{"id":377,"date":"2013-08-15T02:29:01","date_gmt":"2013-08-14T23:29:01","guid":{"rendered":"http:\/\/www.linux-destek.com\/?p=377"},"modified":"2013-08-15T02:29:01","modified_gmt":"2013-08-14T23:29:01","slug":"linux-iptables-ile-ultrasurf-engelleme","status":"publish","type":"post","link":"https:\/\/www.48k.com.tr\/linux-iptables-ile-ultrasurf-engelleme\/","title":{"rendered":"Linux iptables ile ultrasurf engelleme"},"content":{"rendered":"

\"\"<\/a>Pfsense kurup network\u00fcn\u00fc y\u00f6netmekte oldu\u011fum m\u00fc\u015fterimin bir g\u00fcn bana \u00e7\u0131lg\u0131ncas\u0131na “ultrasurf diye bi\u015fey bulmu\u015flar her yere giriyorlarrrrrrr!” \u015feklinde asabi hayk\u0131r\u0131\u015f\u0131 akabinde pfsense’de nas\u0131l ultrasurf engellenir diye ara\u015ft\u0131rmaya koyuldum.Gece saat 3.Sonu\u00e7 yok.Zaten forum.pfsense’deki kullan\u0131c\u0131larda uyumakta.Ben \u00e7aresiz!<\/p>\n

Bu google’\u0131n b\u00fcy\u00fck i\u015fler yapt\u0131\u011f\u0131n\u0131 kabul ediyorum ama yine de pek sevemiyorum.Ancak google veya “arama motoru” olmasayd\u0131 bu i\u015fler nas\u0131l hallolurdu bilemiyorum.<\/p>\n

Ararken tararken k\u0131sa bir ipucu buldum.http:\/\/pere.bocairent.net\/?p=57<\/a><\/p>\n

Yaz\u0131n\u0131n tarihini g\u00f6r\u00fcnce ultrasurf’\u00e7\u00fclerin bu i\u015fi de\u011fi\u015ftirmi\u015f oldu\u011funu d\u00fc\u015f\u00fcnd\u00fcm.M\u00fc\u015fterimin networkunda bir pc ye wireshark kurdum.Ayn\u0131 pc de ultrasurf’\u00fc \u00e7al\u0131\u015ft\u0131rd\u0131m.Tahmin etti\u011fim gibi hex kodu de\u011fi\u015fmi\u015fti.<\/p>\n

A\u011f ge\u00e7idi olarak \u00e7al\u0131\u015fan pfsense ‘e snort kurdum.Hex kodunu kullanarak uygun bir kural yazd\u0131m.Evet.Kural match!Fekat?<\/p>\n

\u00c7ok da u\u011fra\u015ft\u0131\u011f\u0131m\u0131 s\u00f6yleyemem ama snort kural\u0131 tan\u0131d\u0131\u011f\u0131 halde drop etmiyor.Hay bin kunduz!D\u00f6nd\u00fck Baba Oca\u011f\u0131na!<\/p>\n

Sonu\u00e7 olarak a\u011f ge\u00e7idine bir de linux ekleyerek bu i\u015f \u00e7\u00f6z\u00fcld\u00fc.Hem de tek bir iptables sat\u0131r\u0131yla…<\/p>\n

iptables -I FORWARD -m tcp -p tcp –dport 443 -m string –to 256 –hex-string ‘|16030000610100005d0300|’ –algo bm -j DROP<\/p>\n

 <\/p>\n

Not:<\/strong> Bu \u00e7\u00f6z\u00fcm indirdi\u011finiz ultrasurf paketine g\u00f6re de\u011fi\u015febilir.Benim g\u00fcncel olarak denedi\u011fim u1301.exe.Sanyorum 13.01 versiyonu.Yukar\u0131daki linke bakarsan\u0131z wiresharkta dikkat \u00e7ekilmi\u015f SSL Handshake esnas\u0131ndaki paketindekin i\u00e7eri\u011fine g\u00f6re iptablestaki hex sat\u0131r\u0131n\u0131 de\u011fi\u015ftirebilirsiniz.<\/p>\n

Not2:<\/strong> Bu metallica ve more beer da neyin nesi diyenlere..yaz\u0131y\u0131 yazarken bira i\u00e7iyordum.akl\u0131ma \u00f6ylesine geliverdi.<\/p>\n

Not3:<\/strong> Kopyala yap\u0131\u015ft\u0131r olmasayd\u0131 sysadmin nas\u0131l olunurdu?<\/p>\n","protected":false},"excerpt":{"rendered":"

Pfsense kurup network\u00fcn\u00fc y\u00f6netmekte oldu\u011fum m\u00fc\u015fterimin bir g\u00fcn bana \u00e7\u0131lg\u0131ncas\u0131na “ultrasurf diye bi\u015fey bulmu\u015flar her yere giriyorlarrrrrrr!” \u015feklinde asabi hayk\u0131r\u0131\u015f\u0131 akabinde pfsense’de nas\u0131l ultrasurf engellenir diye ara\u015ft\u0131rmaya koyuldum.Gece saat 3.Sonu\u00e7 yok.Zaten forum.pfsense’deki kullan\u0131c\u0131larda uyumakta.Ben \u00e7aresiz! Bu google’\u0131n b\u00fcy\u00fck i\u015fler yapt\u0131\u011f\u0131n\u0131 kabul ediyorum ama yine de pek sevemiyorum.Ancak google veya “arama motoru” olmasayd\u0131 bu i\u015fler nas\u0131l […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[301,438],"tags":[440,441,442],"class_list":["post-377","post","type-post","status-publish","format-standard","hentry","category-ag-uygulamalari","category-yasasin-tam-bagimsiz-debian-ve-turevleri","tag-iptables-engelleme","tag-pfsense","tag-ultrasurf"],"_links":{"self":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/posts\/377"}],"collection":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/comments?post=377"}],"version-history":[{"count":0,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/posts\/377\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/media?parent=377"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/categories?post=377"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.48k.com.tr\/wp-json\/wp\/v2\/tags?post=377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}