Computer Systems Security
COMP4108 A3
and a zip file containing the following attached:
~/.ssh/known_hosts
. On Windows with Putty I believe you just have to accept the new key when prompted.
netcat
and tcpdump
.
iptables
. When wielded by the right user the iptables framework allows for sophisticated firewall rules to be crafted. We will be just scratching the surface of what iptables allows in the second part of the assignment.man iptables
for how), then add each rule in the correct order from the script. This approach has many benefits:
nmap
, interacting with the services using netcat
and observing traffic to/from your VM and the services using tcpdump
The second portion of the assignment will have you building a firewall using iptables
to shield the dummy services.
While writing your Firewall rules in Part B you may inadvertently firewall yourself off from your VM, breaking SSH connectivity and ruining your day. Luckily iptables rules are cleared on each reboot. Normally a system administrator would ensure the firewall is recreated on each machine boot, but we have skipped this step to facilitate testing.
In the event you block yourself from accessing your VM, or otherwise get the firewall into an unknown state, you may reboot your own VM and clear the firewall. The reboot request tool will ask for your VM username/password and reboot the node that you are assigned. It will not ask for confirmation after you enter your username and password! Give the VM a minute or two to boot up, if you are still unable to access your VM after this period contact the TA.
nmap
, perform a TCP SYN
scan on your localhost
to find all of the open TCP ports. Ensure that you exhaustively check all ports and not the just most popular services. Submit both the nmap command you ran as well as the output produced.nmap
command is incredibly versatile, offering a plethora of configuration options. Most of these settings have a default that is optimized for the more common scan scenarios. Be sure to read the nmap man page to learn what some of these defaults are.
input.txt
containing a sentence of English. Using the netcat
command send input.txt over the network to each of the open ports you found in Q1. For full marks, write a bash function or script that processes the output of nmap
and uses netcat
to transmit input.txt to each of the open ports automatically. Submit your input.txt file, any commands you enter, any scripts you write, and a copy of the output generated.head
, tail
, cut
, sed
, awk
and so on) to process the nmap output.tcpdump
command, create an expression to match TCP packets that meet the following criteria:
loopback
or eth0
interface.
-i any
.
netcat
and transmitting your input file. Submit both your tcpdump command expression as well as the output generated by tcpdump when you connect with netcat.tcpdump
command that you created for the previous question such that it prints the headers and data of the packet in hex format, and outputs to a file. Submit both the tcpdump expression as well as an output file created when you test the expression.nmap
TCP FIN
scan as well as a TCP ACK
scan on localhost
. Capture the packets from both scans to a file using tcpdump
. Using exerpts from the capture file, explain the difference between the TCP FIN
and TCP ACK
scans. Submit the commands you used to run the scans, the command you used to capture the packets, and your explanation.nmap
TCP connect()
and a TCP SYN
scan on localhost
. Capture both scans to a file using tcpdump
. Using exerpts from the capture file, explain the difference between the TCP connect()
and TCP SYN
scans. Submit the commands you used to run the scans, the command you used to capture the packets, and your explanation.nmap
discovery scan on all hosts on the 192.168.122.*
network. Make sure you only perform a discovery scan and not a port scan. When scanning a large block of hosts it often makes sense to find which hosts are online using a discovery scan and then following up later with a port scan. Submit both the nmap command you ran as well as the output generated.INPUT
, OUTPUT
, and FORWARD
chains of iptables from your VM before you have added any rules. Submit the command you ran as well as the output.
INPUT
chain that drops all packets with an invalid state.INPUT
chain to allow packets with states ESTABLISHED
or RELATED
to be accepted.
NEW
state to be accepted.
echo-request
to be accepted.
iptables
commands at once. The advanced features of bash can be introduced as required. Using bash allows for anything from keeping commonly referenced IP addresses or ports in a variable to accepting command line arguments, resolving hostnames, or looking up system information as required.
iptables-save
, as well as the results of your nmap scan.NEW
stateNEW
statecomp4108
shakespeare.ccsl.carleton.ca
on port 25 from your assigned VM. Submit the new firewall rule as well as the output from your testing.telnet
command is another quick way to test a network service. Feel free to use netcat
instead of telnet
.