编写一个程序来禁止用户(通过 MAC 地址)访问网络
我不确定这在应用程序层是否可行。是否可以编写一个程序来读取和分析数据包(可能通过它的 lua api 与wireshark连接)并禁止具有可疑网络流量的MAC地址? (将可疑网络流量定义为类似于已知攻击的数据包注入模式)
I'm not sure if this is possible at the application layer. Can a program be written to read and analyze packets (maybe interfacing with wireshark through it's lua api) and ban MAC addresses with suspicious network traffic? (defining suspicious network traffic as packet injection patterns similar to known attacks)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要一个组合 libnetfilter_queue & iptables 规则。 libnetfilter_queue 通过 Iptable 规则,将为您提供由内核数据包过滤器排队的所有数据包(在用户空间中)。然后它会等待您发送数据包的判决。
一旦你安装了 netfilter_queue 并编写了一个侦听用户态应用程序,请运行一个 iptable 规则,例如“
注意事项”,这将为你提供所有数据包,然后内核将等待你给出结论,或者如果没有用户态应用程序正在运行你可以在不同的粒度级别设置 iptables 规则,如 src IP、协议等。
一旦你确定必须禁止特定的 MAC 地址,请运行 iptables 规则,例如(从你的用户态应用程序中,你可以使用
system()
运行此 iptable 规则)netfilter_queue 上的示例程序是 此处帮助您入门。希望有帮助。
另一个警告:阅读 iptables 或询问 serverfault。涉及多个表(输入、输出、mangle、预路由、转发、nat 等),我为 iptable 规则建议的 mangle 表可能是错误的。
You would need a combination libnetfilter_queue & iptables rules. libnetfilter_queue, through an Iptable rule, would give you all the packets (in userspace) which were queued by kernel packet filter. It would then wait for you to send a verdict for the packet.
Once you have netfilter_queue installed and have written a listening userland application, run an iptable rule like
A word of caution,this will give you all the packets and the kernel would then wait for you to give a verdict or if no user land application is running will just drop it.You can set iptables rule at various levels of granularity like src IP, protocol etc.
Once you have determined that the a particular MAC address has to be banned, run an iptables rule like (from your userland application you can use
system()
to run this iptable rule)An example program on netfilter_queue is here to get you started. Hope it helps.
Another caution : Read up on iptables or ask at serverfault. There are multiple tables involved (input, output, mangle,prerouting,forward,nat etc) and I may be wrong to suggest mangle table for the iptable rule.