Тема: Вопрос к Домолинку по трафику
Показать сообщение отдельно
Старый 08.11.2006, 10:04   #20   
Moderator
 
Сообщений: 782
Регистрация: 16.01.2003

avf вне форума Не в сети
af-super, лог с сервера авторизации в котором видно состав фильтра на тот момент показать? вот он:

Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] INDEX Name:'vauxkeg' Called:'' Calling:'' Nas:'c10008-a77' Nas Port Type:'Virtual' DSL:'ma1-a31 0/0/0/61:10.40'
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] PASSCHECK Cached: vauxkeg, chap accept
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS get profile name for vauxkeg from cache -> 'vauxkeg'
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS profile 'vauxkeg' not in cache, get from db
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS profile 'PF_DSL_INET_ISG' in cache
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS profile 'PF_DENY_NETBIOS' in cache
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS profile 'PF_VPDN_ISG' in cache
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS profile 'PF_VPDN_ROUTER' in cache
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] SIMUL checking 'vauxkeg' for 1, cnt=0 -> OK
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#1=permit ip host 80.82.32.9 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#2=permit tcp host 80.82.32.53 eq 80 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#3=permit ip host 80.82.32.14 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#4=deny ip host 80.82.32.10 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#5=deny ip host 80.82.32.11 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#6=deny ip host 80.82.32.19 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#7=deny ip host 80.82.32.27 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#8=permit ip 80.82.32.0 0.0.31.255 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#9=permit ip 88.83.192.0 0.0.31.255 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#10=permit tcp 64.12.0.0 0.0.255.255 eq 5190 any established}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#11=permit tcp 205.188.0.0 0.0.255.255 eq 5190 any established}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#12=permit tcp host 194.67.23.102 eq 110 any established}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#13=permit tcp host 194.67.23.111 eq 25 any established}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#14=permit tcp any eq 110 any established}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#15=permit ip host 81.19.70.1 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#16=permit ip host 87.242.123.16 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#17=permit ip host 217.16.26.159 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#18=permit ip host 84.17.243.19 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#19=permit ip host 213.248.60.195 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#20=permit tcp host 63.208.196.95 eq 443 any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair {ip:outacl#21=permit ip any any}
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair ip:vrf-id=inet
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair ip:ip-unnumbered=Loopback100
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-AVPair ip:sub-qos-policy-in=assign_mpls_exp_inet
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Framed-Routing None
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Service-Type Framed-User
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Framed-MTU 1500
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-Account-Info Avsi-net-svc
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-Account-Info Aall-inet-svc
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Cisco-Account-Info Aportal
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] OPTIONS Framed-Protocol PPP
Nov 5 10:32:24 serva radiusd: [ID 702911 local6.info] [WWYgP551] ACCT Start Current IP=88.83.204.220

обратите внимание на последнее правило permit ip any any.

А если Вы считаете, что Ваш пароль кто-то украл - прямая дорога в правоохранительные органы. Вычислить злоумышленника не составит труда, т.к. в первой строчке DSL:'ma1-a31 0/0/0/61:10.40' - это то с какого порта и по каким vpi/vci пришло соединение.

Все ходы записаны.
  Ответить с цитированием