Messages posted by: ndahuy

Trình duyệt Chrome mới ra lò mà mấy bác bkis đã làm thịt rồi ... kin thật ... smilie

PoC Code is in Attach file because this file is saved in 'Unicode' type for exploit.

Here is Description for this Vuln :
· Type of Issue : Buffer Overflow.
· Affected Software : Google Chrome 0.2.149.27.
· Exploitation Environment : Google Chrome (Language: Vietnamese) on Windows XP SP2.
· Impact: Remote code execution.
· Rating : Critical .
· Description :
The vulnerability is caused due to a boundary error when handling the “SaveAs” function. On saving
a malicious page with an overly long title (<title> tag in HTML), the program causes a stack-based overflow and makes
it possible for attackers to execute arbitrary code on users’ systems.
· How an attacker could exploit the issue :
To exploit the Vulnerability, a hacker might construct a specially crafted Web page, which contains malicious code.
He then tricks users into visiting his Website and convinces them to save this Page. Right after that, the code would
be executed, giving him the privilege to make use of the affected system.
· Discoverer : Le Duc Anh - SVRT - Bkis
· About SVRT :
SVRT, which is short for Security Vulnerability Research Team, is one of Bkis researching groups. SVRT specializes
in the detection, alert and announcement of security vulnerabilities in software, operating systems, network protocols
and embedded systems…
· Website : security.bkis.vn
· Mail : svrt[at]bkav.com.vn

http://milw0rm.com/sploits/2008-chrome.tgz

# milw0rm.com [2008-09-05]

Hi all,

Tôi vừa mới pass Security+ 890/900 và muốn thi CEH, nhưng khi đọc giáo trình thì tôi thấy rằng kiến thức CEH cũng giống gần 50% Security+, vậy thì tôi có nên thi tiếp CEH hay ko? Và nghe nói rằng muốn thì CEH phải có 2 năm kinh nghiệm trong ngành bảo mật. Vậy thì ai sẽ xác nhận 2 năm kinh nghiệm đó cho mình nhĩ? Một câu hỏi nữa, có bạn nào cho tôi biết hiện tại ở Việt Nam, kỹ sư bảo mật có được tôn trọng hay ko? Nếu như có một bảng khảo sát thì tốt hơn smilie

Thanks,

Cảm ơn rất nhiều, nếu pass security+ sẽ hậu tạ.

Huy,

Vài comment cho @havythoai,

1. Đây là forum về security và network administrator (quá chung chung ko đi chi tiết về security)
2. Trong bản mô tả công việc của @havythoai, mình thấy chỉ có 1 từ duy nhất liên quan nhiều đến forum này :"firewall". Nên có thể ko phù hợp với mọi người (chỉ là nhận xét cá nhân mình). Có thể sửa lại bản mô tả công việc cho phù hợp với forum :

- "Setup, update, upgrade and configure for network, servers and staff computers" and make sure that only people has suitable permission can access to server. (more challenge for the first requirement)
- "Support and solve day-to-day problems related to software installation, networking and hardware configuration", Monitoring the activity of user and network by Network Management System.
- Maintain company servers: web, database, firewall and email servers. (Secure webserver to avoid external attack, secure mail server, anti-spam, anti relay mail, secure database server)

3. Nếu @havythoai muốn tuyển QA hoặc QC thì nên liên hệ với sv năm cuối của các trường đại học có khoa CNTT, vì sinh viên thì nhận thức về công việc QA và QC chưa rõ ràng lắm. Đối với những người đã làm IT (network administrator) cho các công ty chứng khoán hoặc quỹ đầu tư, ngân hàng hay những tập đoàn đa quốc gia thì việc họ chuyển qua QA hoặc QC là rất khó khăn (mình đề cập đến vấn đề quan niệm, ko phải vấn đề khó khăn về kỹ thuật). Với những IT cho cty vừa và nhỏ thì dễ dàng hơn vì phần lớn netadmin sau khi thiết lập hệ thống nhỏ cho những cty này thì sẽ ko còn gì để làm, việc còn lại chỉ là helpdesk...
4. Cách dễ dàng nhất là có thể kéo người của các cty oursource testing khác . Nếu @havythoai làm nhân sự thì có thể tìm email của họ (google + tên cty outsource, số điện thoại liên lạc và làm gì nữa thì đó là "nghề" của nhân sự smilie

. Nếu người có thâm niên 4 hoặc 5 năm ở VN có thể họ đã lên manager (chỉ có ở VN smilie

), thì rất khó để thuyết phục những người này. (lương cao > 40%, benefit, chế độ tốt, vẫn chưa đủ, cái họ cần nhất đó là sự tôn trọng). Cách này ko làm được vì rất dễ gây xung đột và kiện cáo ...
... ... ...

Một buổi tối khó ngủ nên viết lung tung hy vọng là có thể giúp được cho u guy smilie

Chào các bạn,

Mình chroot apache server (Red hat enterprise 5) nhưng có một số vướng mắc sau.

Apache: /usr/local/apache
Chroot : /chroot/httpd

Sau khi copy tất cả các lib cần thiết và debug các lib bị thiếu thì mình ko gặp lỗi thiếu thư viện, lệnh chroot thực thi thành công không thấy báo lỗi. Tuy nhiên, mình ko thấy apache open port 80 và tạo pid trong thư mục /chroot/httpd/usr/local/apache/logs/httpd.pid ???

Mình strace thử và có một đống log mà mình ko biết nguyên nhân chính vì sao ... Có một vài lib ssl open và trả về ENENT=-1 (nhưng mình ko thấy trên syslog).

[root@ip6 ~]# chroot /chroot/httpd /usr/local/apache/bin/httpd -k stop
httpd (no pid file) not running

[root@ip6 ~]# chroot /chroot/httpd /usr/local/apache/bin/httpd -k start
(no error message ???)

[root@ip6 ~]# vi /chroot/httpd/usr/local/apache/logs/
access_log error_log www.netadmin.com/ www.netadmin.net/
(no pid file???)

[root@ip6 ~]#

Câu hỏi mình đặt ra là, theo log strace phía dưới thì file nào hoặc lib nào mình đã thiếu, cũng đã nghĩ tới vấn đề grep tất cả các lib thiếu và copy thêm nhưng vì ko thấy error message trên terminal nên ko làm.

[root@ip6 ~]# strace chroot /chroot/httpd /usr/local/apache/bin/httpd -k start

execve("/usr/sbin/chroot", ["chroot", "/chroot/httpd", "/usr/local/apache/bin/httpd", "-k", "start"], [/* 47 vars */]) = 0
brk(0) = 0x92dc000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5c000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=92370, ...}) = 0
mmap2(NULL, 92370, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f45000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000_2\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576952, ...}) = 0
mmap2(0x310000, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x310000
mmap2(0x447000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x137) = 0x447000
mmap2(0x44a000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x44a000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f44000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f446c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0x447000, 8192, PROT_READ) = 0
mprotect(0x308000, 4096, PROT_READ) = 0
munmap(0xb7f45000, 92370) = 0
brk(0) = 0x92dc000
brk(0x92fd000) = 0x92fd000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=55567600, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d44000
close(3) = 0
chroot("/chroot/httpd") = 0
chdir("/") = 0
execve("/usr/local/apache/bin/httpd", ["/usr/local/apache/bin/httpd", "-k", "start"], [/* 47 vars */]) = 0
brk(0) = 0x9f03000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fba000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/sse2/libssl.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\302"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=280464, ...}) = 0
mmap2(0x101000, 281660, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x101000
mmap2(0x142000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x40) = 0x142000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libcrypto.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libcrypto.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/apache/lib/tls/i686", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/local/apache/lib/tls/sse2/libcrypto.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/apache/lib/tls/sse2", 0xbfb480ec) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libcrypto.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/apache/lib/tls", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/local/apache/lib/i686/sse2/libcrypto.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/apache/lib/i686/sse2", 0xbfb480ec) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/i686/libcrypto.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/apache/lib/i686", 0xbfb480ec) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/sse2/libcrypto.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/apache/lib/sse2", 0xbfb480ec) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libcrypto.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\240"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1238928, ...}) = 0
mmap2(0xb79000, 1250008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb79000
mmap2(0xc95000, 73728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11c) = 0xc95000
mmap2(0xca7000, 13016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xca7000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libz.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\206"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=75284, ...}) = 0
mmap2(0x497000, 76656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x497000
mmap2(0x4a9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x4a9000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20$E\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=208344, ...}) = 0
mmap2(0x44f000, 155776, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x44f000
mmap2(0x474000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24) = 0x474000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libaprutil-1.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libaprutil-1.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libaprutil-1.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libaprutil-1.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 d\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=371905, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb9000
mmap2(NULL, 112800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x8b6000
mmap2(0x8d1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a) = 0x8d1000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libexpat.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libexpat.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libexpat.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libexpat.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240Ph\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=133120, ...}) = 0
mmap2(0x683000, 134488, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x683000
mmap2(0x6a2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e) = 0x6a2000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libapr-1.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libapr-1.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libapr-1.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libapr-1.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\212"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=546523, ...}) = 0
mmap2(NULL, 149568, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5a2000
mmap2(0x5c6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23) = 0x5c6000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libuuid.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libuuid.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libuuid.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libuuid.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P*F\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=11372, ...}) = 0
mmap2(0x462000, 12772, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x146000
mmap2(0x149000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x149000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\210"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=44088, ...}) = 0
mmap2(0x6f7000, 33356, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x6f7000
mmap2(0x6fe000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x6fe000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\6\363"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=27836, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb8000
mmap2(0x7f30000, 184636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f30000
mmap2(0x7f35000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4) = 0x7f35000
mmap2(0x7f37000, 155964, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f37000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\'H"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=125564, ...}) = 0
mmap2(0x47e000, 90592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x47e000
mmap2(0x491000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0x491000
mmap2(0x493000, 4576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x493000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\212G\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=16528, ...}) = 0
mmap2(0x478000, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x478000
mmap2(0x47a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x47a000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000_2\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1576952, ...}) = 0
mmap2(0x310000, 1295780, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x310000
mmap2(0x447000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x137) = 0x447000
mmap2(0x44a000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x44a000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libgssapi_krb5.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libgssapi_krb5.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libgssapi_krb5.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libgssapi_krb5.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360<\316"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=174508, ...}) = 0
mmap2(0xce0000, 175772, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xce0000
mmap2(0xd0a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29) = 0xd0a000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libkrb5.so.3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libkrb5.so.3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libkrb5.so.3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libkrb5.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000J\324"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=559532, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb7000
mmap2(0xd35000, 556612, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xd35000
mmap2(0xdbb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x86) = 0xdbb000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libcom_err.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libcom_err.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libcom_err.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libcom_err.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360\267"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=7720, ...}) = 0
mmap2(0xcdb000, 9132, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xcdb000
mmap2(0xcdd000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xcdd000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libk5crypto.so.3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libk5crypto.so.3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libk5crypto.so.3", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libk5crypto.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\5\321"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=157196, ...}) = 0
mmap2(0xd0d000, 155040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xd0d000
mmap2(0xd32000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25) = 0xd32000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libresolv.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libresolv.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320`\266"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=76392, ...}) = 0
mmap2(0xb64000, 75976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb64000
mmap2(0xb73000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe) = 0xb73000
mmap2(0xb75000, 6344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb75000
close(3) = 0
open("/usr/local/apache/lib/tls/i686/sse2/libkrb5support.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/i686/libkrb5support.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/tls/libkrb5support.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/local/apache/lib/libkrb5support.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\4\334"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=30596, ...}) = 0
mmap2(0xdbf000, 31848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xdbf000
mmap2(0xdc6000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xdc6000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb6000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb5000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fb59a0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb73000, 4096, PROT_READ) = 0
mprotect(0x447000, 8192, PROT_READ) = 0
mprotect(0x47a000, 4096, PROT_READ) = 0
mprotect(0x491000, 4096, PROT_READ) = 0
mprotect(0x7f35000, 4096, PROT_READ) = 0
mprotect(0x6fe000, 4096, PROT_READ) = 0
mprotect(0x474000, 4096, PROT_READ) = 0
mprotect(0x308000, 4096, PROT_READ) = 0
set_tid_address(0xb7fb59e8) = 3031
set_robust_list(0xb7fb59f0, 0xc) = 0
rt_sigaction(SIGRTMIN, {0x4823b0, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x4822c0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="ip6.test.com", ...}) = 0
brk(0) = 0x9f03000
brk(0x9f24000) = 0x9f24000
brk(0x9f46000) = 0x9f46000
brk(0x9f68000) = 0x9f68000
stat64("/usr/local/apache/conf/httpd.conf", {st_mode=S_IFREG|0755, st_size=13702, ...}) = 0
open("/usr/local/apache/conf/httpd.conf", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=13702, ...}) = 0
read(3, "#\n# This is the main Apache HTTP"..., 4096) = 4096
stat64("/usr/local/apache", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
read(3, "gure the \"default\" to be a very "..., 4096) = 4096
read(3, "h then the server will\n # req"..., 4096) = 4096
read(3, "off\n#EnableSendfile off\n\n# Suppl"..., 4096) = 1414
read(3, "", 4096) = 0
close(3) = 0
brk(0x9f89000) = 0x9f89000
stat64("/usr/local/apache/bin/suexec", {st_mode=S_IFREG|0755, st_size=11484, ...}) = 0
socket(PF_NETLINK, SOCK_RAW, 0) = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=3031, groups=00000000}, [12]) = 0
time(NULL) = 1215425390
sendto(3, "\24\0\0\0\26\0\1\3n\353qH\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0n\353qH\327\v\0\0\2\10\200\376\1\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0n\353qH\327\v\0\0\n\200\200\376\1\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0n\353qH\327\v\0\0\0\0\0\0\1\0\0\0\24\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
stat64("/usr/local/apache/htdocs", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
brk(0x9fab000) = 0x9fab000
open("/usr/local/apache/logs/httpd.pid", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("192.168.70.249")}, 16) = 0
listen(3, 511) = 0
setsockopt(3, SOL_TCP, TCP_DEFER_ACCEPT, [1], 4) = 0
pipe([4, 5]) = 0
fcntl64(4, F_GETFL) = 0 (flags O_RDONLY)
fcntl64(4, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
open("/usr/local/apache/logs/error_log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0666) = 6
dup2(6, 2) = 2
close(6) = 0
open("/usr/local/apache/logs/access_log", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0666) = 6
brk(0x9fcd000) = 0x9fcd000
time(NULL) = 1215425390
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
open("/dev/random", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
open("/dev/srandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
socket(PF_FILE, SOCK_STREAM, 0) = 7
connect(7, {sa_family=AF_FILE, path="/var/run/egd-pool"}, 19) = -1 ENOENT (No such file or directory)
close(7) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 7
connect(7, {sa_family=AF_FILE, path="/dev/egd-pool"}, 15) = -1 ENOENT (No such file or directory)
close(7) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 7
connect(7, {sa_family=AF_FILE, path="/etc/egd-pool"}, 15) = -1 ENOENT (No such file or directory)
close(7) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 7
connect(7, {sa_family=AF_FILE, path="/etc/entropy"}, 14) = -1 ENOENT (No such file or directory)
close(7) = 0
getuid32() = 0

time(NULL) = 1215425390
time(NULL) = 1215425390
semget(IPC_PRIVATE, 1, IPC_CREAT|0600) = 2293761
semctl(2293761, 0, IPC_64|SETVAL, 0xbfb487e8) = 0
geteuid32() = 0
semctl(2293761, 0, IPC_64|IPC_SET, 0xbfb487c8) = 0
gettimeofday({1215425390, 111654}, NULL) = 0
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "[Mon Jul 07 10:09:50 2008] [warn"..., 96) = 96
open("/usr/local/apache/conf/mime.types", O_RDONLY|O_LARGEFILE) = 7
fstat64(7, {st_mode=S_IFREG|0755, st_size=29430, ...}) = 0
read(7, "# This is a comment. I love comm"..., 4096) = 4096
read(7, "ation/scvp-cv-request\t\t\tscq\nappl"..., 4096) = 4096
read(7, "ion/vnd.fujitsu.oasys\t\t\toas\nappl"..., 4096) = 4096
read(7, "vnd.mophun.application\t\tmpn\nappl"..., 4096) = 4096
read(7, "-init\napplication/vnd.openoffice"..., 4096) = 4096
read(7, ".ppkg\napplication/vnd.xmpie.xlim"..., 4096) = 4096
read(7, "/vnd.octel.sbc\naudio/vnd.qcelp\na"..., 4096) = 4096
read(7, "2v\nvideo/mpeg4-generic\nvideo/mpv"..., 4096) = 758
read(7, "", 4096) = 0
close(7) = 0
close(5) = 0
close(4) = 0
stat64("/usr/local/apache/conf/httpd.conf", {st_mode=S_IFREG|0755, st_size=13702, ...}) = 0
open("/usr/local/apache/conf/httpd.conf", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0755, st_size=13702, ...}) = 0
read(4, "#\n# This is the main Apache HTTP"..., 4096) = 4096
stat64("/usr/local/apache", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
read(4, "gure the \"default\" to be a very "..., 4096) = 4096
read(4, "h then the server will\n # req"..., 4096) = 4096
read(4, "off\n#EnableSendfile off\n\n# Suppl"..., 4096) = 1414
read(4, "", 4096) = 0
close(4) = 0
chdir("/") = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7fb59e8) = 3032
--- SIGCHLD (Child exited) @ 0 (0) ---
exit_group(0) = ?

Cái này có thể gọi là a.e đang brainstorming.
Một vài thứ chưa hiểu rõ lắm nên phải tìm hiểu kĩ rồi hỏi sau
Đùng 1 cái mà hỏi thì bác "châm" chẳng bao giờ trả lời ... :0

msdn wrote:

iptables -I INPUT -p tcp -s any/0 -d 192.168.1.1 --dport 12345 -j ACCEPT

Chúc vui

TO :@commale
Hì dòng pác nêu chỉ giải quyết được 1 chiều nghĩa là nếu gửi gói tcp tới port đó thì sẽ không có reply lại được (nếu ko có dòng ngược lại thì chịu luôn, iptables 2 chiều mùh). Với lại chắc cũng ko cần cái vụ any/0 (hì nếu để trống thì mặc định rùi). E chỉ biết tới đó thui nếu có gì sai thì bác chỉnh dùm.