Penetration Testing with Kali Linux OffSec
sudo iptables -I INPUT 1 -s 192.168.50.149 -j ACCEPT
|
|
sudo iptables -I INPUT 1 -s 192.168.50.149 -j ACCEPT
kali@kali:~$ sudo iptables -I OUTPUT 1 -d 192.168.50.149 -j ACCEPT 253 (Nmap, 2022), http://nmap.org/ 254 (Man7, 2017), http://man7.org/linux/man-pages/man7/raw.7.html 255 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Berkeley_sockets#Socket_API_functions 256 (netfilter, 2014), http://netfilter.org/projects/iptables/index.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 142 kali@kali:~$ sudo iptables -Z Listing 54 - Configuring our iptables rules for the scan Next, let’s generate some traffic using nmap: kali@kali:~$ nmap 192.168.50.149 Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-09 05:12 EST Nmap scan report for 192.168.50.149 Host is up (0.10s latency). Not shown: 989 closed tcp ports (conn-refused) PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl Nmap done: 1 IP address (1 host up) scanned in 10.95 seconds Listing 55 - Scanning an IP for the 1000 most popular TCP ports The scan completed and revealed a few open ports. Now let’s review some iptables statistics to get a clearer idea of how much traffic our scan generated. We can use the -v option to add some verbosity to our output, -n to enable numeric output, and -L to list the rules present in all chains. kali@kali:~$ sudo iptables -vn -L Chain INPUT (policy ACCEPT 1270 packets, 115K bytes) pkts bytes target prot opt in out source destination 1196 47972 ACCEPT all -- * * 192.168.50.149 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1264 packets, 143K bytes) pkts bytes target prot opt in out source destination 1218 72640 ACCEPT all -- * * 0.0.0.0/0 192.168.50.149 Listing 56 - Using iptables to monitor nmap traffic for a top 1000 port scan According to the output, this default 1000-port scan generated around 72 KB of traffic. Let’s use iptables -Z to zero the packet and byte counters in all chains again and run another nmap scan, this time using -p to specify all TCP ports. kali@kali:~$ Yüklə Dostları ilə paylaş:
|