Professional Documents
Culture Documents
Tech Skills - Linux Security Techniques - 5.0 Security Testing
Tech Skills - Linux Security Techniques - 5.0 Security Testing
0 Security Testing
Filename: techskills-linuxsecurity-5-1-verifying_firewall_configurations
Title: Verifying Firewall Configurations
Subtitle: Linux Security Techniques
netstat
Display active sessions
netstat -t
-t Display only TCP port
Hides all of the UNIX ports
netstat -ut
Displays TCP and UDP
Disable name resolution
netstat -tn
-n Disable IP to name resolution
Display all sessions
netstat -at
-a Show listening and non-listening sockets
What is using a port?
netstat should show what application is using the port
netstat -atp
-p Show the program name
Use sudo for the most complete information
Can also use fuser to find the process ID
sudo fuser 111/tcp
ss
ss is replacing netstat
Display listening sockets
ss -l
Provide output similar to netstat
ss -ta
ss -ua
ss -tua
Now that we know what ports are open, how can we see what the firewall is allowing?
nmap
Network MAPper
Open source utility
Freely available
https://nmap.org/
Install nmap
yum install nmap
Install zenmap GUI (Optional)
yum install https://nmap.org/dist/zenmap-7.60-1.noarch.rpm
sudo zenmap &
open
An application is actively responding to requests
closed
The port is open, but no application is listening
filtered
Packets are being blocked before reaching the port
Indicates a hardware/software firewall
Firewall is responding with a REJECT
unfiltered
Port is accessible, but nmap cannot determine if it is open/closed
A more detailed scan is required
open|filtered
nmap cannot determine if the port is open or filtered
One of them is true
Usually indicates a firewall with REJECT but a non-standard message
closed|filtered
nmap cannot determine if the port is closed or filtered
One of them is true
Usually indicates a firewall with DROP instead of REJECT