- FQDN is Hostname - It always stays Unique - It can part of Local Intranet Domain. eg corp, domain2
- IP Address is 4 number set , it may be static or dynamic -MAY Change if we say restart or invoke another VM
- DNS name is like Global Name
Saturday, June 19, 2021
FQDN is not same as Domain Name : IP Address vs FQDN vs DNS Name
How to Route AWS to AZURE :::: Route53 to HTTPS SSL Based Application Load Balancer Routing
Amazon S3 -> Http Listener on ALB(Level 7) Redirect to HTTPS
HTTPS Listener redirect to HTTP BackendNodes/Destination [SSL Offloading]
ALB(HTTPS Redirect) -> Node
AWS Route 53 -> Hosted Zone -> Domain URL -> Azure Application Gateway [Public IP]
Azure Application Gateway [Public IP] -> FrontEnd -> 2 Listener (HttpListener80, HttpsListener443)
APB HttpListener(80) Redirects to HTTPSListener(443)
ALB HTTPSListener does SSL Offloading and backend Rule then distributes load among the nodes at HTTP Level
SSL Offloading - eases load on Destination Nodes/Actual Server VMs so that they don't have to encrypt and decrypt
Another option is End to End SSL in which even Backend Nodes must have SSL Implanted in them at Server Level but tradeoff is that it introduces extra work at node level - encrypting/deciphering.
Install Powershell for AZURE - Azure CLI
How to install Powershell for Azure
https://www.parallels.com/blogs/ras/azure-powershell/
Set-ExecutionPolicy RemoteSigned
Install-Module -Name Az -AllowClobber
Connect-AzAccount -DeviceCode [Enter Device Code on Browser after opening it]
Friday, June 18, 2021
Add Rules Iptables
https://kerneltalks.com/virtualization/how-to-reset-iptables-to-default-settings
https://upcloud.com/community/tutorials/configure-iptables-centos/
https://forums.centos.org/viewtopic.php?t=68917
So, the structure is:
iptables -> Tables -> Chains -> Rules.
IPTABLES
- Tables
- Chains
- Rules
Refresh IPTables to factory Settings - Reset Iptables
https://kerneltalks.com/virtualization/how-to-reset-iptables-to-default-settings
https://upcloud.com/community/tutorials/configure-iptables-centos/
https://forums.centos.org/viewtopic.php?t=68917
So, the structure is:
iptables -> Tables -> Chains -> Rules.
IPTABLES
- Tables
- Chains
- Rules
In our last post, we saw iptables basics, where we learned about how iptables works, what are the policies, and how to configure iptables policies.
While working on iptables, if you get confused about policies and you need to start afresh then you need to reset iptables to default settings. By default, I mean to set accept all policy and flush any existing configured rules from settings.
In this article, we will walk through a set of commands to reset iptables to default settings. This can also be treated as how to reset firewall in Linux like ubuntu, centos, Redhat, Debian, etc. It’s a pretty simple 2 steps process.
Step 1 : Set accept all policy to all connections
Using the below set of commands you will set accept rule for all types of connections.
root@kerneltalks # iptables -P INPUT ACCEPTroot@kerneltalks # iptables -P OUTPUT ACCEPTroot@kerneltalks # iptables -P FORWARD ACCEPT |
This will confirm, iptables gonna accept all requests for all types of connections.
Step 2 : Delete all existing rules.
Using below set of commands, delete your currently configured rules from iptables.
root@kerneltalks # iptables -F INPUTroot@kerneltalks # iptables -F OUTPUTroot@kerneltalks # iptables -F FORWARD |
Or you can do it in single command –
root@kerneltalks # iptables -F |
That’s it! Your iptables are reset to default settings i.e. accept all! Now, neatly and carefully design your policies and configure them.
Persist IpTables (firewall) Linux Redhat
repoquery iptables-services
iptables-services-0:1.4.21-35.el7.x86_64
iptables-services-0:1.4.21-35.el7.x86_64
rpm -qa | grep iptables
iptables-1.4.21-33.el7.x86_64
iptables-1.4.21-33.el7.x86_64
https://kerneltalks.com/virtualization/how-to-reset-iptables-to-default-settings
https://upcloud.com/community/tutorials/configure-iptables-centos/
https://forums.centos.org/viewtopic.php?t=68917
So, the structure is:
iptables -> Tables -> Chains -> Rules.
IPTABLES
- Tables
- Chains
- Rules
sudo yum install iptables-services
Once installed, start and enable the service.
Once installed, start and enable the service.
sudo systemctl start iptables
sudo systemctl enable iptables
Afterwards, you can simply save the current rules using the following command.
sudo systemctl enable iptables
Afterwards, you can simply save the current rules using the following command.
sudo service iptables save
/etc/sysconfig/iptables
[ec2-user@ip-10-79-197-70 sysconfig]$ sudo ls | grep ip
ip6tables
ip6tables-config
iptables
iptables-config
network-scripts
ip6tables
ip6tables-config
iptables
iptables-config
network-scripts
Thursday, June 17, 2021
Linux NMAP
lsof ----- Ubuntu - Display port
netstat ---- Display Listening ports in localhost/Self
ss
Security Group is wrt - particular EC2 Instance and is "A Virtual N/w Firewall"
a firewall can be - OS Level Firewall
- Network(Router) Level Firewall
Linux OS Level Firewalls
ufw ---- firewalls in debian ubuntu distro
iptables ---- firewalls in redhat centos
nmap ---- For remote verification of ports
ncat(nc) ---- a tool of nmap which provides alternative to "netcat"
telnet -- used to talk to a port ---- 2nd Alternative
---------------------------------------------------------------------------------
https://www.cyberciti.biz/faq/how-to-check-open-ports-in-linux-using-the-cli/
---------------------------------------------------------------------------------
https://securitytrails.com/blog/nmap-commands
https://www.cyberciti.biz/faq/iptables-block-port/
https://www.tecmint.com/linux-iptables-firewall-rules-examples-commands/
https://www.journaldev.com/34113/opening-a-port-on-linux [BEST]
------------------------------------------------------------------------------------------
https://www.cybrary.it/blog/0p3n/netcat-vs-ncat-big-confusion/
Netcat - old classic library built by "Hobbit"
"ncat" is "netcat" equivalent from nmap
https://www.tecmint.com/find-open-ports-in-linux/
netstat basically tells us which port is listening
Its used in Localhost usually
netstat -np -u -t -l
-n process number
-p port number
-l listen
-t tcp
-u udp
established means live session on
TCP UDP and Sockets - 3 Types of connections
Netstat is obsolute - Use "ss" - All commands works similar as netstat
--------------------------------------------- ---------------------------------------------
For remote Use nmap
https://www.tecmint.com/nmap-command-examples/
--------------------------------------------- ---------------------------------------------
telnet [Type Telnet]
connect 10.79.196.74
ctrl+] Escape Character
status
--------------------------------------------------------------------------------------------
Debugging Telnet
Telnet works when Server is listening on that port.
https://www.cybrary.it/blog/0p3n/netcat-vs-ncat-big-confusion/
Ncat and telnet - is used as chat server to test connections.
ncat -l -p 6900 -t
telnet 127.0.0.1 6900
--------------------------------------------------------------------------------------------
https://www.baeldung.com/spring-boot-run-maven-vs-executable-jar
https://www.baeldung.com/spring-boot-change-port
---------------------------------------------------------------------------------
sudo nmap -p 22,6900,8080-8081,27017 10.79.196.74
https://www.cyberciti.biz/faq/unix-linux-check-if-port-is-in-use-command/
https://nmap.org/download.html - nmap "Zenmap UI"
nmap -sn 10.79.196.74 [Ping Scan when ping command does not work]
nmap -v 10.79.196.74 [Regular Scan, gives list of port status]
nmap -p 22,25,80,8080-8085 -v 10.79.196.74 [Explicit Port scan]
nmap -PN 10.79.196.74 -p 22,25,80,8080-8085
nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" 10.79.196.74 [Slow Comprehensive scan]
https://nmap.org/book/port-scanning.html#port-scanning-port-intro
https://www.uv.mx/personal/angelperez/files/2018/10/scanning_texto.pdf
----------------------------------------------------------------------------------
well-known ports
These are reserved ports (within the range of 1 to 1,023, as discussed above) which have been registered with the IANA for a certain service. Familiar examples are ports 22, 25, and 80 for the services SSH, SMTP, and HTTP, respectively.
registered ports
These ports fall within the range 1,024 to 49,151 and have been registered with the IANA in the same way the well known ports have. Most of these are not as commonly used as the well-known ports. The key difference is that unprivileged users can bind to these ports and thus run the services on their registered port. Users cannot do so on most platforms for well-known ports, since they reside in the reserved port range.
dynamic and/or private ports
The IANA reserves the port numbers from 49152 through 65535 for dynamic uses such as those discussed in the ephemeral ports section. Proprietary services that are only used within a company may also use these ports.
----------------------------------------------------------------------------------
open
An application is actively accepting TCP connections or UDP packets on this port. Finding these is often the primary goal of port scanning. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.
closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall so they appear in the filtered state, discussed next.
filtered
It essentially means "Blocked somewhere", It may be blocked my own Firewall
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.
unfiltered
The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.
open|filtered
closed|filtered
----------------------------------------------------------------------------------
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.79.196.74:8081.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8080
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 22
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 22
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.79.196.74:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -v 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -v 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ nmap 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:50 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC
Nmap scan report for 10.79.196.74
Host is up (0.00022s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC
Nmap scan report for 10.79.196.74
Host is up (0.00027s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 4.23 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC
Nmap scan report for 10.79.196.74
Host is up (0.00015s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -v-Pn 10.79.196.74
Invalid argument to -v: "-Pn".
QUITTING!
[ec2-user@ip-10-79-196-15 ~]$ nmap -v -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:52 UTC
Initiating Parallel DNS resolution of 1 host. at 08:52
Completed Parallel DNS resolution of 1 host. at 08:52, 0.00s elapsed
Initiating Connect Scan at 08:52
Scanning 10.79.196.74 [1000 ports]
Discovered open port 22/tcp on 10.79.196.74
Completed Connect Scan at 08:52, 6.50s elapsed (1000 total ports)
Nmap scan report for 10.79.196.74
Host is up (0.00014s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 6.53 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -v -r -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:53 UTC
Initiating Parallel DNS resolution of 1 host. at 08:53
Completed Parallel DNS resolution of 1 host. at 08:53, 0.00s elapsed
Initiating Connect Scan at 08:53
Scanning 10.79.196.74 [1000 ports]
Discovered open port 22/tcp on 10.79.196.74
Completed Connect Scan at 08:53, 6.51s elapsed (1000 total ports)
Nmap scan report for 10.79.196.74
Host is up (0.00015s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 6.53 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -v -r 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:54 UTC
Initiating Ping Scan at 08:54
Scanning 10.79.196.74 [2 ports]
Completed Ping Scan at 08:54, 3.00s elapsed (1 total hosts)
Nmap scan report for 10.79.196.74 [host down]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -r 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:54 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000031s latency).
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8080 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000033s latency).
PORT STATE SERVICE
8080/tcp filtered http-proxy
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000030s latency).
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000052s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:8080 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:57 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000034s latency).
PORT STATE SERVICE
8080/tcp filtered http-proxy
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:57 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000035s latency).
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:22 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:58 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000047s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:6900 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:58 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000049s latency).
PORT STATE SERVICE
6900/tcp closed unknown
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22,6900,8080,8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 09:00 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000052s latency).
PORT STATE SERVICE
22/tcp open ssh
6900/tcp closed unknown
8080/tcp filtered http-proxy
8081/tcp closed blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22,6900,8080,8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 09:01 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000060s latency).
PORT STATE SERVICE
22/tcp open ssh
6900/tcp closed unknown
8080/tcp filtered http-proxy
8081/tcp open blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds
[ec2-user@ip-10-79-196-15 ~]$
Subscribe to:
Posts (Atom)