Welcome, Guest. Please login or register.

Author Topic: Discovery ignoring netfilter?  (Read 31 times)

pato

  • Newbie
  • *
  • Posts: 2
    • View Profile
Discovery ignoring netfilter?
« on: April 20, 2018, 10:04:10 AM »
Hi all
I'm using the current Nedi 1.6.100p4, which I've installed two days ago.
This all worked fine and after some time I even discovered why the discovery took hours instead of minutes (ssh access wasn't allowed).

What disturbs me though, if I run a ./nedi.pl -p -v, I can see that nedi sends my snmp v2 strings to devices that aren't in the filter list that I've configured. Don't have any snmpv3 ones. Not sure if it also does the same with my ssh credentials.

Is this by (undocumented) design or a bug?
My netfilter:
# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
;netfilter      ^192\.168\.0|^172\.16
netfilter       ^192\.168\.0|^192\.168\.62

# To avoid networks
;netfilter      ^(?!192.168.1).*$
netfilter       .

And I see in the debug that it tries to connect to 10.10.2.50 (for example), which it shouldn't based on the netfilter.

-
pato

ascii

  • Jr. Member
  • **
  • Posts: 74
    • View Profile
Re: Discovery ignoring netfilter?
« Reply #1 on: Today at 11:53:36 AM »
i'm not sure if you realy need to escape the dots.

i use these filter and it works perfect.

Code: [Select]
netfilter 10.68.255.23[3-8]|10.68.16.8$|10.68.18.100|10.68.52.{1,3}|10.68.53.{1,3}|10.68.84.22[5-6]|10.68.14[4-7].[5-9]$|10.68.144.10$|10.72.3.{1,3}|10.72.15.{1,3}|10.72.49.1[5-8]$|10.72.99.[2,3]|10.72.4.[4,7]$|10.81.105.1[1-9]$|10.81.105.1$|10.81.220.15[1-4]|10.81.223.229|10.81.223.230|10.81.223.24[3-6]|10.81.223.254|10.81.223.16[1-9]|10.82.23.254|10.82.23.7[0-9]|10.81.64.241|10.81.64.225|10.81.64.235|10.81.92.{1,3}|10.81.172.10$|10.81.175.{1,3}|10.81.175.1[3-5][0-9]|10.81.192.1|10.81.194.73|10.81.175.[6-9][0-9]|10.81.175.1[0-2][0-9]|10.80.146.254|10.81.132.[1-5]$|10.81.134.[6-9][0-9]|10.81.134.1[0-2][0-9]|10.81.179.[6-9][0-9]|10.81.179.1[0-2][0-9]|10.80.140.[1-5]$|10.80.142.[6-9][0-9]|10.80.142.1[0-2][0-9]|10.80.148.[1-5]$|10.80.150.[6-9][0-9]|10.80.150.1[0-2][0-9]|10.81.128.[1-5]$|10.81.130.[6-9][0-9]|10.81.130.1[0-2][0-9]|10.80.49.[1-5]$|10.80.51.[6-9][0-9]|10.80.51.1[0-2][0-9]|10.80.105.[6-9][0-9]|10.80.105.1[0-2][0-9]|10.81.177.5$|10.80.100.[1-5]$|10.80.102.[6-9][0-9]|10.80.102.1[0-2][0-9]|10.80.136.[1-5]$|10.80.138.[6-9][0-9]|10.80.138.1[0-2][0-9]|10.80.39.[1-5]$|10.80.41.[6-9][0-9]|10.80.41.1[0-2][0-9]|10.80.108.[1-5]$|10.80.110.[6-9][0-9]|10.81.116.[1-5]$|10.81.118.[6-9][0-9]|10.81.118.1[0-2][0-9]|10.80.60.[1-5]$|10.80.62.[6-9][0-9]|10.80.62.1[0-2][0-9]|10.81.111.[1-5]$|10.81.113.[6-9][0-9]|10.81.113.1[0-2][0-9]|10.81.121.[1-5]$|10.81.123.[6-9][0-9]|10.81.123.1[0-2][0-9]|10.80.54.[1-5]$|10.80.56.[60-99]|10.80.56.1[0-29]|10.240.16.62$|10.80.254.249|10.80.254.245|10.72.243.246|10.72.129.20$|10.80.99.121|10.80.23.19[3-9]|10.80.23.2[0-29]|10.80.3.190|10.80.3.13[0-9]|10.80.181.19[3-9]|10.80.181.20[0-9]|10.80.17.[1-9]$|10.80.17.1[0-9]$|10.81.215.254|10.96.1.[0-99]|10.96.1.1[0-27]|10.80.167.[0-99]|10.80.167.1[0-27]|10.80.159.[0-99]|10.80.159.1[0-27]|10.80.32.254|10.81.240.5$|10.81.240.9$|10.80.202.254|10.80.202.66|10.81.191.254|10.81.191.7[0-9]|10.80.47.66|10.80.47.254|10.34.60.20$|10.34.94.10$|149.216.32.176|10.80.27.254|10.80.15.17[1-4]|10.80.22.4$|10.80.15.206|10.80.98.254|10.80.97.254

pato

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Discovery ignoring netfilter?
« Reply #2 on: Today at 03:46:40 PM »
That's how it is shown in the config file.
And you are sure that the credentials aren't sent to other devices if you do a -p discovery?
You need to enable -v (verbose) mode to actually see it.