"23(#/2X5!7

"3"4(#>$PAD5E5 C

A 5B7$ @;5$4$C

#5!75$ $ ,

$/ 5$ 5$ $ $$ 8$ $ 8 $ - 5 $FG/4(# *$B$$ 5

(#C

O -; P

%$

*$B $ O####P AD5E 5 $ $ $

%%

#G , 5$ $ * - (-& 5%$ 9

$05 / M$;5$5$$$7-(-&5 %$5$ $5)M$$$$/$ 55$;5 5

%

*$$5%$ $$ 75$ 9

-$4755$F*. 5

o K0$5$$$

o K0$5($$3"2

o +

%

*d&

U $ $O 1"1 P ">:; P$$5/$O5P ? 5?#"$5$5/ %$$O ?P;5$95 55$$O!P5)$$5$$ OP *8 # 0 ) & = 80( %)"

# $%$ 5 $ 7$ $ $7 @ /$5$ /$$& AAAA$@$95$ $$4#

# 5,-#6#

# 5,-# d1U$>"#

# 56# d1U$>#

3 $O 1 P

)$ 45$ $4B7@45$ @ 7! 5 $475 $ 7$ $ /$ $ $ % 5 $47574$ (-#

$ /$$ 7$ 7 / !E$ ;5 $ 4 %$ 0O/ /P 5$0

$ @7$ !9 / ;5 $ %$ $475 7 @4$$$$) 5 )5$ !$O_POO $

!&

# M $ 7$ O4P45$$$ / $ 5$9 $ ;5 $5$ $$ $4B OU P ) $ $ $8$/

, $ ;5 $ $ 7@4 ) 5! @$ 5$ 5 $@ )/5%$ $ $$@$$75$45$

1 $O ,UH P

$$5 $%$$7@45$ @ $;5 7 $ 75$ I 8$ 4 ;5$ M$$ $ ;5 4 I :5 $ 7509!9$/%$"

# 5 $%$ 5 ;5 $5$ $ 7M$$/ 9 $$ !5% $ AD5E/)!9$ 4C

1 # 45$B $ ?6( F:5 5$5 $ 475 750

- $5/ K$$7 L 5$5 05 750 # O7 $ P$!9;5

-$3"2

-HL

" -?5 *$ *7$5$75$;5!@$

?5

- 7 * 7 5 ;5;5 7$ 5$/ ;5 $$ 5$ 7 $ 4O !P 5 0$

!"

$ !$

-$475 4$ $ $ /$$ O P /5B M$$ $7$!$4

2 *$B $O

!

-5;5 $ 5 / ) $ ) 5;5 5 H 5""

" $ 7$ $ 5 5$ 0$ *

!#

echo $1

command -v $LOGGER >/dev/null 2>&1 && $LOGGER -p info $1

}

..............

reset_iptables_v4() {

$IPTABLES -P OUTPUT DROP

$IPTABLES -P INPUT DROP

$IPTABLES -P FORWARD DROP

..............

configure_interfaces() {

:

# Configure interfaces

update_addresses_of_interface eth0 172.16.0.1/16

update_addresses_of_interface eth1 192.168.0.1/16

update_addresses_of_interface lo 127.0.0.1/8

..............

# ================ Table filter, automatic rules

# accept established sessions

$IPTABLES -A INPUT -m statestate ESTABLISHED,REL ATED -j ACCEPT

$IPTABLES -A OUTPUT -m statestate ESTABLISHED,REL ATED -j ACCEPT

$IPTABLES -A FORWARD -m statestate ESTABLISHED,REL ATED -j ACCEPT

# ================ Table nat, rule set NAT

#

# Rule 0 (NAT)

#

echo Rule 0 (NAT)

#

$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/16 -j SNATto-source 172.16.0.1

# ================ Table filter, rule set Policy

#

!$

# Rule 0 (eth0)

#

echo Rule 0 (eth0)

#

# anti spoofing rule (sirve para detectar y negar acceso a IP falsas)

$IPTABLES -N In_RULE_0

$IPTABLES -A INPUT -i eth0 -s 172.16.0.1 -j In_RULE_0

$IPTABLES -A INPUT -i eth0 -s 192.168.0.1 -j In_RULE_0

$IPTABLES -A INPUT -i eth0 -s 192.168.0.0/16 -j In_RULE_0

$IPTABLES -A FORWARD -i eth0 -s 172.16.0.1 -j In_RULE_0

$IPTABLES -A FORWARD -i eth0 -s 192.168.0.1 -j In_RULE_0

$IPTABLES -A FORWARD -i eth0 -s 192.168.0.0/16 -j In_RULE_0

$IPTABLES -A In_RULE_0 -j LOG --log-level infolo g-prefix RULE 0 -- DENY

$IPTABLES -A In_RULE_0 -j DROP

..............

# All other attempts to connect to

# the firewall are denied and logged

$IPTABLES -N RULE_7

$IPTABLES -A OUTPUT -d 172.16.0.1 -j RULE_7

$IPTABLES -A OUTPUT -d 192.168.0.1 -j RULE_7

$IPTABLES -A INPUT -j RULE_7

$IPTABLES -A RULE_7 -j LOG --log-level infolog-p refix RULE 7 -- DENY

$IPTABLES -A RULE_7 -j DROP

*d&

($/7@ $ !9$ 5 $O

!%

2 ($/7 % 5 ;5 5 / 7 O !P 95 5@$/B;5$6$ $ $$

3 ($/7 !.*,$OF:5 P

1 #45$B $%$ F $ OF: 5P

!

CAPTULO 7: El nivel de APLICACIN - $ $ 5$ /B 5 $/ 5 $ 45$$ ) / $$O 55 P $/ !! ;5 $$ $ $ ! $ ;5 $ ,-#(#$7!O* %$P;5 ;5;50$8)4$$&(;5 4$%$2#$%$3* %$$ $/ $ ;5 $$ , /B $/ $)$ 8$ B% $$5;5 75$ 5 $;5 8$@ #$5 $;5475$$$5%$) $ /$ ! 77$ ;5 75$ /%$ @ !$/- $ $ 5$ /B 5 $/ 5 $ 45$$ ) / $$O 55 P $/ !! ;5 $$ $ $ ! $ ;5 $ ,-#(#$7!O* %$P;5 ;5;50$8)4$$&(;5 4$%$2#$%$3* %$6&!

!!&

$ %7 $$$ $B $ /&55

$ 5! "3 &7$B%$ * ) . ! ?$E ?$. 5 $7 &7$B$ 5$ 75 ; 5 $ 0 7! ($$ $ ($$ - $4 *7$ . $ .5! % 5!9 0$$5/7,

!!

*4.(- III4$$

*4.5!($$-5$)

*#.(- III $$

*#4.IG($4$-$

*+(. III$$

*$+7)4($$.5!

!!!

$ @7$I!

III$$7$7

(-*..$$5B7$7 $5$$ 4$5$,

!!"

* 5 $ 5$ / . $ 4 " !4$/E5$7$5$

!!

0 +K#$/;54 $ +-"31"

, $ #) IG *)5 ! $ 4 5 5 @$ 5B $/ $ / ;5 ! $5 # (# 5 7$7

6&3W

-/$!$5 @B$H) /$!

#

6$ / $! 7 $4%$ 5$ B$ ) $5!

5$

6$ / $! 5$ $ 5 ! 5$ B$ !$ $4%$ B$ 5$ / 5 B$ 5$ $4$ B$ # $ $$B / $!5$ $5$ 75$ 0 $ ) 95$ $4$ B$ 5B 6$ / $! 5 5$ M $ 5$ ) 5$ 6$ / 5$ B45$$5$/E

-E

6$/$!;5$$5 $$75$B$$$/E&!$5/ 5$+;5$5$ 7 . 5$ 5$ / ;5 5 !$ $4%$$$

6&42=

8$ / 0B $ ($$ 5) $! $ 4 /7 5$;5 $ $ $ /M$ $ ;5 $$M / !5 7 7 ! @;5 / ! 75$ / !$ $5 75$ ) 7 5%$ $!!9$!$4$

!!#

4%3 "

""73

!!$

/$B-5) ) /0B$5$$40$45 6$ ;5 !$5$ $$$5$#;5 $ !E$7$4;5$M$#0;5 5O/ P!5$ @45$($$ 5$4$/ $ . @ $! ;5E%$(#7$$!5$ ) 9@;5;5$$0@!$5

6&5,

!!%

%$ 5 $$ $5 $ 5! .! $ $75 /! , $ 5 H )-$5 4$!9$@$ $($$

%$ 5 5 $4%$ $ $$ $5$ $95$ 7;5!$$!)5 $$

6&6@$

!!

6&G.17#>M#J

!$

%$ &!/ % ! 6+!,&&$&*%

.:(& $/4)! 5!$7$ $;5 $!$/ ;5 54!$($$45$$! $$ ,-#(# 95 $ $ !5$ ;57$!5$7$$: $$-$$/!$8%$($$@B!7 ) 0 $5/ 70 .:(& ! , -#(# $$$ 5 55 5$!$) 5;5 @$$$5%$

6&&

$4F$IM$ .:(&!,-#.:,5 75$ 5

6# 3$/

6# 17/

,-# $/

,-# F$I"G$$

6&*+

!%

# $//5 ;5$$$@/.!5 $4555 ;5$:))/E 8 $ ;5E $! $$ ;5$ $ .:(&!9$$/$ &( ;55$$/5@;5$$4$ %$(#$.!.:(&

$5$ $B , && ) &* $ ($4B ,$ / ($4 4$5$ $ 4B 4I)5$$/$%$$! $ $75$$5$ $$ .:,$ /$4;5 $!$5$ .:6( 55)@7 $5!$55$$!:45$ $$$ !$;5 5 Q $B$ I ) 5 5 $ $ 5 #$$57$!;5$$ $F$I4 ).:, *($$$! $ 5 B . $ $$ 5/ / ., IG$ / /:I$7)$7$ B%$; 55@!@$gST:I

a$>$gS:T$:I

#$gST$.

a$>$gS-T$-$

!&

a$>$gST:I/$

6&3"

E5%$$! 5%$(# $%$475 5%$ B /E O P)475$ $

$: : /$!

$# 5$5$%$#5$ 5$

$ $:)$! 5 5$#

$H $#)$! 55$:0 F(.F$I($$./

6$ / . 5 $475 $5$ 7 *$ 5$5$5$B$ . ;5 $5) ;5 /F(. $! ;5$$5$$5!

6&4P!PU

!

-5$ 5$ $! 45 5$ / F(. $ $ $94 $$ ) !@ 5$ / $@5@$ $ !@ $7 5 7 $! $7%$ ! $ 5$$5/ / /4$@@4;57$@ $7$$!$#4 50;5 5@5$$7%$0 7$75$

,5$7%$5$ 7:)

! , 5,!E$7:)

- $$% $ $ 5$ 5$ $ /.!$@ / /F(. 95$ / 5%$ $! .:(& @4 7$!55)45$$ 9 $B5$8 $ $ 5$ / 5$ !9 %$ $ 75$

, 5 $5

!!

$ 4 7 $ $O ;# P O>MP

5) 45$ 5$ 5 @4 $ 4 / $ $/ %$O #" -H P / 7 :G / :;5 $ 9 * / / 5 95 $ $ 5O.:(&P # /$ $ F$I " ) # /$ $ $O P ;5 !5$O%$$5P 5 /44$ %$O / P$7%$$ $HOME_NET any

alert tcp any any any any

pass tcp $INTERNAL_NET any -> $EXTERNAL_NET any

alert tcp $EXTERNAL_NET any -> $INTERNAL_NET 137:139

! # 5 5$ 7 $ !7 $ 4$$ @ $ ;5 5$ 95 !9 5$ 7 !$9;5! $/

5 5$7$B!$5$ E$ )4$B@$5 / $ OP "# #"# ) #"

5 $ 4$$

"!$

5$$ %$ 5) M / ;5 $ $$ 5$ ;5 $ $ ;5 !/$O6+($$P 5$ $$%$6+(5$5

%$ $ /$ 5 $ ; 5 $5$ %$4I;5@$

78 %$ $ 8 $ ! ! $ $ OCP ) OoP B 5$ /$!M;5

4I / 4>/ > $ 4>$$)>$>!

O& $ (# P 85$7$ $95$ $ (# $ $ 4 $!B (# ) + :47$%$ ) / J (# 7 $ ) $ J (# $J,) &4/J ,,&: %$$$$OP(# 5 $

Any: H5;5%$$

Any: H5;5 5$

(: *!O-5 P7

msg:"capturamos la palabra hola";: $9 ;5 ! 7

content:"hola";: %$@4;5!5@$5;5 %$

nocase;: # ;5 .& $B $ )M5 $M5 075;5$EOH&

""&

7;5 5;5) @/5B$%$;5 5$ .5 !9/4$ 70 ;5 ) ! ;5E /5$!$5$$ %$/5$!)$$ $ @4 ;5 $ ! $B 7O$P ;5c $$O$!B) 5 P 5 O5P 7$$ ,&* O5P ;5 $;5/$4 f

%8 ;5 7 /$B$ $ 5$ /5$! ;5 7$$5$ 5 ;5 d d 5;5 $$ 8 %$ U!$475.5) $ ;5 57$O %$M$P $ 5)$B 5 %$$! !$%$5$O5P 04 5 %$)5$/B;5)$75);5/$5(

7 9 $475 5 ( $ %$ /5$!;5 $ !;5 $ 5 ) $ 5$ $ O95 jP 5 $455 ) 7 $B ;5 5) $$$7$B$;5!9$$( )$!770% !9$

* ;5 $ 5 ! 9 5$ ;5 $@5$5) !!;5 75$57;5! $ ) 8$ $ 75$ 4 ;5 O$$4P $ O$5P 8 / ;5 5$ 7$ !9 5$;5;50;5 O5P $$ 5$$B$9 7 $5@5)4@ $$;5E4/5$! O P)4(( 5M$$!50)$$7$ 4 $ $;5 O4P@$ !9

$ %$ 9 $$5@ /$B$ $ 70 ) $ @ $475%$ $ !E$ /@ 5$ $4B7@4 /5B%$ /$$O P)5$$7@4$%$$ $O P

6&5.$

$5)7$B$$$M $5$M$$ $$75 ;5 ! $ 5$ O ;5EP$ ;5 $ $ $ ! ) 57 @ $

""

6&5&LAO;$#M

$5$$4@!9; 554$,-#(# 8$ / +- ;5 75$ $B $ 70 ) $ 75 >. A!! D!08

""!

K!8D5!00 D86 ! 0 8 0

>>. A!!8D8 ! 0 D 0 08 0 8 0

8K!0D 0#5 ! 0 0 #

6!00 0"D80

G!8F ! 0 D 0

00H ! 0 D8 8 0

D0 00A!00 AA!0D0 D

A!0800D 8A!0 0AK!08 0

80(

J> .

&88 = 8* & 8 " & 8*8 8 *

8

>. A &8 %

"""

"& #"8#=

K # 5

6 = "

#=BG F 0 3= &

=H &

3=A 0 3= $ =" 8

=*AA #98

8A 083 A *%AK & 8 = 8

=J

""

$$ $ $ ) 7 ) 45%$ $

5$ / 5 / ! / O75$ $5$P $ 5$ 7 4/ ! $ 5$ $5/ 0$ $$ $4%$ $%$ $4@ ;5$ $

H $$ 0 ) @ $ $5$$455($4@ 75 @$ $ 0 $ ;5 $ $ $5$5)!5$4B $5A 54$C

/$Q7$B% $5$$5$ ;5$$O($7$P;5 $!$$5B$4%$!$7 $! )$0 !;5E!$$;5E @ 7 ;5 $ 5@$ $ 5@ 57$ 5 $$%$ 5 c $ 5$ 4$ 5 ;5 !$

$$4%$ 5 5 ;58$5$ !$ $4%$ O7$EP $5 $ !$ !E$ $4%$ O 04P ;5E$ @ $$$ .6,+&

* /E 5$ $ !;5 $ $5 5$//)$7Q/%$ B$4/5 5$

6&5*LNO$"7/>!$

(*

-

F:(($7 2 **3/8 (-#$$6$!-5$$

I$$.IG*$/)#!

""

" #&/>!$ F:(($7 *,,*-R+#&.!$

-

F:(((*#( $

""

2F:(-$I 3-*.)$ 1F:(- F:(-j"

(* F:(-5! *&5

H?(

:*,+*(- 44 &/

- $!/ !5!$$$5$

$$ ;5$5$8 5 ($$

"

() 6!#""7%

"""

"!

95 $ ) M $ FG A 5$ 5 /CA-%$!B 5C

*/75%$(#75$ @7$F!7 75$0$$/OP /P 5;5 $F$I

$$5Q4$!9 75$9 $5/O;K"1 P

# This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file pr ovides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. . . . . . . . . # Tunnel no # TunnelDevice any:any # PermitLocalCommand no SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes GSSAPIDelegateCredentials no

AllowUsers prueba 0$;577

6$ /B $ E#; 4 ;5 $ ) 5 "" ! $/B;575$!$5$475 %$!@$B$5/$ 95

O>">>>; P$

. @$9

S#H";U@$$4$/@ aZb * $ 5;5 55 ;5 ! $5 $ 0$VU V

# 45$/B;5 ! VH $G,-#V $ 5,-#""/ ;55 $ $!/7M$7 11 .

"#

-$475/5$55$/ H

?$5$/8 $$/ /

-$ H

$B;5E 5!9$

$B /4% 5)$$$ 5 ) $! 44H$ A 7 /5B 7M$ 55$! IC

,$4/8 $) 5

*$B $;5@$/9$

K4$ 5%/4$;5$ ,#

4"""- $/

- / 45$$$ /E 5$ 5 & ;5 ,# $/ 5$ / $!$ 5@4 /$$55$ $>:>">

"%!

rwuser alejandro noauth .1.3.6.1.2.1 rouser javier auth .1.3.6.1.2.1 #=====================================

*$5;5!;57$.#! $$V>">>

"%"

5 9 $ $5$459 .#/ $ 5!) $9 5!/5$O4P) $55;5$4)$/$$ $ OF GP$5$O$4P $5) 5$5/$8 $O A6AP

$ 75$ 5 B5 $5$459 .#/ $ 5 $%$$ /U 5 ;5$/$ 5$$%$!$/55;5$4%$ O9$P $/$$ $ FG$$M/$$4%$ (:$8 $O A6AP

# M $ / 5$ 459 .#/ 0 $ 5$%$ ) 740 75$ 459 5 $ $ /$$ $ FG $ $ ;5 5$ /B ;5 55 O9$P $!5$ ) /944O ?>$/.>D/D P

#5 -& 5 $9$7$$ $5 B45

#snmpwalk -v 1 -c darfe 192.168.1.44 1.3.6.1.2.1.1. 3.0

7 5.#/ $$

- 5!/$!B5 %$0)$5$$8 !%$4%$/ 9$8 $

"%

*$$5%$ $75$9$ ;5 5 )/4 O ; P)O# P

#snmpwalk -v 3 -n -u alejandro -a SHA -A 1234567 8 -x DES -X 34567890 -l authNoPriv localhost -Oa #snmpwalk -v 3 -n -u javier -a MD5 -A 23456789 - l authNoPriv localhost -Oa

$9 $ $%B 05$$5 5$5$$OH*P)$OP$;5M! E$)5$ 55$ 5$ 5$%$$ !0 $ ! 95 $5!$ 5(:$5

* $$5%$ $ 5$ 9 $ 5 5 /4 4$ $$4%$)5$%$;5/9@4 $4%$)5$%$;5/9@$8 $ # $$ $ $ %$ O5P ) O$*5P95$ $O.#/P O#/P $ $@ $5 !0$ ;5 7$$5%$

#snmpwalk -v 3 -n -c "darfe" -u alejandro -a SHA -A 12345678 -x DES -X 34567890 -l NoauthNoPriv 192.168.1.42 sysUpTime. 0 #snmpwalk -v 3 -n -c "darfe" -u alejandro -a SHA -A 12345678 -x DES -X 34567890 -l authPriv 192.168.1.42 sysUpTime.0

$$59 5/ 5$ %$$V ; V)57$V ; V$$ ;5/45$$$ *95 $ $0 OFGP 5$ ) 5 $ ;5 $$$$5%$

"%#

$ 7$ $ $ 2 %$O P ) 2 O; PD/D P0!E$ 5;5 $ ;5 E 5$ @ 4 ) $ 4 O /P;57$$ ;5 @ 4$ # $$9$@7 5!$$$7M$; 5$5$$(:$5

"%$

@ / VV 5$ / ;5 $7 5 5Q ">

"%%

[0.0.0.0]]=>[Linux Blusen sFreePC10 2.6.24-24-generic #1 SMP Fri Jul 24 22:46:06 UTC 2009 i686 ] Up: 1:53:30.06 Interfaces: 4, Recv/Trans packets: 12914/12813 | IP : 12819/12729 1 interface is down!

root@BlusensFreePC10:/home/blusens# snmpstatus -v 3 -n -c "darfe" -u alejandro -a SHA -A 12345678 -x DES -X 34567890 -l authPriv 192.168.1.42

[UDP: [192.168.1.42]:161]=>[Linux ace-DarFE 2.6.35- 28-generic #50-Ubuntu SMP Fri Mar 18 19:00:26 UTC 2011 i686] Up: 0 :16:17.00 Interfaces: 3, Recv/Trans packets: 155020/137811 | IP: 146853/136360 1 interface is down!

"%

$ 7$ $ 5 $ 95 $ 95$$5 /$ /;5$ 5 5 /$ $ 8 $ A6A $ ! $ 75$5$/B@/;55$/B7$ /94O >$/.>DD P

$ 5;5 $$45/ B5$ .#;5 O75 P / $ $ 5$ $/0 $ / $ %$5O

"%

- /5$ @ $ $75$

#snmpgetnext -v 1 -c "darfe" localhost sysUpTime.0 SNMPv2-MIB::sysContact.0 = STRING: acorletti@darfe. es

*/$5$$V

"&

- 5 )$ $@! (:((5 77;5*;5/ 7$@ !$O!P$5;5$ $ !9 $ ! ;5 ;5 $B@$55/B$ $4 B;5 5$;5E7$ 7@ 4 5 5 / $$5 7$ /$ $475O"; P

*$$5%$ $@! 7) 55$$5!@!$B7$"21"

"

6$ 5) $ O Q12!"R:

7 ;5$)5795 $57

#dpkg -i Nessus-4.4.1-debian5_i386.deb

"

III$57 5$5$5 57 $!$$/$

$$ 5B %$V V;575)%7$/0 %$;5$0

&&

/etc/init.d/nessusd restart M$$@$

V V /7 ;5 !B/V "1 V5$$%$ 4$5$$

/opt/nessus/etc/nessus#

#/ 95 9 "#vi nessusd.conf"

&

>>$5>9 ) 75 5 $/V5V$4@$

./nessus -q localhost 1241 nessus nessus host_dest_nessus_ejemplo resultados -c

/usr/local/etc/nessus/nessusd.conf -T text $ 4$/$475 %$)$$48

!$4B7@4

#@B

*/%$($4B7@4

*5B%$ 57$

%$ 57$

%$$

$$B$ 57$ 5$5

*$B5$V-$V)5$V$V5$ 57$

$$4O.*

&!

$%$/! /O$$4P !75 / $!9$ /!5@ @$ 57 5;5 %$$475%$

&"

# Configure your server lists. This allows snort t o only look for attacks # to systems that have a service up. Why look for HTTP attacks if you are # not running a web server? This allows quick filt ering based on IP addresses # These configurations MUST follow the same configu ration scheme as defined # above for $HOME_NET. # List of DNS servers on your network var DNS_SERVERS $HOME_NET # List of SMTP servers on your network var SMTP_SERVERS $HOME_NET # List of web servers on your network var HTTP_SERVERS $HOME_NET # List of sql servers on your network var SQL_SERVERS $HOME_NET # List of telnet servers on your network var TELNET_SERVERS $HOME_NET # Configure your service ports. This allows snort to look for attacks # destined to a specific application only on the po rts that application # runs on. For example, if you run a web server on port 8081, set your # HTTP_PORTS variable like this: # # var HTTP_PORTS 8081 # # Port lists must either be continuous [eg 80:8080] , or a single port [eg 80]. # We will adding support for a real list of ports i n the future. # Ports you run web servers on var HTTP_PORTS 80 # Ports you want to look for SHELLCODE on. var SHELLCODE_PORTS !80 # Ports you do oracle attacks on var ORACLE_PORTS 1521 # other variables # # AIM servers. AOL has a habit of adding new AIM s ervers, so instead of # modifying the signatures when they do, we add the m to this list of # servers. var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.2 8.0/24,64.12.

&

29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/2 4,205.188.9.0/24] # Path to your rules files (this can be a relative path) var RULE_PATH ../rules # Configure the snort decoder: # ============================ # # Stop generic decode events: # # config disable_decode_alerts # # Stop Alerts on experimental TCP options # # config disable_tcpopt_experimental_alerts # # Stop Alerts on obsolete TCP options # # config disable_tcpopt_obsolete_alerts # # Stop Alerts on T/TCP alerts # # config disable_ttcp_alerts # # Stop Alerts on all other TCPOption type events: # # config disable_tcpopt_alerts # # Stop Alerts on invalid ip options # # config disable_ipopt_alerts # Configure the detection engine # =============================== # # Use a different pattern matcher in case you have a machine with very # limited resources: # # config detection: search-method lowmem # ###################################################

.-K # ! $7 $ $%$ -(+ $ )$$ST $$ ;5$$$55;5/8 @O$)P

9 K $7 ;5 $ @$ 8$ 5 O$)P $ 75$ $ 5 5$ @ $7$

+K+

K,#>+K+

KH,,#>+K+

KD+K+

K,+K+

, / $ $5 $ $ 5 /@ @ $ 5 7 $ $ !/ ;5 $ / ) $ $ $ 5 $ / 4 ;5 |H&>., !7 $ !9 $(# $$$! $//5$7$@$$95 7M$$5$%$(# 7 ;5 E $ $ $ 5$ $$9$$!$ $$$

KH,,#>#&+,

KH

&$

/@$/$%$ $$ $$$5%$$$7 5$

rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr r r"-$475 rr?$$475$4 4 4r a$>4> ga$475$> $gr 1* (#47$$5 rr, 4(#47$$, 57$Ir 5$$747$$G55) 7$.r75$45$475$4 Ir2$5$:47$!544r,4I$7 $/ !447"r5S$T$5!4S$ T$$5$4$r47$I!G 5 $I$74 $r48 4 7$I!45r S!)T47")57S $5!T!)r45rr$>S$5!T$5 rr>S$5!T44$4 I5$7rI54 / I54 rr7"5?$($54I$ 7(r4?(r(/$ $rr&/B47$!47g 2G!)r", ) G 47"r

&%

r>$I $$7$rI$I$ $ r>> !,-# ! $!/)r$)!5 4 ) Gr $$5 rr!>/$>5$44 !)$ )7$4r/ $7;5$rrr$>S$5!T$5$I r!)rr>S$5!T44$4$ $$r /5$$ )! )$7r7rrG S$}!$)TG $ V$Vr7$444 $$7rV!$)V7$5$ 4!$)5 5r4r$$ 5$4445$ $$)r5S$5!T$55$ S$5!T$r45$r S$5!T)57S $5!T!)r7>45>4$/$$ $Ir5 G $r G!544!45 G,$)rIGI$77$7$ [rr5?$($54I $7(r4?(r(/$ $rr/)r"//+, Gr//,-# G$$r,-#F$I/$r$U. Gr2$45=*r3$U.*-R#H6+?r1$(.$r$.6

&

r,-#4I/ >$!>/$ >r "#$BH,,#;54 r$!)$/$7$)j==r5!5$*-((;5/$,r/)5454$7$7G4$7 rG)$7/4( !)r8$75!5$$I;5r 4) $5!)5I$$)B 75$rr9$5 $G4 rr5$$B5$r>>5$j5$$74r5!>$$ !5!$ $7r>4 >$Bvr45>I vI 4 rr4?(r(/$ $rr6.(-&Gr".6

&

>15$>>5$ 5!>$>4 >45>I r #"K" $B+#-44rr+#-)!$$$$$7! 55r!)$$75!)45, r$B+#-44$5I) >r , 57$G $5! +#-r/5$$$7$75$r,+#- 57$(2 rr75$ r>47$$$) 47$,-# r$>>5 >;5$wI$g ;5)$ Gr$>>7>47$$wI$4 7$rB85 $ GBr$>>$ $wI$$7 7$r85$ G B >"33r : :G&4rr:G&444$$IG,G $75$$"rr,:G&45?$( $5r4I$7(4?(r(/$ $rr:G&444 !r K" ,$$7$$7$Br r, V$BV$$7$ $74r$$4 44(IG$5 I)r > $7444 !G5 r$4 $ $ 7Ir$B $$444 V$$Vr $$7G)I$IGI5;5 $74$r, ;5$75$r#$5?$($$7$ $)(5$) $>

&

r " /)4 $rr $ !)#G5$a >5$ $58$gr, 6# G,-#U. G7$7r4544$ $$$ VV,-#r GI)74 $7r#$5?$($54 I$7(4?(r(/$ $rr#$r"($$$4r#$$r $|H&>., $7 r6 $7$7$,-#U.$6 #V$V4r 4$IG54 () r$)44./)5 )I$r)5./U5$5 $IGr$I rr $7$r ##1rr8 $*+#$4X44.$ *+#Gr5$*+#;5$ 4*+# $7 $$7,G5r4 )55 4)(#$ I4$r)"7$)5 4)$(#*- ! $r*GV5$V $5$$5$ *+#;5$r* 45?$("$54 I$7(4?(r(/$ $rr6$*+#;5r"4*+#r4*+#r*+#/IGr 4r 4>>"214 444r rr, G$/$4 5 $ 44(r ;545$$$7 $"rrI> > 23

r4I 45$ )rr5S$5Tr$/$5452rrr8>$/$S$5Tr$5!4$/$5 $ 452rrr>> r$ $$I> > rr $/$I> > 528>$/$rr "*rr#$" $$$I$8$ 7I)U55$!r >$/$$5 rr*/! $r$$>8S$5Tr7>8S$5Tr7>S$5Tr >S$5Tr5S$5Tr7S7Trr $"$$>8"27> 8"7> >"52r,$)44 $"C,$I $Ir $"7$[rr* 4$-(+$ $7$rr $"7$1 "21""rr8 $#4rr.H7)5!9$7rr 4$$4I/$ rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

!

, /$ $ / O$$4P $ O "P $ /85$!/ %$5 $)47$

preprocessor :

*$$5%$ $5$

#"1*

"

+B 75$ @4 %$ $ $ )/$/5$

-!$$4%$$ 5

$"045$$

-$ ,-# ! $ 47 , -# U.*-R ) (. $ 5 !$ ) $ $ ) 5 /B $ $M ;5 $B 5$$ . ) . $ / $$ B$ ) $ ! /

+$!$ $B ;5 )$5$5

/ $ 4 $ 5 75$ )/1!) 5 $ $

BS}T $ $8$,-#)%5$$ 5$$8%$) $8%$5

>$5$!$ $ 5

>> ! !$,-#

!>/$> ! ! 7$ 5 5$$475 //$

$> SMT $475 / 0$ $! ;5

,>S$MT4$@8;5 5$ ;55$%$

R S$ } !$)T 75 0 %$ ,-# $ 4!$8

.$ !$

,5S$MT$475 $ $%$

S$MT$475$ $!

45>5$/$$ 5$4595;575 ;5 % $

#"

:!

.!

#ST 4;5E 5 $! !OPO45P

#";#K"

$B4 5 5!5)$ j88 5$ 6,1 5;5/$*-((# 4 5;5$

#"#"K"

+#- ;55$ 75$ 7$5$4$ $5$ !$ 5$ $ +- 1 +#- 95 $/ %$ ) " ! 7 5 ! $ 7$$MM)$ !!$Q47$ # $$ $/ %$ 5 4@$ 7$ @4;547$$$/$4) 44B$$7 "!$4 7$4$-$E5$(;5$ 5O$BP5$7 5 "! 0 $$$4%$;5$$$$5 %$

> $$$ $$B@4+#- 5 / $ ) 5 0 !) 4%$ $7 75 %$ $ 4 !) * 75$ 5 ! ;5 E !9$+#-

#"H"Q11"

8$ ;56# )1!)/4$ 1$$ $")57 5$ ;5$$5$ /4 8$4;5 :&)$4$$5$!;5$7$

@4:G&4. 75$

#"K"

!E$ $B @4 $ 5$ $7%$ $ !5$ ;5 ;5$ $ .;575$ 5$ 4 5;5$

#

#"#"

$$B 5$/ 55$5$ 0 4 !4$ 5$$75$,!9!$6#),-# )5475 $ $$

!;5 $$$ OI$P;5E5 B5$ $ 9 $B $5$ ;5 B $5.5/$!$0 )9(45/ 5 / ($ $ $ +* @474$ 5 ;5$B) $$$$/ 5)7$ 7)$ ;5Q$0$ 5$OI$P

#$475 $/ 575$ @

+$B5/!|H&>. , 5 4;5$4-(+ 91

.M 5-$ 5$$ / ;5 4$$5%$

($/ $ 75$ $ 5! $ ;5 $$ 5 5$$

*/$$@$/$

9 $|H&>., $ 7

#"#"?;

5$ $ $ ) 4 ;5E ;5 $7$ $. @ $$;57$$4-(+

#"#"*

0 $ ) /E ;5 @ M$ 455 !!$$ O$/$P

#"##1

# $$ $5$ 5 *+# ) 5$ ! 7 $$;5 (#*- 5$ $5$ $ 8 $ ) 5 !9 $!$ $$ $$! ;50;58$$;5B$ 04$ / $ $ $$ $ 5

$

*+#F*,-H ;5 $ 5 !0 $B 5 $ I4$$95$

#""

,!E$$5$$8 $)5 /757 5$%$ $ $ $" B 75$) $5$$/%$

/%!1 $HOME_NET 21 (msg:"A nonymous FTP enabled {nessus}"; flags:A+; content:"USER null"; nocase; d epth: 10; reference:CVE, CAN-1999-0452; classtype:attempted-u ser; sid:1001001; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"L inux FTP Backdoor {nessus}";flags: AP; content:"PASS null"; nocase; d epth: 10; reference:CVE, CAN-1999-0452; classtype:attempted-u ser; sid:1001015; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"W riteable FTP root {nessus}"; flags:A+; content:"STOR nessus_test"; de pth: 20; reference:CVE, CAN-1999-0527; classtype:attempted-user; sid:100100 2; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:" writeable FTP root {Comando CWD / - nessus}"; flags:A+; content:"CWD / "; depth: 10;

%

reference:CVE, CAN-1999-0527; classtype:attempted-u ser; sid:1001003; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 513 (msg:" rlogin {nessus}"; flags:A+; content:"root"; nocase; depth: 10; refere nce:CVE, CAN-1999-0651; classtype:attempted-user; sid:1001004; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"E XPN and VRFY commands {nessus}"; flags:A+; content:"HELO nessus.org"; noc ase; depth: 20; reference:CVE, CAN-1999-0531; classtype:successful- recon-largescale; sid:1001005; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"S MTP Server type and version {nessus}"; flags:A+; content:"HELP"; depth: 10; classtype:network-scan; sid:1001006; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"W FTP login check {nessus}"; flags:A+; content:"bogusbogus"; depth: 2 5; reference:CVE, CAN-1999-0200; classtype:attempted-user; sid:1001007; r ev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg:"I IS 5.0 PROPFIND Vulnerability {nessus}"; flags:A+; content:"PROPFIN "; depth: 25; classtype:attempted-user; sid:1001008; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 513 (msg:" SysV /bin/login buffer overflow (rlogin) {nessus}"; flags:A+; content:"nes sus"; depth: 10; reference:url, www.cert.org/advisories/CA-2001-34.h tml; classtype:attempted-user; sid:1001009; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"F TP Service Allows Any Username {nessus}"; flags:A+; content: "user pp * p ass pp"; regex; nocase; depth: 20; classtype:attempted-user; sid:1001010; r ev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 515 (msg:" lpd, dvips and remote command execution {nessus}"; flags:A+; content:"|F7 02 0183 82C0 1C3B 0000 0000 03E8 1B20 5463 5820 6F75 7470 7574 2032 3030| "; depth: 30; reference:CVE,CAN-2001-1002; classtype:attempted-us er; sid:1001011; rev:1;) # alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"S MTP antivirus filter {nessus}"; flags:A+; content:"HELO nessus"; nocase; depth: 15; classtype:attempted-recon; sid:1001012; rev:1;) # alert tcp $EXTERNAL_NET 20 -> $HOME_NET 8888 (msg:" BenHur Firewall active FTP firewall leak {nessus}"; classtype:attempted-re con; sid:1001013; rev:1;) # alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 443 (m sg:"EXPERIMENTAL WEB-MISC OpenSSL Worm traffic"; content:"TERM=xterm"; n ocase; classtype:web-application-attack; reference:url,www.cert.org/advi sories/CA-2002-27.html; sid:1001014; rev:1;) # alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 443 (m sg:"deteccion 2 WEB-MISC OpenSSL Worm traffic"; content:"|4745 5420 2F2 0 4854 5450 2F31 2E30 0D0A 0D0A|"; flags: AP; classtype:web-application-a ttack; reference:url, www.cert.org/advisories/CA-2002-27.html; sid:100101 6; rev:1;) #

alert udp $EXTERNAL_NET any -> $HOME_NET 137 (msg:" Using NetBIOS to retrieve information from a Windows host {nessus}"; content:"|0000 0001 0000 0000 0000 2043 4b41 4141 4141 4141 4141 4141 4 141 4141 4141|"; depth: 33; classtype: attempted-dos; sid: 1001017; rev:1;) # alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (ms g:"gusano referente a lsass.exe"; content:"lsass.exe"; offset: 40; depth: 50; classtype:web-application-attack; sid:1001017; rev:1;) # alert tcp any any -> $HOME_NET 24 (msg: "aaaaaaaaa" ; content: "a\*sh"; regex; classtype: web-application-attack; sid: 1001 018; rev: 1;) # Alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (ms g:"Alibaba 2.0 buffer Overflow {nessus}"; content: "POST XXXXXXXX"; depth : 15; classtype:web-application-attack;reference:CVE,CAN-200-0626; sid: 1001019; rev:1;) # Alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"A xent Raptor DoS {nessus}"; tos: 123; id:1234; ttl: 255; ip_proto: 6 ; reference: CVE,CVE-1999-0905; classtype: attempted-dos; sid:1001021;re v:1;)

3%$

#@B

*/%$4$4) 7

#5!$45$4-K)8

#5!$44)45

-$475%$$0$$)$ /$$4

*$@(-4%$ )4$

7

$5$/$$9 %$ $$4!$!E$ 4 O P 5 5$ 8 $ $/ /5B

$75$$$@@4 !E$$$%$$ %$O ?:P9$JJ/7$>7J!& 7$/$9 %$ ;5 8$ @ / %$O ?P

!&

# with barnyard (the new alert/log processor), most of the overhead # for logging and alerting to various slow storage mechanisms # such as databases or the network can now be avoid ed. # # Check out the spo_unified.h file for the data for mats. # # Two arguments are supported. # filename - base filename to write to (current time_t is appended) # limit - maximum size of spool file in MB (d efault: 128) # # output alert_unified: filename snort.alert, limit 128 # output log_unified: filename snort.log, limit 128 # You can optionally define new rule types and asso ciate one or # more output plugins specifically to that type. # # This example will create a type that will log to just tcpdump. # ruletype suspicious # { # type log # output log_tcpdump: suspicious.log # } # # EXAMPLE RULE FOR SUSPICIOUS RULETYPE: # suspicious $HOME_NET any -> $HOME_NET 6667 (msg:" Internal IRC Server";) # # This example will create a rule type that will lo g to syslog # and a mysql database. # ruletype redalert # { # type alert # output alert_syslog: LOG_AUTH LOG_ALERT # output database: log, mysql, user=snort dbname= snort host=localhost # } # # EXAMPLE RULE FOR REDALERT RULETYPE # redalert $HOME_NET any -> $EXTERNAL_NET 31337 (ms g:"Someone is being LEET"; \ # flags:A+;) # # Include classification & priority settings # include classification.config # # Include reference systems # include reference.config ################################################### #################

- 5 8$4$4 $$

-K - K5 4@$ /

!

$

)7 %$O4)P $B4)7

! # $ 4 ! )?

!!

-$$%$ $94 !9$/E/ E"1F $

$5 -$475 $ ;5 $ $ 5! %$(#;55

" 5 5 >-K a4$g a4g ;5B @ @ 48! $ 5 / $ ;5 $7@ 5$4 4$ $7 E @ @

$ /$ O ) 7 4 P $/ ;54$7 $4@ $5;5/$45$44!$ 9 575$4

./logtopcap snort.log.nnnnnnnn archivo_bin_destino

5 5 7> 5 $@ ;5O7P $4 5 $ 5 4 U / O$7 $$$$$$P # / 5 5 J$!> 9

output log_tcpdump: /usr/local/bin/log/snort.log

EJEMPLOS:

./snort -c snort.conf 4 $ 4 V45V /7$)!E$5$ %$(#;5 ./snort -c snort.conf - A fast $ 4 V4V /7$)!E$5$ %$(#;5

!"

./snort -c snort.conf -b 4 $ 4 V45V /7$)5$/$!$ $$!V$7$$$$$$$V ./snort -l /var/tmp/ -c snort.conf 4$4V45V/ )!E$5$ %$(#;5 ./snort -l ./log -c snort.conf 4 $ 4 V45V7)!E$5$ %$(#;5:=(,(+

!

d?"K;>">?"K">":

d>">":>:K"1#;#

$$5774$ /$$5%$0$;5/$!9

###### End of variables configured through dbconfig-common

$alert_dbname = "snort";

$alert_host = "localhost";

$alert_port = "8080";

$alert_user = "root";

$alert_password = "root";

/* Archive DB connection parameters */

$archive_exists = 0; # Set this to 1 if you have an archive DB

$archive_dbname = snort_archive;

!#

$archive_host = localhost;

$archive_port = 8080;

$archive_user = root;

$archive_password = root;

,$$5$;5$555) I :VV

- / !E$5$ :V$>/V ; 5 M$$45 ;5! *-( 7$ 7M$ $9 95$5/$

d/V

$ $5 $ 75 /$0 4 7 $475$ $/V!r/ ! V!E$;5%$4754$475$$5%$$/5 $

## youll probably also want to edit the configuration file mentioned

## above too.

##

$alert_user=root;

$alert_password=root;

$basepath=;

$alert_dbname=snort;

$alert_host=;

$alert_port=;

$DBtype=mysql;

*$$

d>">>"1

)$%$V&5 5V77

#K1

$4757!)D

!$

5;5!,65) I

#5$$$ ));

d>">>#";*#

d>">>#";*

>"1

U@$$5;5$/7 0/$5$*-($

;#>>";>":>

$$5 V "V $ $ $%$$ !07$$$7M$ $4 ! $ ! / !$$ " 47%!E 95

d#?#";*

- 5 / $ 7$ $ $ 7@4 ) @ $ $ ! $)$$B $ $4%$ (;5 $475 @7$ $ 5 $$ / ;5@$ $$4%$ 5$/$

!%

,!E$ 5 $4%$ 7/5$$ @$/5B $5$$B 5/$$5%$

, $;5!9) ;5$ $;54*-( 5@9$;5$$@ /5B5(

5%J"""

#4$B$ @(M ;5 $!9$O$-$P $ $5 ;5 $ 5 $%$ )$475%$UB @ $0$$ $($@8$ $ 50B 5$ !9 $ $7 0 $ 5%$ @ 4 5$$;54$5$/ $45555@5$( ;5$/ !9$$-$

!

);5$$@ ! $ $ $$5%$$4B7@4$)$

$4B7@4 5B!5 $$475%$ 5$ $ ;5 5$ $ 5 $4 55 $ 7$ $ $!%$O$-$P$ 577$5$$;56$/B;577 5)/@ /O$$4P

# 5 $475%$ @ 75$ !%$ ! $M O$ -$47P $ 7$75$ 5 ;5 %$ 5 $475O P;54O$$4PK! 7c

!%$ O+5P ;5 7 $ $ ;5 5 47$E 5$5 5$/$ )M!%$O*$P$;5O/@P 7 ) $@55 $ $ 5$ ! $ $5$ 7 5) $ ! ;5 E B$ $ @$ ! O$ $ -$P $ ;5 5$ $ $!O$P$5 @ !)5B$!$ @$ 5%$ $$ @7$;575$

!

@ $ $4B 7@4 $ ;5 9 4 $$95$ !$$$5$ $$;5 5!0;5 $ ;5 ;55$ $/75 $;5$4/@;5$ $ )45)5/B;5 @/ @7!$ $ ;5/$$0/E0$$

4"""

"&

V#>$>$5 V$9 ;5 @;5 /$ $ $B 0$ ! / 5) !$ $ $475%$ .5 5 $$ E ;5 ) 5 @ ;5 / /4$ $$B$$B$$BFG4$M$$ 5

*!FG$@;5$

" V .5/$ 75)$B+ ) 5$FG

($4 5@ $ ( .5 /5$! $ V$>V V#>$>$5V4 57$ ( $ ;:#>>:>># 5$V ?V0/@7;5$$$4$.5

#$$5$7 5($$ 9 45("2 595

/opt/nessus/lib/nessus/plugins# grep 52611 *

*0$@5@V7 V;5$$(

#5/5B $ 9 $ V V*$B 5 4 %$ 4 V$V . 5 *G $7

"

-$B $5$ ;5 5@4$V$44V;5)$

-$55$/B@$V $>$5 V$B$5/$$

*$B5$/B@ 5)7$

-0$8@ $ V$V5$/V"1 V 4$5$ $V >">> V/ ) $B ;5 $ 5 $475%$ !$ $ 5$

# / $5 @ /V "1 V 9 V "1 V 95$ V cp snort.conf snort.conf.original V

75$$5$9$ $%$%$V V) $V!VM$$ 7 ;5 $ /5$! ;5 ! $V.5V5$ 0$ @!!75$/5$!$V.5V) !$V#>$>$5V /5$! 75$4$ 5$ $V4 .5V 9 4 $

$ ;5 @ ;5 V!V @ V!V 5 4V$$4V ! 7 $$ /V$$4V )$ r ! V5V ;5 $ 4$ 4

"!

$$ 9$ % ) !E$ V 5V ;5 / 5$ @$

$5V !!E$ 5$VFGV 6$/B4$B$$V$VaDWb

* /5B 5 $ 5 $ ;5 4 @$475V$$4V $/$ ;5 >>>

75$ $$ @ 5$ / AD5E 4$ $5$ $C

*$0B) $ V. 5V) 5$VFGV

#5 75 $ $ @ ! $ @ 57$ V.5V $ 5V#>$>$5V ) !$ @ V5V $ V$$4V $B ! )$B

!9/@ $ ;50;5/$B%$$ @ 7 5$ 5$ $ 5 /5$! ;5 V.5V )!5$5;5 $;5@$ $475$$5( 4;5/$ $5 / $ 5 %$ 7 $ B 5;5$$8 %$! ;5!;55$!

5/5$! @$5 $ 5.&)$;5$//$ B%$;545$$ (;5$$$ 5$$45$$$ /$

*M$$;55$ 5$@!;5/$B) 5$/5$!;5$ V5V $/ V$V $ ;5 ! 7$ $5 V" V !975$4

$ @;5$ ;5 $B@! V.5V 5$ / $ 8 $ V 5!>$>V 8 ;5 $$7 / @ $5 %$ $ %$ $ 0 ;5 $ $ 8 %5$ ! 9 5! $

K $5$5/ ) V " V *! $ 5;5 8 /V5V/@;5@ / 0($5$ 77;5475!9

alert udp any any -> any any (msg:"prueba de local rules"; content:"prueba de snort"; classtype:suspicious-login; sid:1000000; rev:1;)

5 $ $ 0 ) $ @ $ $ $%$ V # V 1$ #1$ !?% , ;5 $$ V$!B V 7 57 /$ V-5 V#&9 $$59 $;5$$

""

@V " V;5$$ %$!M;5;5;5 BV #: V

# $ @ !@ $ 5) 7 )75 /V5V)/5/$B$V snort -i eth0 -dev -c /etc/snort/snort.confV

@;5$ $ ;5 7$ / V 5!>$>V 5 ( $/@$ %$ @4 ;5 @ $$ $ # 5$5/$/9$ $V ;#/ V) 95

r hping3 -2 direccion_IP-IDS -d 100 -E prueba_snort_01

E$!$)$B5

AD5E $$ ;5$B$CA- $;5475$/7$CAD5E$ 5$ 5!$C

, $/ ;5 /) 95$ ;5 7 %$ $ $ 5V$!BV $ 5V-5 V $ 50 $ $475)7 5$8 $V %$$5$ 5 " V/$ 45$B$!9 $$@@8 $;5 5 $ !9 V,--(Y. K6

"

output log_tcpdump: tcpdump.log

output alert_CSV: /var/log/snort/alert.csv default

?$5$5 ;55$ %$@4$9VV

*95$)5

?$5$5;55$$$ $8%$4 V$$)5V) 5!545$$$

2*/$V$$4V75$7

include $RULE_PATH/scan.rules

include $RULE_PATH/dos.rules

include $RULE_PATH/icmp.rules

3?$ $@4$ $7 7;5$$$5%$ $9;5 $$B $@4;5@$$ $;5 $7$47

5

|=,+.*.,$)g|H&>.,$)7 V(-#VWW) W4$$W4$ /"2W) !5$G$I$W3"W/W

|=,+.* |=,+.*.,$)g |H&>.,$)7V(-#5D5$VWW) W ) !5$G$I$W33W/"W

|=,+.*.,$)g|H&>.,$)7 V(-#$VWW) W4$$W4$ /"2W) !5$G$I$W3W/W

$5

|=,+.*.,$)g|H&>.,$)7V -*.U.(.VW4IW47"W4$$ 1W) $W2"W/3W

|=,+.*.,$)g|H&>.,$)7V -*.=*VW4IW47+*#6"W4$$ W) $W2"W/3W

"#

|=,+.*.,$)g|H&>.,$)7V -*.$ =*VW4IW47#6"W4$$ W) $W""1W/3W

5

|=,+.*.,$)g|H&>.,$)7V &XGVWB1W47!W4$/W ) W"21W/W

|=,+.*.,$)g|H&>.,$)7 V&VW) 1W$$V___VW$W4$$"2W 4$/""1W) W"3W/W

|=,+.*.,$)g|H&>., 7V&F$$5GGVW4IW476_W4$!57 ;"W4$/W) W"3W/W

1#$B)/475$9 V5V;5475$$$5%$

|=,+.*.,$)g|H&>.,"7V< $58,#:G]$5^VW47*#W$$V#*$5VW$W W4$-K-*."W) 5WW/W

|=,+.*.,$)g|H&>.,"7VF !,#]$5^VW47*_W$$V,&+$5>VW "W4$-K-*."3W) 5W"W/W

|=,+.*.,$)g|H&>.,"7V I!,#]-$-F$5^VW47*_W$$V-F VW W4$-K-*."3W) 5WW /W

|=,+.*.,$)g|H&>.,7V 7$]$5^VW47*_W$$VVW$W W4$-K- *.2W) 5WW/W

|=,+.*.,$)g|H&>.,"7V =#.$K+U$]$5^VW47*_W$$VH

"$

|=,+.*.,$)g|H&>.,17V( (#+(.K5$!)]$5^VW47*_W$$V#+(. VW "W) 5W1W/W

|=,+.*.,$)g|H&>.,7V )K!$7$!544/4I7$]$5^VW47*_W$$V$ 5VW W4$5III7/-*"W) 5WW/W

|=,+.*.,$)g|H&>.,"7V ,#/*I*$)6$]$5^VW47*_W$$V5 o VW78W$W "W) 5WW/W

|=,+.*.,$)g|H&>.,7V / $$85$]$5^VW47*_W$$V}3 "11"--:1:"21"233333""}VW W4$-K-*.""W) 5WW/W

|=,+.*.,$)g|H&>.,"7V ,#$/54]$5^VW47*_W$$VH.,11117V :$H5I/,#4IG]$5^VW) $W W/W

|=,+.*.,$)g|H,,#>+K+ 7V=#+(.,*+K+1 7V*!!"!544&/4I]$5^VW$$V#&,========VW

W) I! $GW4$ -K-*."2"2WW/W

"%

|=,+.*.,$)g|H&>.,$)7V* 8$+ ]$5^VW"W"W"W > 2W4$ -K-KW) W"W/W

|=,+.*.,$)g|H&>.,7V !$I$55$]$5^VW$$V}"}VW47W4 $-K-K1W) $W""W/W

|=,+.*.,$)g|H,,#>+K+1 7V.,((4H,,#;5HK5$!)]$5^VW $$V}2124332222""11111}VW "W4$-K-K 123W) W"W/W

|=,+.*.,$)g|H&>.,$)7V ]$5^VW2W > "W"W$$V}1111111 111}VW44W W) W"W/W

|=,+.*.,$)g|H&>.,"7V $$G]$5^VW$$V}""4"3"2424 3212433}VW) $W"W/W

|=,+.*.,$)g|H&>.,"7V $4 7]$5^VW$$V}"2"4"3 32332223}VW) $W"2W/W

|=,+.*.,$)g|H&>.,"7V $$74]$5^VW$$V}""4""432 3"422333343233}VW) $W"3W/W

|=,+.*.,$)g|H&>.,"7V $$7 7]$5^VW$$V}""4"332 332223}VW) $W"1W/W

|=,+.*.,$)g|H&>.,"7V* $$)5,#$!]$5^VW47*_W$$V6+$5VW$W W4$-K-*."W) 5WW/W

6J""".$

, @5$/B@< $58$!5%$!$ $$O ;$ P;5$5)4$ $59

($$)$)$

"/;5$$$$ )

($5$/$475%$$ ) 7;5475;50!9)5$$!5;5V$!>/V

route entry 192.168.36.129 route 192.168.36.129 link 192.168.36.128/25

"

route 192.168.36.248 unreach 32.0.0.0/3 ### Default Template create default # Set default behavior #set default personality "Windows NT4 / Win95 / Win98" set default default tcp action reset set default default udp action reset set default default icmp action open # Add specific services add default tcp port 139 open add default tcp port 137 open add default udp port 1337 open add default udp port 135 open add default tcp port 31337 open create router #set router personality "Cisco IOS 12.1(5)-12.2(1)" set router default tcp action reset set router default udp action reset set router uid 32767 gid 32767 set router uptime 1327650 add router tcp port 23 "perl scripts/router/cisco/router-telnet.pl" add router tcp port 80 open add router tcp port 443 open add router udp port 161 "perl scripts/unix/general/snmp/fake-snmp.pl public private --config=scripts/unix/general" bind 192.168.36.254 router ### Dynamic honeypot dynamic magichost add magichost use router if time between 12:00am - 5:00pm add magichost otherwise use default bind 192.168.36.150 magichost bind 192.168.36.151 magichost

95$V farpd 192.168.36.128/25VA#;5E/CA#;5E7$7)@C

#%$$ >">;$#

295$V honeyd -d -f nombre_archivoV

AD5E5C

A#;5E %$V ?V

A#;5E %$V ?#V

"

3B $7$ $7

1 B $ $ ;5 475$ $ / $475%$$)AD5E 5!$C

$ 7VH$)V$ a"bDjj

475$ 577) $B$5/$$

95V V 75$ $ $7 AD5E5C

"E$$$5/$4 75%$)775$$5/0$

add default tcp port 23 "perl /usr/share/honeyd/scripts/router-telnet.plV

)$0$8$

#add router tcp port 23 "perl scripts/router/cisco/router-telnet.pl"

>UUU;$ $/7 $/7 $

6+

&

,)0

O40 8 P $ 05 ! .*,

CAPTULO 8: ALGUNOS CONCEPTOS M`S

8&H""#"#12

!

5)$4;5$$@ $ ;5$5$/2! * / $0 ;5 5 / " 2 / 1 ! $ 5 ) $ 5$ / " 2 /$ $$ - 75$ 5 9 5$ E $@ 4$ ;5 5 ! " $ 5 5$ 8 $$$$$%05 9 5$$5$;5$$ 9 %$5 $8 /4$$! ;55$$98$ / $!8$E$@5@4$

& 7$4/ ;5 %7 $ @8 $$$7M$ ;5 45$ % $ $ 0!$ ;5 !! $B5;58$-$ 0 ;5$$$ ) 5$ %$ ;5 9 . * ) $ 45$$$=F0 5$E 55$$94 5 $ 5 4! 45$ 9 - $ $@ ! $@ /$ ;5 5 @ 5$ ) $75 8 5$5$ !45$ %$ 5$)!5$ @ $75 $ $4$ ,!E$ $ $ 5$ 9 5//$9 5$ 8$%$,H$-$$5$ !! 8/$ !9 $ ( $7E $W @ M$ 8$ $7,H+$-$$8)$($7E 0!/$ /$ 55$ % 5 5 $ $ "#= 5$ 84);5$ $!@ );5$5/$5$$ /$B ) $$ 4/ / $ ;58$)

8&&*>*& P);5$/05$ ;5$$/@7 4 $ $5 !$ $ 7 @7$ 5$ $ $ !E$ O *>*& P ) QO*& P$ $59$$ !$

#$B5 7!9 5

Registro diario 2010/02/02

2010/02/02 00:05:02,020181 UTC 0000000000000000000000000000000000000000000000000000000000000000 2010/02/02 00:05:02,020278 UTC 79522C4763AA35783BE9E5953686EB7EA9E2515BC5CF0E3CF2A1D439C7C4F414 2010/02/02 01:05:01,310722 UTC E27D8AE1B5AF0B6FBECADDDE7F3D578B2CA28A3FC9F65DEE924AF21FEB01A9DE 2010/02/02 15:11:55,071243 UTC 609134A19FEB1B78C3E8512A81C4D2A3F34C8C18AD58D83F40B7E4EA214DF98B 2010/02/02 15:22:23,393439 UTC 982923732BC8775A71CB292B9EE292EB4B0DFB6498B7C6AC5120DD23BD4105FD

$

2010/02/02 15:32:53,074430 UTC 8E57AE9F14A1A4B7265ECE1C5CFB1339BAA2826D4A9C4143D34A0C3AFE52B6E5 2010/02/02 15:50:19,161434 UTC 3EF3E4B730C39494E86C1A43E72E77C28F821E428C776515BB2BEE1CB8B40146 2010/02/02 21:05:02,038257 UTC B58705BF7C85ABA86D914890EF10CABB1AF000A5FC8C0C3AE837DEA9F15D7B31 2010/02/02 22:05:01,225798 UTC AAC553223833C9D3A8DC2BFA38ACBF3D07B4CE0D051249A44BA6BE1D4FDBA24A 2010/02/02 23:05:02,010294 UTC B529FE51BDA674CA04E130A6903CCF9516353DBD5BB88D677985740965C140D9

Registro diario cerrado a 2010/02/03 00:05:01,313984 UTC

Registro mensual 2010/02

2010/02/01 05DC732C170949AA20726F43EACF5BF933F5921A372FF488B3BD26538EB930A5 2010/02/02 3A233C5771B5C63F6755CA4D84D153790C63B1F92AF0F471595D899A84EEB695 2010/02/03 8D21D8C78DB2F65585B5A9CC7B71B669B508778D1DBFCCABA5344651DE7FD8C1 2010/02/04 49DBB2C723D27A259AE21F869EEFBE03F3441F86F380C3A44EA584E2F2018B52 2010/02/05 660D4B9D49E1B643F1CD054A3020922955375769992F5871909FABFB61FD14DD 2010/02/06 B980623C33A200B7E9FD6376634BCEAA0DB0D99446B2906A6E1108F542D82B3D 2010/02/07 7E412323CF42DDA9FD83216BD30DB0064549E0F93DCA343E76881024E318ACCD 2010/02/08 2224C874009D59A9A76840216931B3F5FE088AA57D5F1CBD5A8F5FD8144D1A6A 2010/02/09 57549A3D60D60701F131017CD54B1D9EC452FDE79C3B46E18EC8DC0A45875A1F 2010/02/10 677F7C4A5D56D1667859FAD3EE10929EB39812E268E78DD6CA8505D5A51F4731 2010/02/11 24B695E6DBDCE7E464A9567E6794025EE6D60403A7474644B3000E6A36E5A519 2010/02/12 72560A7B4F0D0ECBDBA68360646CF92C13F24687778EFC3E63FD19397A457436 2010/02/13 F284696A2FBABD5BE42205E6CDCAB2D0A444DA58FD917B9559401C0C79CE26D5 2010/02/14 EC81D386C8789187C8217D0199A1FC23A0910586CE81990CF91453943B9EF77E 2010/02/15 02EFCBD6EA587719910C44BF4B09067A476B9C6388D74329104A8FD63AF97922 2010/02/16 4D362846AF29EC46F0A6B5C809B801F4C3B5866C165C0396343FAB7525AE57EE 2010/02/17 779CDE8A377F1D4F4780DFFC1359EC95F0A1EA52BD838275180AC70FBD3D910E 2010/02/18 75E8376D56CF40FFF9F68A06B109F26429ADE3AAFB297991D96007AA179ACCF9 2010/02/19 C29A53CCA1C1B3F7CCDD25DDBD394775D867674E5DC407A4698423940657333B 2010/02/20 268523621D2250917AC2267E6AB827B418F3C5D597EB219D423209A95ABB141A 2010/02/21 3E4C1FD905C478092C97EAA5C486013D17E7B04207B8B4B47188BA03519944C3 2010/02/22 5AF20D774724DFC93E9B6D58E54D89609962F40FD34B78A71B134AE7C002CD8F 2010/02/23 996D18F4A0A53B10CF88DEA69F8836B1CE5776E47C97499F851250FACF20710F 2010/02/24 091CB851DA36629E0B5AD9719D83A2E4E2E9515D0871385A132226687777B8AB 2010/02/25 D48C83CF1A175BF50596E09813BC9544D1B4ACD08BE93E9C3274E670787E3C18 2010/02/26 966CC6CD03D3EE92BF04CCA314687BD6D08FC9C601E6551B2384E3ACDC6DD12D 2010/02/27 2FFA26317C4F883341EF63FE0EE1A00F1FE764C3BDD60171C2104790FDDDE57A 2010/02/28 D61ED008B1A135B02FD3753AECBB881A9E14DFE490266671AB8F98568E48BC41

Registro mensual cerrado a 2010/03/01 00:05:01,096550 UTC

Registro anual 2010

2010/01 54CD48C0AAF80EE1FA04EEE959AE76DE84AB6E4E6FDACBBFE8D6D254BEE06D65 2010/02 A1099F3D6D06A8C863D80169E16229C0BAD11D73572AF9115A8F9A2389F138D3 2010/03 2C5BA0A4A1FD4BF75E1400923059D572ACEF4B4E3547CCD1D7E484336F43F424 2010/04 3AEB0E878098B4FD7B2A3D5B155870E992B10A7E009767AB6291C9695032B5F0 2010/05 E76ED3A8C43FA09EBAA4E1511FF67B2A7C3FA437E2F43D510D762A8298D787A5 2010/06 0BB156E86ADB5FB4F9BD8B71EC0AC4D5E90458A5C341FAD3BC1C2784F132F244 2010/07 8DD5E63182C45C8251540211E5479B020AB6B5352D2A350C6AAC9440B6DF2B04 2010/08 D121BF392B1BEC4DE60E51D7D3D3610EF8E66102B3444A26F227D4C5CCE9D543 2010/09 8092ECF94C5595B509E3365D21A58A0852D6192562EB24A33E1102DF3A573BAC 2010/10 A3C045077C93EB0DB74C6C3BBA7DD7D8DAAA0D1330B4B2011E6BCCBC6FB16B66 2010/11 6DE17D86A62A73484365B7F714929785889DD436C420EF934AC23BC2795ACC7D

$!

2010/12 D9F1B9DE40E1EE0F4313F73F138C2F537967B9B22B94823F264741859B73F87E

Registro anual cerrado a 2011/01/01 00:05:02,050778 UTC - E/$ 7O+7 P0$$

"""""16,-

*;5$7$5/$$ $5$$$@ 0 ) / % # $ %7$4$B0

Registro diario cerrado a 2010/02/03 00:05:01,313984 UTC 6$$5$B$5/0 / !7{O+7 PA;5E C $ $$ 7$5$$5/H*H ;5 $$%$ 0 4 $ / /O/ P;57$5$ $5/5$;5@%0$$5 $$

"""*"-33:-223-*13-2:"* 31*1:2

4$B 7$$ 5$ 7$5;5 5/!E$$ %O+

$"

$ @7$ F! %$ O+?(,+& K 5$ $%$ P 595$M$H;5$ $!E$5

$ $5 7$ $ $ 5$ 5 55 $O*-P ) 5 / O$ P $ !%$ O0 P , 75$/$$$ ;5%$5$O- !P$ 5/ ;5

#$55$/$$/ ;5475$!9/$$OH $ H 5 H 75$ P 5 5 $ $47$$O *&>*>* PO&4&&44B6&*3/ P $%$$5/$/$$5 !/@;5O, P $7$%$O -8 P$$M **&&);5 75$ 7 5 $ **&* **&/ ) **&3 -$ 5 5$ 5B $ $ 8 $ 7 ) $ $$5%$ 7$$57%H$ 5 )75$

HASH REGISTRADO CON EXITO +!@$575$$975$45 ,5!9 (K$-$$,) 5 7$W P $8 G37$5PW 7W !5$)P211-23**2*31-22:P

,$(7$7211-23**2*31-22:-$$,) 8 $

$

,*-+(#,&

$#

Hash siguiente: 8E57AE9F14A1A4B7265ECE1C5CFB1339BAA2826D4A9C4143D34A0C3AFE52B6E5 Fecha: 2010/02/02 Hora: 15:32:53 ,074430 UTC Datos del cuarto sello de tiempo: Hash anterior: 8E57AE9F14A1A4B7265ECE1C5CFB1339BAA2826D4A9C4143D34A0C3AFE52B6E5 Hash actual: 56B0BCB528771396C8434982C48FCD507695A11BECE4F2320AC C38E1789F45BA Hash siguiente: 3EF3E4B730C39494E86C1A43E72E77C28F821E428C776515BB2BEE1CB8B40146 Fecha: 2010/02/02 Hora: 15:50:19 ,161434 UTC

K$B$45$$O / P!!5$;5$$ 0$5/$57)

- 5 H 75$ ;5 H$ 75$ H 75$ 75$ ;5 H$ ) M H 75$ ;5 H$ 5

$ $$ ;5 " " "

A#%!$/5$C

8 $$F! - !

$$ O .; P $ H;5 O5! 55 P)

$$%$ 45$%$ OH" 2P $ 5 5$ $5/5$ "2 ! 8 $2 07 8 ;5 / O .; P

$$

5 ! 5;5 $ ;5 ; 5 45$%$ $ $5$@/ $O"25P *& ;5 7 O- !P4$

Registro diario 2010/02/02 (del Criptolab)

2010/02/02 00:05:02,020181 UTC 0000000000000000000000000000000000000000000000000000000000000000 2010/02/02 00:05:02,020278 UTC 79522C4763AA35783BE9E5953686EB7EA9E2515BC5CF0E3CF2A1D439C7C4F414 2010/02/02 01:05:01,310722 UTC E27D8AE1B5AF0B6FBECADDDE7F3D578B2CA28A3FC9F65DEE924AF21FEB 01A9DE 2010/02/02 15:11:55,071243 UTC 609134A19FEB1B78C3E8512A81C4D2A3F34C8C18AD58D83F40B7E 4EA214DF98B 2010/02/02 15:22:23,393439 UTC 982923732BC8775A71CB292B9EE292EB4B0DFB6498B7C6AC5120DD 23BD4105FD 2010/02/02 15:32:53,074430 UTC 8E57AE9F14A1A4B7265ECE1C5CFB1339BAA2826D4A9C4143D34A0C3 AFE52B6E5 2010/02/02 15:50:19,161434 UTC 3EF3E4B730C39494E86C1A43E72E77C28F821E428C776515BB2BEE1CB8B40146 2010/02/02 21:05:02,038257 UTC

- 5 / O$P $$ M$ $$ 5$ $$!5$$$5 Q";50!5$ !44

-!$$5$ 5-!- 5 $%$ ;5$ $ O .; P ) O.; P $$$7M$O- !P$ O.;" P;5;55!%555$%$ ;5 % $ 5 $ $ $$ ;5 O P55$ /) 5 545$%$5$;5$ 4 $ 5 5 ! O?$B $ ) P !5OHP55E;5$! @ $$$$;5;5)$ $5OHP )% @;5 57$ OH 75$P 8$ 75 ;5 475 $ % .& #*p( #&+*

$

5;5 ;5)O$P$ /)$;5 5 90 5 $ 5$ 55 ;5 !$ 5 O7P ) 57 5 4 0 ! $ 5$ /$

H;5 $4$$ $ @)!9$! % ;5 5 /4 $ $ $ ;5 $ @7$F!$$75;5 4@@ $ 45$B @ $ 5 0 /@ ;5 8$ !E$ E$ ) / ) / ! E$ 75 ) 7 $;50;5 5!/4 @%O-P/E)M$H

$%$O9P $4$ 4!9$

8&&&$

#?##)?#/)#/!$!5$ 5$ 7 #L$) $$Q ! !5%$;5$5$ ! 7 ) 7@4 66 -!$ 90 / E ) E $ $ !9 $ E$ 7@4 $4$ $7 / $ @$ $ E$ !E$ 4 7$! $8$ 75 M$ $ / 7@4#?# 5 5;5E$8 $ $$ 05 4 @ E$O0!P $5$ / M$ / $$$7 8$

$ Q , ($$ $7$$7 ,G 5! ,?*33 O# P;557$Q"3;5! 5 ,?388 $O& $#?#*$ P5)F! III $ 7 7 /B)@$ $4$$7$ %$)$4$/

$ Q 2L$$ Q0O#?# ($ PD5 $ 3 ;5 .*(.IG*($4$$$ Q""$5/$;5 Q0O#?#- $P 4 $ 5 8 !E$5$ /%$#?#75 5$

$$5 8$ ! $ ?.6#/)?5 !E$ $ O P ;5 $%$ ! & $#?# +-1 1 $$ F$R $ M$ %$ $ 7 ;5$ $?#?4I

$

-,H

ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Inte rnet Protocol

ETHERNET: Destination address : 0020185751DC

ETHERNET: .......0 = Individual address ETHERNET: ......0. = Universally administered addre ss ETHERNET: Source address : 0020185751D2

ETHERNET: .......0 = No routing information present ETHERNET: ......0. = Universally administered addre ss ETHERNET: Frame Length : 158 (0x009E) ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol) ETHERNET: Ethernet Data: Number of data bytes remai ning = 144 (0x0090)

IP: ID = 0x190B; Proto = 0x32; Len: 144

IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0)

IP: Precedence = Routine IP: ...0.... = Normal Delay IP: ....0... = Normal Throughput IP: .....0.. = Normal Reliability

IP: Total Length = 144 (0x90) IP: Identification = 6411 (0x190B) IP: Flags Summary = 0 (0x0)

IP: .......0 = Last fragment in datagram IP: ......0. = May fragment datagram if necessary

IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 128 (0x80) IP: Protocol = 0x32 32h = 50decimal(IMPLICA AUTENTICATION HEADER-IPSec ) IP: CheckSum = 0xA107

IP: Source Address = 10.190.10.214 *** DIRECCIONES DE SUBRED** IP: Destination Address = 110.250.10.83 ** QUE FORMAN TUNEL PGP **

IP: Data: Number of data bytes remaining = 124 (0x0 07C)

00000: 00 20 18 57 51 DC 00 20 18 57 51 D2 08 00 4 5 00 . .WQ.. .WQ...E. 00010: 00 90 19 0B 00 00 80 32 A1 07 C0 A8 FF 6E C 0 A8 .......2.....n.. 00020: FF 69 87 16 96 FA 00 00 08 65 F3 F5 67 7A A 1 7F .i.......e..gz. 00030: 59 63 51 DC 5B 69 6C 28 12 5E 73 84 00 AF 4 7 A6 YcQ.[il(.^s...G. 00040: 86 24 8A 1D A9 8C 38 A1 4A C8 B0 4A FC 90 9 0 9A .$....8.J..J.... 00050: FF 3A AB 8C D0 1B CE 70 14 18 5B 9A 8D 3C 6 F 92 .:.....p..[..

%&

$9;5 O*5$$H P;55$ !;5495$(#

$ 9$ )$4$$$ @?#? $$$@ %

8&&*

%

$! $4%$55 /+*(6475 / 5 $! 5 $ 55 ) $ $4%$ $475%$;5E$ 5$%$ /@ ! 5$ O P ;5 $5$ $/@ $ 8 $-5;555 0$.* ;5 E7$55$%$

/ 5 4$E5 $%$55+-"12$$####*#-H*#7$ 6.(=5 $

%!

"+/

($4 1 ! $$ $$ $5) 5

%"

$ %$ /$ 7 5$ 5$ I ) 4I ;5 ) $ $ $ ) ;5 5 /B ;5$ 5$ $$$$$ ) 5B%$ B%$ ;5 $ 5$ 5 $5)$ !E$ $ 5$ 75$ 5$ !9 $ O /P ;5 5$5!$@$$5 $ %$

8*&"7B"$

%#

6$ $4 4 ;5 $ 5 $! 5 5 %$ 5 $! 7$B%$ $ /$) 0

& $4 ;5E$ 75 5 /B *- ;5 @ 5$ *5 -4%$

45$$)4$ 0 /B 45@$5$4 B/@)5@$ 94 5/ M!;5$5)$E$ !5B 44

6$ $4 4 $M ;5 @ M$ 4 5$ *5 - 4%$ $4@$;50/$5$44$ 4*5-4%$

*5 -4%$ 4 ;5755$

%$

KA;8&.

KAA;2 ;"

8& 8(8&.

KAAA8; ?#8(,0

%%

, B ;-$?

%

* $$5%$ $ 5$ 7$ $ 5$ !47$$

H ;50 $ 4 ) ;5 $$ 4 $B $ !7 / ;5 4$ / $54%$$ O-4P4$ 4 ! 4%$ $ ) 5$ 75%$ 04 ) $7$ 55$;58$ 4

#$

#4$

%

7$B%$)$

5 $$

*5/B$ 575$O P@45$$

- $@4@ ;5)$;5$/ 4%$$7$%$!)%$ %$5

- " $ ) 5! 4 47$ 75$5$%$$5.(

- Q - " /4%$ $ $ E/5$$7$$4$$ $

- $Q/4%$7 %$5$ $$ 57$B%$

= B$$455#R( )55;5$B / M! $ ;5 $ $4 5 5 $8 4$ $ $759 & *! )$8 .$ &$ ) 4 4%$ @ 5$ $ $75 $$7 +5 - #/)$$75$$%$*.5$ 4$$/

5$,$$

* $ 5$$$;5 4755;5$/7 $$ 4=),M;5$$5%$

5$ $Q %$$9E $ ! $5)$ ($$ . 5 )K(*$ !%$ (: ?, 4 K7 $ *(- 4 5$9@!$@$+* Z?6

&

$5$ $Q 4 !5)5$ %$ $ $ 5$/7 ($$ 8 % 5 H $ & $ ($$-$$#7 4

$0$/4 D5$ $5$%$;544%/

6$9 5) 4075$

#/ !5%$@$ 5$7075 !$%$/ M!7 $B%$$75$$$ 5$ 5$ ) ;5 5 $/$ / -7@$ 5$ M$ / ) /4$ 5 5 7 75$$ E4$ 55 $ 5@ 5 7 5 / M! $$ 5$M$57

!

1""7 5$//5)%$ )/4

$ $! /4 $$$5$/ M!)5$ / )$4 $$

# $!$$4%$ 4 ;5$$ $!$

o + 4 $ !0$ 7 4/ M!55

o + < /%$ $ / 4 ;5 75$ B%$ $ / $@$ /7$ $ ;55 5 $ 5 7 $$7E-+*6&*6>&-*G

>*6* -%7?50!5$ @ 75 ($4%$45 5!95$") $5$$75 @ O&!9/ $P $ Q *.&+ 5!% ?>*6**G $!"

>*6/ ?50( $%$! $ $5$ $%$ 5$ ?( 45 5! $ 4! " ) M$ $ 85%$ Q

>*63 $;5! E$)$ ;5 !$ B ! 5$ ?( 5!% $ ! "-!$$;50;57M$45 $O-$P$!$/ $ 5 $ $ @ /5 5 $ /5%$ 0 ;5 5)$!$$! /$B$$/5$?(

>*64 , $O?%$ 7P5 $$445 5!$ 95$"1)M$$@5

#!

Q -! $$ ;5 4 %$ $ (&"3 $ 87$$75$ 70 $ $ O*$@ +7P ) 5$ /$)%7 $ ;5 )/B@ $/4

>*65 4 ;5 ;5 ! 5$ 5;5 7$B%$ ;5 O$ 4P ( &"345 5! $ B"3

>*66 :?50 505$?(

>*68 :?50 50$ 5$?(

> *6& : ?50 7%$ 75 ($4%$$7$B$

> *6&& ?50 $%$ 5$ ?( ,5$$ 5!% $ ! "1 M$ $ @ $! $ Q

>*6&* :?( $%$

>*6&/ :($7%$$(&"

>*6&3 :?!$ /5$?(

>*6&4 :4$$

(&(-"32:+$4$$B $7$B$

> *6/& %$ ,(- $ - $$5 .7 $ 5!%$ $ 04 ,(- $ 5#$-$$5.7

>*6/* :-!75

>*6// 75$ $3 5@ )") @$ $!

>*6/3 :?5075 $$ 4@

>*6/4 :?50 7%$$$ 75

>*6/5 :?5075 8$B%$ $

>*6/6 :+$/$7

>*6/8 :+%$7

>*6/G :%$$5$(

>*63 :75$$$$4 %$

*66GG #5! $ "1 ) @ $ %$ 5$ ?( $ @! $ Q ) @ $! $ *.&+ 5 /%$ $ Q

#"

84*H;

&7$B%$ ($$$ @$ -%$ ($$$ $ $4$ 5$ B @$ 5$&7$ $$ ;5 $ ! (& (- $ $ . ($$$ /E E E$ ! 7$B%$ / $ 5 /E$ *6&*4% ,!E$ X,- ) $ 5!E *6 (,O5),$;5P

13 7$B$ $ 3 0 $ $ $ ) !$4 $5/$*5$ ?*6& M$ @$ $$$$ $%$ 75 $4 %$ ) 7$B$$ 5Q 5 /

* 4 4%$ 5! 5$ "7 $ ! $ ;5$ 5! ?44 Z 6$R$7*$/O, 4 - 0 ! !+GA.5( !0 ;5 $ 5 5 4$ 5$ ;54%5O6 $5 4 6$$$7P $ 6R* ) $ - ($5 +$6$ 5$ 7 ;5E @$ " 95 "2 M$ 4%$ ;5 ! @ @ (&(- "3"*$ 5;5$ $4 $ %$ / $ 5$%$!%5$ B5$Q 5$"95"3

- $$ $ 5$ ;5 $ @ $ !O?%$P/$$ 8 $;5/$055$$ 4 ?G O?%$ -P ?&3 O?%$ !$Pc ! ;5 5$ 5 $ 5 % 5$ 5$ 5! 5

#

. $8!$5$O- /P5$ 9 $$5 ;5$ @;5;5$0O$7P#-* #$JJ-GJ*$ $7 ==( /5%$ $$ ) /7$ $ @ $ O$$//P$455)$ 0 $$@$455($4%$ ((

A?$75 C

!$$/40 8$$$/ $$((

##

< %$#4 B%$#5$5 *5$@$ )-$+5 ), #$ 45%$ +7 40 -$ )

?$

* $ ($/$ ) , %$ 5$;5 ,E$)5 $

&7$B%$5.7 -$ ( $%$ #0

75 7%$, $0 ?%$*$%$- ($7 #$ *5B 7M$ $

#$

""7

&

@$ 45 $4$ / 5$ !$ $%$ %$$B%$/%$ $$$)9?( %$?(!5$%$E7 7$B%$ 5@ $45$ $ ) !9/ ;5$ 75 Q)55 $@;5 5 %$$@$5 $$$@ 5$

*#@

#%

@55$

?(

+ $!*$%$

2*50($$?(

3*$%$/$?(

19?(

@55$$4$5 $ $

-5;5 85%$ $ $ ) $$ O$ P 4 %$ 7!954)! $$4/$$ 57 5 ) $ 5;5 $ ;5 5$ $ 85 $4 $ @$ $$$ $ @ ! $ ;5 85%$ $ 4 ) $! / 75 ;5$ $4%$ ;5 )$ $ /E /5%$ 7)5/B !75$ )7%$/7$

*

#

2 ($$ 75 5$ / /$ 75 $4%$ $ $ ;5 $$ 5$ !! $ )$B$75 $4%$

3 $%$ 75 $4%$ ?( ($4$5) $7$ ) # ! $ $@ 7 $7 5) 4$ ! $ $B/$$)975 $4%$

.&,* ?( $5) 0 $ / $! @ $ )5

1($7# /75 %$) 55

+757$$575$ $B75

* %$7%$ 5$7

*$@ 7 6 @ $4 %$ $4 45$ )7

" K%$7, $@)/5%$7

/5%$ 7 # 7 $ 7 ! $ 7 7$4/7

*-

#

/7!5$7) 7# %$ @!$#-*$ $ 5$"

"-$5$

, 5$ ;5 ?( @$ 7 ) $ 6$ $ 5$ !@ ! $ $%$$

* !5$) 4%$

+/$5B$) !$ 5$

*75;5!)/$5 $$$4

*75 ;5 M /$ 5$ ! E$ $!) 5

*75 ;5 5$ $B$ 7! ) 4@$$4!

*75;55$E$ $! ;5$$)$$4 75 ) 4$$ 5 $ !54%$

*75;55$7$8$$ $4

*75$!5%$5$

#/$ $ 5$ ! ) 5$ $4%$ ) ;5 ;5 $ $ 5;5 %

4 #:7

#/4

r7 7/4) 7>

?$M$

r"25 gg "2?$5$) 75$ "2

r"25 "2O-GPK45 $7

X+-(-(+,&-&.?#?

?$5$/

?$5$4/%$

8 /$!$)$*-((

K$5/

:5+48 / //G)7$5 7$H$;5 )5$/$

K4557)4K4 ;5E$4

?$5$/85;5$5$ 85/ !9

#

4 E $$ B/ $ $ / 5$ 5$ $/ ) /4 ;5E$ 5 ) ;5E$ $ 4- /7$$4

+B 9 $ / E A 5 % 7 /554$C

K4 $47$ 740$ 740 Q$4K454)5 7M$!

?$ M$ "2 / 4$ Q 7 5$ /5;5

*7)7$$5/$ )/45$

$&

75 $/

$&"

& ,2"

$$/)9$ $ @$E5% ) $

&" . 6$ /0$5 85/$ $ $ M!$$75$ %$#$$ ! $$ ;5 5 $ W 8$ 7 $ 75 M$ 740 ;5 $$ 75

;8 8 $ 0 ;5 40 5$ %$40O >0% P

28=.

$&

-5$ 5$04 $$55075# $550 ##@"$# $!@575$

($4%$ $ *;50 ! $ 5$5%$8 5!9$)!/ $

A-5@ $ 0C ! $B @ $40$ $ 5$ ;5 @$ $4%$ ) $ ! $ $$ 75 $ ! 4!%

?!$ 5$$ 6!%$ / 75 $$;5 $4%$!

-$ ;5 75$ #$ ) 4$ $4 $5 ;5 75$ 4$ 55!%$ L% !9 4!$

/ HI $$ $ 5$ 40D5E / 8$ 5 5!%$ / $475%$ 75 $475$ !%$ !%$ 5

/ @$ 5 % $ H) $ 0 M$$$ $ / $ 9 !E*5;5! $;5I

-4%$ $ B ! $ $ ,:J23 ,(*(* ,5$$ ($5) * $$($5)*$ ;5 4 @ 4%$ ;5 !$B$$5$$

-$ ! , 4%$ ;545$$ B $ 5$ !;55$)$575 $%$!$$5$%$ 5$ $75$/40 5$5) Q8@5$$ $B

#$ ($ $ % $ $ $ 5$ $7 !9 ;5 $ $ %$ $ /4%$ $475$ $ ! 5 $$$$ /95$$$ $$$

($/$ ;5 $ $ $/$ 5$ !5$ $ 5 $ $ E $ ! ) $ $ 5 $/5 /;5 5$!$$4% $

-$ 5%$ , 5$%$ $ / $$ ;5 9$ / /7$ ! 5 40$ ! 5$ 455 $4%$9$5$$$ %$$ !$ @5$

$

$

75 40 $ 75 5$%$ ) / ! 5$ $75$ $$/75

75 40 , ;5 $ ;5 $40$ $ ! 75 $$)$$4;5 $@5B$7

75$4%$

$&$

&*#"7"

*$@ 70 $@ 5$ %7 $%$$4%$

7 8 $%$ $ 5$ 5$ @Q5$!$Q $ @5$ $%75 $ $ /@$8!$5$$75;5 $@ E$

*7$%$ ) / / ! $ 1"1") 8*&& 5 5) 75$5$ $ 4 75$;5$$5O $P

$&%

0E$$) %$

+5)%$$0$ 45 E$4%$)4 !;5)%$

$&

*"!1J8*/;B #

$&

J J1" $ $/ $%$ 5 6$ 5$ 5$55$5:5$

$

/

$/ $! 5 /E 4,-#(#;50$$@)/ $$$%$50$$/!@ 5$$9 5)$

2! / 8$$$/

A" ; [.

$!

95, .$ 9(-#)5 $75 5 5$ !7 5$ 5 ! 5 !$ $4%$

" 5) 5#$7 / ! (-#$5$5 ) 5 , ) 1 $ $7 6$ $ ;5 $/$5$$75) (#2:)*!$! ) !;5 -! ;5))$ $,!E$ 5$7/ 5$$5$%$

$$$B! (-# $ %7$;55!/ 5 !$ $4 %$ ;5 5 $E *! 5$$$B! )$5%$ !%$ 5$7 /;5$/$$7$5 $

$"

8. 6$!5$ !5%$ 5! ) 5 $B 9 7 $5$$5%$

6$ 7 8 7$ 5 !E$ 5$ 5) !5$ 5%$ 7$$$7 $ @ ) / 5! B$ $ 5$5)$ 7$$$ @$5/ 5$5$/B$ 0 !E$ $ 5$ 5 $ 5@ % 7$$ $@$7$B$5;5 75)%$7$$5$

""7 A j 6 1+ j ;5 / ! 5 47$%$) $! $/0$ ;5;5 $$ $!5$4$$$$;5H ,-#(#$;5!0 5505 $$$!

$#

3#

$ $/ $ ,-#(# $ $% $ $ 8@$ ! $$$8 %$ 5 ,-#$$8%$5) 6# $! ;5E $7@5$9;5 $ $/ 5 5 8 $ > ;5 *# /* #$ $ $/ $ ) %$ $ $/ $ $ 5 $ !$ $ ) 5 5 5$$$75$/

2:"

$"

9&!#""#"1""7 %

$$8!$4$$) !@$$B4%$5$

$"!

57$ 5;5 /7 $$%$/!6$/%$$%$7$5$ 7$E /!5$5 //$$$;55$ $$5$#9 545$;55$2H L*-$$5$$5$Q2HB;5 5! / /$5$5

$"#

, Q $ /E ! $ 4 $5%$ ! 5B$;55$8 !$!5)$.=,;5 5$$B#/4 4$!.=,!8"*$5%$

5$ E$70E$45$%$ $!;5 $$5%$ 5Q$45$% $$

E8 $!:)$ $5%$ $)

4$*0 9 5$ 4$"!5$45$$ 55$!$ 5$$5%$:9;55$$5$$5%$":

$"$

6$//*-+$;5Q !$5);55B$$E$.=,)/$5 %$5$*-+/ $5$.=,/)!9$5%$"3,+,$+4)

$"%

-!$5$/+

$"

.=,+:3 "21123

$"

*$5%$: 111

$&

# "2 31( $

$!

3,:7#"

$%$4!%

# $ $70 $%$ 5B $ $$5$Q 5 $$!@$

5$% -$/QE$5B

!4!% ;5$ Q

% ;5$/Q$5/$ $

-45$% $ M$$

$"

-K 7%$

45$

$

@$75 $$ B 5B $ $ $4 / 5B 49@ $ 5 4$ " *@$75 $ 5 5 48%$ $$*$75 %$ %$

!% & %$7$

$#

4 0$ 4%$ 5$4! % /%$ ;5 $ $4 B$ %$ $/ 4! 75@

$$

50$%$

50$75 "$

:#$$)5$;5 $$$5%$

# # This script was written by Renaud Deraison # # # See the Nessus Scripts License for details # if(description) { script_id(10079); script_version ("$Revision: 1.23 $"); script_cve_id("CAN-1999-0497"); script_name(english:"Anonymous FTP enabled", francais:"FTP anonyme activ", portugues:"FTP annimo habilitado"); script_description(english:"The FTP service allows anonymous logins. If you do not want to share data with anyone you do not know, then you should deactivate the anonymous account, since it can only cause troubles. Under most Unix system, doing : echo ftp >> /etc/ftpusers will correct this. Risk factor : Low", francais:"Le serveur FTP accepte les connections anonymes. Si vous ne souhaitez pas partager des donnes avec des inconnus, alors vous devriez dsactiver le compte anonyme, car il ne peut que vous apporter des problmes. Sur la plupart des Unix, un simple : echo ftp >> /etc/ftpusers corrigera ce problme. Facteur de risque : Faible", portugues:"O servidor FTP est permitindo login annimo. Se voc no quer compartilhar dados com pessoas que voc no conhea ento voc deve

$ $

desativar a conta anonymous (ftp), j que ela pode lhe trazer apenas problemas. Na maioria dos sistemas UNIX, fazendo: echo ftp >> /etc/ftpusers ir corrigir o problema. Fator de risco : Baixo"); script_summary(english:"Checks if the remote ftp server accepts anonymous logins", francais:"Dtermine si le serveur ftp distant accepte les logins anonymes", portugues:"Verifica se o servidor FTP remoto aceita login como anonymous"); script_category(ACT_GATHER_INFO); script_family(english:"FTP"); script_family(francais:"FTP"); script_family(portugues:"FTP"); script_copyright(english:"This script is Copyright (C) 1999 Renaud Deraison", francais:"Ce script est Copyright (C) 1999 Renaud Deraison", portugues:"Este script Copyright (C) 1999 Renaud Deraison"); script_dependencie("find_service.nes", "logins.nasl", "smtp_settings.nasl"); script_require_ports("Services/ftp", 21); exit(0); } # # The script code starts here : # port = get_kb_item("Services/ftp"); if(!port)port = 21; state = get_port_state(port); if(!state)exit(0); soc = open_sock_tcp(port); if(soc) { domain = get_kb_item("Settings/third_party_domain"); r = ftp_log_in(socket:soc, user:"anonymous", pass:string("nessus@", domain)); if(r) { security_warning(port); set_kb_item(name:"ftp/anonymous", value:TRUE); user_password = get_kb_item("ftp/password"); if(!user_password) { set_kb_item(name:"ftp/login", value:"anonymous"); set_kb_item(name:"ftp/password", value:string("nessus@", domain));

$ %

} } close(soc); }

4 U M%;507 $ $$$5 0

75$

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"A nonymous FTP enabled {nessus}"; flags:AP; content:"USER anonymous"; noca se; depth: 16; reference:CVE, CAN-1999-0497; classtype:attempted-u ser; sid:1001001; rev:1;)

7 5$$$$@ 5 5 $4 >$$)5$

5$;5$B -K $ script_cve_id("CAN-1999-0497");

4 #

$

$ -5$ ) $B%$ !9 $ $ .5$ !9 5 5 $4 ; 5 $ %$ 5$0/$ 0 5) $$ %$ 7$57 ) $7$

: #"#

$

, / $@ 5$ $! / $ $ !$

?$5$45%$! ) $ 57!

4 @!;5! ;5;5 )E 55 $!$4I?.6

7

%&

H0

740

*

%&!

-+

%&"

FI

?*?#+$) $*7

??.?I)?#+5 .

?.&?$.5 $7&7$B$

?$5#? $?#??.6#/)?5

?#

%&

((($$$!5!($4$

(#.?(#.8?$$

(#/2(#/%$2(#.8?$$(#.?

(+($4+

(*R#($$5)*$$R)$7 $#

(*#(($$/* $#7$7($ 4

(

%

.-!.IG-

#

%&$

#-.#$-$$5.7

#-$ $ $

#-*#$JJ-GJ*

###G##)$-$

#6#6$

##/)$$

#?##)?#/)

#(#($

#(.#$($4$.5!

#R-#5!R)-) 7 )$

#R(($455/ M!

#R(= $455/ M!

#

%&%

*5)*$!

*5)*5$$7

*#/*#$

--!55

%&

,5$%$$$B%$,

,>,#,/,#

6**7$5557$

6#67#

6(,,6$%$($$$,5$$ .B%$,5$$

6R*6$R$7*$/

6,6$/!,5$$)

6+(6$4+5($4($46$ 4+5

6+

Documents

Seguridad Por Niveles v001