Ufw sau uncomplicated firewall

Posted May 24th, 2010. Filed under Security Stuff

Ce este UFW?

UFW sau uncomplicated firewall a fost conceput special pentru utilizatori de Ubuntu şi oferă o modalitate mult mai usora utilizatorului de nivel mediu pentru a configura iptables firewall.
De reţinut că ufw se foloseşte din ‘terminal’ şi nu este GUI ( interfaţă grafica )
Pentru cei care doresc interfaţă grafica pentru ufw pot instală gufw.

Comenzi UFW:

ufw -h

enable                          enables the firewall
disable                         disables the firewall
default ARG                     set default policy
logging LEVEL                   set logging to LEVEL
allow ARGS                      add allow rule
deny ARGS                       add deny rule
reject ARGS                     add reject rule
limit ARGS                      add limit rule
delete RULE                     delete RULE
insert NUM RULE                 insert RULE at NUM
status                          show firewall status
status numbered                 show firewall status as numbered list of RULES
status verbose                  show verbose firewall status
show ARG                        show firewall report
version                         display version information

Application profile commands:
app list                        list application profiles
app info PROFILE                show information on PROFILE
app update PROFILE              update PROFILE
app default ARG                 set default application policy

Cateva exemple de comenzi :

Să presupunem că avem următoarele ip-uri în reţeaua noastră :
192.168.2.1 – router
192.168.2.2 – Ip-ul nostru.
192.168.2.3
192.168.2.4
192.168.2.5

192.168.2.10

şi vrem ca doar 192.168.2.3 să nu poată folosi portul 22.
folosim :
ufw deny from 192.168.2.3 to any port 22

În cazul în care dorim ca celelalte ip-uri să poată folosi portul folosim :
ufw allow from 192.168.2.0/10 to any port 22

Avem portul 53 deschis (open) si dorim sa blocam acel port
ufw deny 53/tcp
ufw deny 53/udp

Ştergerea unei reguli adăugate :
ufw delete deny 53/tcp
ufw delete deny 53/udp

După ce am adăugat toate regulile dorite putem verifica dacă acestea au fost ‘memorate’ de către ufw :
ufw status verbose
exemplu :

Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
–                         ——      —-
22                         DENY IN     192.168.2.3

Multa bafta la joaca :D

Nu cred ca mai este necesar sa vorbesc despre Metasploit .Toata lumea stie ce este.
Sunt convins ca multi care au incercat metasploit au vazut ca rezultatul este fara success atunci cand windows firewall este up si porturile sunt filtrate.
Ieri am gasit pe securitytube solutia pentru voi .

“A lot of times the victim machine may have windows firewall turned on thus making exploitation of vulnerable services on the victim tough. In this video, we will look at how to workaround this restriction. The author first lures the victim to view his malicious webpage which is a riddled with a browser exploit. Once the victim gets compromised, the attacker notices that he still only has privileges of the local user. He now needs to escalate his privilege by exploiting a system program or service. To accomplish this he creates an SSH tunnel through the firewall to his machine. Using this tunnel and port forwarding he compromises the SMB service running on the victim which has privileges of the Local System. Once his privileges are escalated he enables the Remote Desktop service, creates a new user and connects to the victim machine. Game Over! ”

P.S : pc-urile celor de la FISC ( localitate la mine ) au asa ceva , trageti voi concluzia.

Video : http://securitytube.net/Hacking-through-the-Windows-Firewall-using-Metasploit-video.aspx

Powered by HaxTor | CopyWrong © 2011