Show Address Spoofing Networks via CLI

Document created by Heiko Ankenbrand on Jun 23, 2018Last modified by Heiko Ankenbrand on Jun 27, 2018
Version 11Show Document
  • View in full screen mode
This CLI command shows you the address spoofing networks as list and the IP settings per interface. Type this command on security gateway.

 

Last version  - command:

 

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;echo -n " VIP "; cphaprob -a if |grep %|grep -v U|grep -v D | cut -c16-| tr -d "\r\n" ;echo;echo -n " IP ";ifconfig % | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1;echo -n " Mask " ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo -en " ANTISPOOFING ENABLED:\t";more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep has_addr_info | cut -c17- | tr \) " " |sort -ng| uniq ; echo -en " ANTISPOOFING MODE:\t"; if [ `more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep monitor_only | cut -c16- | tr \) " " |sort -ng| uniq| grep -o false` ]; then echo "PREVENT"; else echo "DETECT"; fi; echo -en " ANTISPOOFING TOPO:\t"; if [ `more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep external | cut -c12- | tr \) " " |sort -ng| uniq| grep -o true` ]; then echo "External"; else echo "Internal"; fi;echo " ADDRESS SPOOFING NETWORKS:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

 

Now you can see the states of:

- ANTISPOOFING ENABLED

- ANTISPOOFING MODE

- ANTISPOOFING TOPO  

 

 

Old versions:

 

27.06.2018 change "|grep -o false" issue and add TOPO

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;echo -n " VIP "; cphaprob -a if |grep %|grep -v U|grep -v D | cut -c16-| tr -d "\r\n" ;echo;echo -n " IP ";ifconfig % | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1;echo -n " Mask " ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo -en " ANTISPOOFING ENABLED:\t";more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep has_addr_info | cut -c17- | tr \) " " |sort -ng| uniq ; echo -en " ANTISPOOFING MODE:\t"; if [ `more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep monitor_only | cut -c16- | tr \) " " |sort -ng| uniq` ]; then echo "PREVENT"; else echo "DETECT"; fi;echo " ADDRESS SPOOFING NETWORKS:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

 

27.06.2018  change"ADDRESSSPOOFING MODE" mode settings (input from Norbert Bohusch)

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;echo -n " VIP "; cphaprob -a if |grep %|grep -v U|grep -v D | cut -c16-| tr -d "\r\n" ;echo;echo -n " IP ";ifconfig % | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1;echo -n " Mask " ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo -n " ANTISPOOFING ENABLED:         ";more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep has_addr_info | cut -c17- | tr \) " " |sort -ng| uniq ; echo -n " DETECT=true or PREVENT=false: "; more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep monitor_only | cut -c16- | tr \) " " |sort -ng| uniq ;echo " ADDRESS SPOOFING NETWORKS:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

 

26.06.2018 bug with eth5

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;echo -n " VIP "; cphaprob -a if |grep %|grep -v U|grep -v D | cut -c16-| tr -d "\r\n" ;echo;echo -n " IP ";ifconfig % | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1;echo -n " Mask " ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo -n " ANTISPOOFING ENABLED: ";more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep has_addr_info | cut -c17- | tr \) " " |sort -ng| uniq ; echo -n " DETECT=true or PREVENT=false: "; more $FWDIR/state/local/FW1/local.set |grep -A 30 "eth5" | grep monitor_only | cut -c16- | tr \) " " |sort -ng| uniq ;echo " ADDRESS SPOOFING NETWORKS:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

 

 

25.06.2018 bug Ip and vip:

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;more $FWDIR/state/local/FW1/local.set | grep -A 8 %|grep ip| tr \a\d\r\:\(\) \ ;echo -n " mask    "  ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo " spoofing networks:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

 

23.06.2018  bug - no bond interface:

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v bond| grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;more $FWDIR/state/local/FW1/local.set | grep -A 8 %|grep ip| tr \a\d\r\:\(\) \ ;echo -n " mask    "  ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo " spoofing networks:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

57 people found this helpful

Attachments

    Outcomes