编写一个程序来禁止用户(通过 MAC 地址)访问网络

发布于 2024-08-29 12:12:50 字数 117 浏览 10 评论 0原文

我不确定这在应用程序层是否可行。是否可以编写一个程序来读取和分析数据包(可能通过它的 lua api 与wireshark连接)并禁止具有可疑网络流量的MAC地址? (将可疑网络流量定义为类似于已知攻击的数据包注入模式)

I'm not sure if this is possible at the application layer. Can a program be written to read and analyze packets (maybe interfacing with wireshark through it's lua api) and ban MAC addresses with suspicious network traffic? (defining suspicious network traffic as packet injection patterns similar to known attacks)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

嘴硬脾气大 2024-09-05 12:12:50

您需要一个组合 libnetfilter_queue & iptables 规则。 libnetfilter_queue 通过 Iptable 规则,将为您提供由内核数据包过滤器排队的所有数据包(在用户空间中)。然后它会等待您发送数据包的判决。

一旦你安装了 netfilter_queue 并编写了一个侦听用户态应用程序,请运行一个 iptable 规则,例如“

iptable -t mangle -A PREROUTING -i eth0 -j NFQUEUE --queue-num 0

注意事项”,这将为你提供所有数据包,然后内核将等待你给出结论,或者如果没有用户态应用程序正在运行你可以在不同的粒度级别设置 iptables 规则,如 src IP、协议等。

一旦你确定必须禁止特定的 MAC 地址,请运行 iptables 规则,例如(从你的用户态应用程序中,你可以使用system() 运行此 iptable 规则)

iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP

netfilter_queue 上的示例程序是 此处帮助您入门。希望有帮助。

另一个警告:阅读 iptables 或询问 serverfault。涉及多个表(输入、输出、mangle、预路由、转发、nat 等),我为 iptable 规则建议的 mangle 表可能是错误的。

You would need a combination libnetfilter_queue & iptables rules. libnetfilter_queue, through an Iptable rule, would give you all the packets (in userspace) which were queued by kernel packet filter. It would then wait for you to send a verdict for the packet.

Once you have netfilter_queue installed and have written a listening userland application, run an iptable rule like

iptable -t mangle -A PREROUTING -i eth0 -j NFQUEUE --queue-num 0

A word of caution,this will give you all the packets and the kernel would then wait for you to give a verdict or if no user land application is running will just drop it.You can set iptables rule at various levels of granularity like src IP, protocol etc.

Once you have determined that the a particular MAC address has to be banned, run an iptables rule like (from your userland application you can use system() to run this iptable rule)

iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP

An example program on netfilter_queue is here to get you started. Hope it helps.

Another caution : Read up on iptables or ask at serverfault. There are multiple tables involved (input, output, mangle,prerouting,forward,nat etc) and I may be wrong to suggest mangle table for the iptable rule.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文