tmux is a terminal multiplexer.
![]() 夢想家活一身, 學無限~ 夢不息, 心不倦~ |
|
學術及資源的交流園地 ^_^ fwknop由 datahunter 在 二, 27/02/2018 - 10:10 發表最後更新: 2017-02-27 介紹
Single Packet Authorization (SPA) - modern replacement for port knocking fwknopd written in C HMAC with KEY An SPA packet is "valid" when it is authenticated via an HMAC Encrypted by a strong cipher with an expected key (Rijndael encryption mode) The fwknop client strips off any trailing "=" characters before sending an SPA packet. supports iptables, ipfw, pf iptables 上的特性 daemon relies on the iptables "comment" match in order to store the expiration time for new ACCEPT rules upon receiving a valid SPA packet. all new rules are added by fwknopd to the FWKNOP_INPUT chain to ensure separation with the rest of the iptables policy. We assume that iptables is configured in a default-drop stance for port iptables -I INPUT 1 -i eth0 -p tcp --dport 22 -j DROP A state tracking mechanism supported by the firewall can be used to keep a session established even after the rule that allows access is removed. iptables -I INPUT 1 -i eth0 -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT SPA server will only allow access to the IP that was originally encrypted within the SPA payload By default, the fwknop client sends SPA packets over UDP port 62201. 功能 Stopping Replay Attack spaserver will compare the SHA-256 digest of this packet vs. the SHA-256 digest of all previously seen and properly decrypted SPA packets. If there is a match, then fwknopd knows that a replay attack was attempted /tmp/fwknop/digest.cache # <digest> <proto> <src_ip> <src_port> <dst_ip> <dst_port> <time> DIGEST 17 s.s.s.s 58536 d.d.d.d 62201 1519636310
»
Explorer由 datahunter 在 一, 26/02/2018 - 15:16 發表
»
ipcs由 datahunter 在 一, 26/02/2018 - 12:10 發表
Different Types of IPCS
Pipes Provides a way for processes to communicate with each another by exchanging messages. Named pipes provide a way for processes running on different computer systems to communicate over the network. Shared Memory Processes can exchange values in the shared memory. One process will create a portion of memory which other process can access. Message Queue It is a structured and ordered list of memory segments where processes store or retrieve data. Semaphores POSIX semaphores allow processes and threads to synchronize their actions. A semaphore is an integer whose value is never allowed to fall below zero. Two operations can be performed on semaphores: - increment the semaphore value by one (sem_post(3)); - decrement the semaphore value by one (sem_wait(3)). If the value of a semaphore is currently zero, then a sem_wait(3) operation will block until the value becomes greater than zero. No data is passed with a semaphore; it simply coordinates access to shared resources. POSIX semaphores come in two forms: named semaphores /somename (up to 251) unnamed semaphores An unnamed semaphore does not have a name. Instead the semaphore is placed in a region of memory that is shared between multiple threads or processes
»
![]() |