Tuesday, March 28, 2017

Summarized instruction of the ufw in Kali

The ufw is a front-end of Iptables, and the gufw offers a GUI for the ufw.
The instuction below shows how to install and tweak the ufw in Kali.

/* Installation: */
# apt-get update
# apt-get install gufw

/* For the first time using: */
# ufw status verbose
Status: inactive
# vi /etc/ufw/policies.rules
---------------------------------------
#!/bin/sh
ufw allow proto tcp from 192.168.1.35 to 192.168.1.38 port 25
ufw allow proto tcp from 192.168.1.189 to 192.168.1.38 port 25
ufw allow in from 192.168.172.222 comment 'Alex PC'
ufw allow ssh
ufw deny in on eth0
ufw allow out on eth0
:wq
---------------------------------------
/* Bear in mind that the rules within the policies file would be executed from the top to the bottom. */
# chmod 744 /etc/ufw/policies.rules
# /etc/ufw/policies.rules
# ufw enable

/* For automatical startup: */
# systemctl enable ufw.service

/* For seeing more detail: */
# ufw status verbose

Saturday, March 25, 2017

A Snort rule dedicated to Syn Flood

#After testing, I figured out that 1500 SYN packets per second would be an appropriate metric for determining SYN Flood.

alert tcp any any -> $HOME_NET any (flags:S; msg:"Possible SYN Flood DoS"; flow:stateless; detection_filter:track by_dst, count 1500, seconds 1; classtype:attempted-dos; sid:1000890;)

Thursday, March 16, 2017

Triggering SYN Flood and background stress traffic for NIDS test


In respect to triggering SYN Flood, Metasploit Framework directly supports.

In response to achieving tons of stress traffic in order to evaluate the performance of the tested NIDS, SlowHTTPTest could be used. An example of running SlowHTTPTest is shown as follows:

slowhttptest -c 1000 -B -g -o report -i 110 -r 200 -s 8192 -t GET -u http://test.com -x 10 -p 3