80 likes | 263 Views
IXP 425 Project Demo. Symbion SSL Proxy. It listens on a TCP port, accepts SSL connections, and forwards them to an other (local or remote) TCP port, or UNIX domain socket. Start the ssl proxy service ssl_proxy -s 443 -c 140.114.79.104:80 -m 32 -C /etc/symbion/cert.pem
E N D
Symbion SSL Proxy • It listens on a TCP port, accepts SSL connections, and forwards them to an other (local or remote) TCP port, or UNIX domain socket. • Start the ssl proxy service • ssl_proxy -s 443 -c 140.114.79.104:80 -m 32 \ -C /etc/symbion/cert.pem \ -K /etc/symbion/key.pem -U 2048 -D 8192
Demo - Symbion SSL Proxy • In client, use https://192.168.44.2/, you can see the web of rtlab.cs.nthu.edu.tw ssl no ssl Client 192.168.44.1 IXP 425 192.168.44.2 rtlab.cs.nthu.edu.tw 140.114.79.104
Snort – inline mode • Snort 的 inline 模式透過 iptables 軟體來運作 • 先由 iptables 送到由 ip_queue 模組維護的 queue 中,而 Snort 再從其中讀取封包來做比對。 • 執行前需要確定 iptables 套件以及 ip_queue 模組可以正常工作。
Snort – inline mode • Install Snort inline • http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node7.html • see 1.5.4 Installing Snort Inline • Install iptables • iptables 把要過濾的封包送到 queue 中 • iptables -A OUTPUT -p tcp --dport 80 -j QUEUE
Snort – inline mode • Start snort_inline • snort_inline -QDc ../etc/drop.conf -l /var/log/snort • -Q - Gets packets from iptables. • -D - Runs snort_inline in daemon mode. The process ID is stored at /var/run/snort_inline.pid • -c - Reads the following configuration file. • -l - Logs to the following directory.
Snort – inline mode • Configuration files • <action> <protocol> <from_ip> <from_port> <direction> <dest_ip> <dest_port> (<rules>) • see 3.2 Rules Headers • http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node16.html • see 3.5 Payload Detection Rule Options • http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node19.html • Example: (in ../etc/drop.conf ) • drop tcp any any -> 140.114.79.104 80 (content: “/slides/IXP425_project.ppt”;nocase;)
Demo – SSL Proxy + Snort • In client, use https://192.168.44.x/, you can see the web of rtlab.cs.nthu.edu.tw • But you can not download the IXP 425 Project Guide in course web site ssl no ssl Client 192.168.44.x IXP 425 192.168.44.x rtlab.cs.nthu.edu.tw 140.114.79.104