1 / 8

IXP 425 Project Demo

IXP 425 Project Demo. Symbion SSL Proxy. It listens on a TCP port, accepts SSL connections, and forwards them to an other (local or remote) TCP port, or UNIX domain socket. Start the ssl proxy service ssl_proxy -s 443 -c 140.114.79.104:80 -m 32 -C /etc/symbion/cert.pem

caldwell-dunlap
Download Presentation

IXP 425 Project Demo

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IXP 425 Project Demo

  2. Symbion SSL Proxy • It listens on a TCP port, accepts SSL connections, and forwards them to an other (local or remote) TCP port, or UNIX domain socket. • Start the ssl proxy service • ssl_proxy -s 443 -c 140.114.79.104:80 -m 32 \ -C /etc/symbion/cert.pem \ -K /etc/symbion/key.pem -U 2048 -D 8192

  3. Demo - Symbion SSL Proxy • In client, use https://192.168.44.2/, you can see the web of rtlab.cs.nthu.edu.tw ssl no ssl Client 192.168.44.1 IXP 425 192.168.44.2 rtlab.cs.nthu.edu.tw 140.114.79.104

  4. Snort – inline mode • Snort 的 inline 模式透過 iptables 軟體來運作 • 先由 iptables 送到由 ip_queue 模組維護的 queue 中,而 Snort 再從其中讀取封包來做比對。 • 執行前需要確定 iptables 套件以及 ip_queue 模組可以正常工作。

  5. Snort – inline mode • Install Snort inline • http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node7.html • see 1.5.4 Installing Snort Inline • Install iptables • iptables 把要過濾的封包送到 queue 中 • iptables -A OUTPUT -p tcp --dport 80 -j QUEUE

  6. Snort – inline mode • Start snort_inline • snort_inline -QDc ../etc/drop.conf -l /var/log/snort • -Q - Gets packets from iptables. • -D - Runs snort_inline in daemon mode. The process ID is stored at /var/run/snort_inline.pid • -c - Reads the following configuration file. • -l - Logs to the following directory.

  7. Snort – inline mode • Configuration files • <action> <protocol> <from_ip> <from_port> <direction> <dest_ip> <dest_port> (<rules>) • see 3.2 Rules Headers • http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node16.html • see 3.5 Payload Detection Rule Options • http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node19.html • Example: (in ../etc/drop.conf ) • drop tcp any any -> 140.114.79.104 80 (content: “/slides/IXP425_project.ppt”;nocase;)

  8. Demo – SSL Proxy + Snort • In client, use https://192.168.44.x/, you can see the web of rtlab.cs.nthu.edu.tw • But you can not download the IXP 425 Project Guide in course web site ssl no ssl Client 192.168.44.x IXP 425 192.168.44.x rtlab.cs.nthu.edu.tw 140.114.79.104

More Related