Benutzer-Werkzeuge

Webseiten-Werkzeuge


public_v6:teredo

Teredo

Miredo-Server Konfiguration unter Ubuntu

Zielkonfiguration

Miredo-Server lauscht auf
Interface: eth0
IPv4-Adr: 192.64.0.100 und 192.64.0.101

Installation

Miredo-Server installieren:

$ sudo apt-get install miredo-server
Konfiguration

Die 2. IPv4-Adr. an IF binden:

$ sudo ip -4 addr add 192.64.0.101/24

In der /etc/miredo-server.conf:

ServerBindAddress 192.64.0.100

„On the IPv6 side, no special setting should be needed. The server should simply have a working IPv6 connectivity. It must be allowed to emit ICMPv6 packets with source in range 2001:0::/32 and destination within 2000::/3.“1)

Miredo-Server Starten

$ sudo /etc/init.d/miredo-server start

Snort-Regeln zur Teredo-Erkennung:

Die ersten 2 Byte nach dem UDP-Header haben den Wert 00 01 Nach weiteren 8 Byte 'Origin Indication Header' folgt das IPv6 Paket, erkennbar am Bitmuster des Type Feld (byte_test:1,&,96,0)

policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544 
(msg:"POLICY Outbound Teredo traffic detected"; flow:to_server; 
content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12065; rev:2;)

policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any 
(msg:"POLICY Inbound Teredo traffic detected"; flow:to_server; 
content:" |01|"; depth:2; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12066; rev:3;)
policy.rules:alert udp $EXTERNAL_NET 3544 -> $HOME_NET any 
(msg:"POLICY Inbound Teredo traffic detected"; flow:to_server; 
content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12068; rev:2;)

policy.rules:alert udp $HOME_NET any -> $EXTERNAL_NET 3544 
(msg:"POLICY Outbound Teredo traffic detected"; flow:to_server; 
content:"?|FE 83 1F|"; depth:4; offset:8; byte_test:1,&,96,0; 
reference:cve,2007-3038; reference:url,www.microsoft.com/technet/security/Bulletin/MS07-038.mspx; 
classtype:policy-violation; sid:12067; rev:2;)
public_v6/teredo.txt · Zuletzt geändert: 2017/01/24 18:49 (Externe Bearbeitung)