lesson 2 Flashcards
nist special publication 800-41
-security guideline recommending that you block incoming ping traffic
malicious ping
-attackers can observe the ttl values in ping replies to identify operating systems
juniper ttl value
64
linux 2.4 ttl value
255
red hat ttl value
64
mac ttl value
64
windows ttl value
128
netstat
-used to determine if a particular service is listening on a network interface
nslookup
-resolves hostnames to test dns
nmap
- network mapper
- used to fingerprint services on open ports
nmap scan types
- sS, tcp syn
- sT, tcp connect
- sU, udp
nmap -sS
- tcp syn
- default option
- doesnt complete tcp connections
- stealthy
- can identify open, closed, and filtered ports
- requires root privileges
nmap -sT
- tcp connect
- default without root privileges
- connections are completed
- connections are logged by the target
nmap -sU
- udp scan
- used to scan for udp services
- slower and more difficult to scan
nmap options
- port specification (p )
- ping scan, disable port scan (-sn)
- treat all hosts as online, skip host discovery (-Pn)
- never do dns resolution (-n)
- service fingerprinting (-sV)
- increase verbosity (-v, -vv)
- display the reasoning for nmaps’ findings (–reason)
network traffic traveling through a windows firewall can be allowed or blocked based on
- programs
- services
- protocols
- ports
- local ip
- remote ip
windows firewall profiles
- domain
- private
- public
domain windows firewall profile
- networks on which a dc could be used for authentication
- used for corporate networks
private windows firewall profile
- can be selected by the end user
- used for home networks
public windows firewall profile
- default profile
- used for public networks
netfilter
- packet filtering framework built into the linux kernel
- stateless packet filtering
- stateful packet filtering
- network address translation
- port address translation
- uses kernel hooks at which packets can be interacted with ex. ip tables
iptables
- standard firewall in many linux distributions
- used to configure and view tables of packet filter rules
iptables parts
- rules
- targets
- chains
iptables rule match characteristics
- packet protocol type
- source address
- destination address
- source port
- destination port
- network interface being used
- relation to previous packets
iptables targets
- what to do with packets that match a rule
- accept
- drop
- return
iptables chains
- collections of rules checked sequentially
- stops at first match
- input
- output
- forward
iptables default policy
- applied if a packet matches no other rules in a chain
- often set to drop to block all traffic that is not explicitly allowed by a rule
