» Linux » Examen sur Linux » Examen 202 : Networking Administration » Section 3 » Question 16/20
16.Some network attacks use IP packets with the SYN, ACK, PSH, URG, FIN and RST options set. (This is sometimes called a “Chernobyl1 packet” or “xmas tree packet”, and crashes some operating systems.) To log all such packets received, you would use:

iptables –1 INPUT –s 0.0.0.0/0 –d 192.168.0.44/33 --protocol tcp --xmas-pkt –j LOG
iptables –1 INPUT –s 0.0.0.0/0 –d 192.168.0.44/32 --protocol tcp --cher-pkt –j LOG
iptables –1 INPUT –s 0.0.0.0/0 –d 192.168.0.44/32 --protocol tcp --cher-pkt –log
iptables –1 INPUT –s 0.0.0.0/0 –d 192.168.0.44/32 --protocol tcp --tcp-flags SYN, ACK, HSK, PSH, URG, FIN –log
iptables –1 INPUT –s 0.0.0.0/0 –d 192.168.0.44/32 --protocol tcp --tcp-flags ALL, SYN, ACK, PSH, URG, RST, FIN, -j LOG

Explanation: When using the tcp-flags option, the first argument is the flags which we should examine, written as a comma-separated list, and the second argument is a comma-separated list of flags which must be set. In this answer, we should examing ‘ALL’ flags, and the SYN, ACK, PSH, URG, RST, FIN must be set.

Reference: http://www.linuxguruz.org/iptables/howto/maniptables.html

Incorrect Answers
A: ‘Xmas-pkt’ is an invalid option.
B: “Cher-pkt’ is an invalid option.
C: “Cher-pkt’ is an invalid option.
D: This answer has the ‘ALL’ statement missing. This answer will examine the SYN, ACK, HSK, PSH, URG, FIN flags, but it doesn’t specify which flags should be set.
« Question 15 Question 17 »