5.3 KiB
POC现场:使用内置OpenVPN特征,策略无命中
| ID | Creation Date | Assignee | Status |
|---|---|---|---|
| OMPUB-544 | 2022-07-01T14:14:33.000+0800 | 刘学利 | 已关闭 |
POC演示现场,使用OpenVPN内置特征进行阻断,业主的OpenVPN正常访问,策略无命中日志 附件是对应的pcap包 以及 业主OpenVPN的配置文件liuxueli commented on 2022-07-04T14:00:10.767+0800:
zhangzhihan commented on 2022-07-11T17:52:39.101+0800:
[~liuxueli] POC现场更新 app_proto_identify-2.1.2 ,更新后openvpn依然无法拦截 [^openvpn_udp.pcap] [^openvpn_udp_pure.pcap]
liuxueli commented on 2022-07-11T19:06:06.313+0800:
- 新提供的数据包,读包能识别出openvpn,请确认openvpn的相关策略是否正确。[~zhangzhihan]
gitlab commented on 2022-07-12T17:39:45.343+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|af0c34f77a] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
gitlab commented on 2022-07-12T17:40:21.416+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/838] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
gitlab commented on 2022-07-12T17:40:24.284+0800:
[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|43c0986144] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
liuxueli commented on 2022-07-12T18:18:12.622+0800:
-
2022/0712 查看现场日志,发现加载配置报错,报错如下: ** {code:java} Tue Jul 12 16:25:58 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 Tue Jul 12 16:26:29 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38. Tue Jul 12 16:26:29 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 Tue Jul 12 16:27:00 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38. Tue Jul 12 16:27:00 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 Tue Jul 12 16:27:31 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38. Tue Jul 12 16:27:31 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 Tue Jul 12 16:28:22 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38. Tue Jul 12 16:28:22 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 Tue Jul 12 16:29:13 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38. Tue Jul 12 16:29:13 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 Tue Jul 12 16:29:50 2022, INFO, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Initiate full udpate from instance_version 0 to 38. Tue Jul 12 16:29:50 2022, FATAL, ./tsglog/maat/tsg_maat.log, MAAT_REDIS_MONITOR(2167), Invalid Redis Key List type 5 {code}
-
重启SAPP正常加载配置后,OPENVPN有阻断效果。
gitlab commented on 2022-07-12T22:24:44.441+0800:
[付明卫|https://git.mesalab.cn/fumingwei] mentioned this issue in [a commit|724fa57718] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.07-firewall-v3|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.07-firewall-v3]:{quote}更新app_proto_identify、app_sketch_local,修复:{quote}
gitlab commented on 2022-07-12T22:26:21.781+0800:
[付明卫|https://git.mesalab.cn/fumingwei] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/839] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [dev-22.07|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/dev-22.07]:{quote}2022/7/12{quote}
Attachments
29253/MMH_JP_CMP.ovpn
29533/openvpn_udp_pure.pcap
29532/openvpn_udp.pcap
29255/OpenVPN+tcpdump_mesa捕包.pcap
29254/OpenVPN+客户端捕包.cap
29267/OpenVPN+客户端捕包-1.cap