FACULTY OF INFORMATICS AND COMPUTING

BACHELOR OF COMPUTER SCIENCES (COMPUTER NETWORK SECURITY)

CSA23203
NETWORK TECHNOLOGY SECURITY AND COMMUNICATION

ASSIGNMENT GROUP: FIREWALL

PREPARED FOR: AHMAD FAISAL AMRI BIN ABIDIN @ BHARUN

PREPARED BY:

NAME MATRIC NUMBER

MUHAMMAD SYABIL BIN MOHD 061575

ZAINOR

MUHAMMAD AYEMAN BIN SYED 060157

SULTAN

MUHAMMAD IRFAN BIN CHE 060283

KHAIRUDDIN

MUHAMMAD WALDAN BIN MOHD 060569

KAMALRUDDIN

HAITHAM BIN MUHAMMAD HARON 060109

HUSAINI
1. OVERVIEW

A firewall is a network security device that analyzes incoming and outgoing network traffic and
determines whether specific traffic should be allowed or blocked based on a set of security rules.
For more than 25 years, firewalls have served as the first line of defense in network security.
They create a barrier between secure, controlled internal networks that can be trusted and
untrustworthy external networks like the Internet. The most significant distinction between
Windows Firewall and Linux Firewall is how they manage connections with other devices and
apps. By implementing rules based on specified criteria or settings, both systems can prevent
unwanted access. Linux Firewall is managed with Netfilter Linux kernel subsystem, which
allows the firewall administrator to set up policies for incoming connections. Meanwhile,
Windows Firewall operates differently because it’s controlled by a program that runs in user
mode.

2. GOAL

For this assignment, we have configured and installed iptables as the firewall on Ubuntu. Iptables
is a Linux-based firewall application that offers a lot of flexibility. Iptables is a command-line
firewall that allows or blocks traffic using policy chains. When a connection attempts to establish
itself on the system, iptables searches its rule list for a match. If none is found, it falls back on
the default action. We need to configure iptables by using its command line to block FTP, Telnet
and HTTP by choosing either to REJECT or DROP the packet. To test whether the rules in
iptables are configured correctly or not, we need to test it by using a hacking tool which is Nmap
or Zenmap. Nmap, short for Network Mapper, is a free and open source tool used for
vulnerability checking, port scanning and, of course, network mapping. To deploy Nmap, users
originally had to have some advanced programming skills, or at least know their way around
console commands or non-graphical interfaces. That changed recently with the introduction of
the Zenmap tool for Nmap, which adds a graphical interface that makes launching the program
and analyzing the returned output it generates much more accessible.
3. EXPERIMENTATION

Iptables is a user-space utility software that enables a system administrator to configure the
Linux kernel firewall's IP packet filter rules. The filters are arranged in tables that contain chains
of rules that determine how network traffic packets are handled. On Linux, Netfilter is the
firewall framework, and Iptables is the tool that manages and controls Netfilter. Iptables can
filter and route network packets as well as filter and route incoming and outgoing packets.

STEP 1: Installing iptables

Iptables was installed by executing the command as shown below.

sudo apt-get update

sudo apt-get install iptables

Figure 1

STEP 2: Check status

The status of current iptables configuration was checked by executing the command below.

sudo iptables -L -v
 Figure 2

3.1 REJECT AND DROP COMMAND

Reject command
- Reject command prohibits packets from passing through the firewall. But, the main
difference between them is the response message. This reject command sends an error
message back to the source indicating a connection failure.
Drop command
- Drop command prohibits packets from passing through the firewall. This Drop command
can be used to drop the packets silently and block the packets to send to client and server.

3.2 DROP PACKETS FROM SPECIFIC SOURCE PORTS

a) DROP FTP PORT 21

- To prohibit the packets from passing through the firewall and to disable the FTP access
on the server.

b) DROP TELNET PORT 23

- To prohibit the packets from passing through the firewall and this command is used to
block outgoing traffic.

c) DROP HTTP PORT 80

- To block connection with the HTTP server and prohibit the packets from passing through
the firewall.
STEP 3: Filtering packets based on the source ports of FTP, Telnet, and HTTP with INPUT
chain
The packets from the source ports of FTP, Telnet, and HTTP with the INPUT chain were
dropped by executing command as shown below.

sudo iptables -A INPUT -p tcp –dport 21 -j DROP

sudo iptables -A INPUT -p tcp –dport 23 -j DROP
sudo iptables -A INPUT -p tcp –dport 80 -j DROP

Figure 3

STEP 4: Check status of DROP packets with INPUT chain command

The status of current iptables configuration to ensure DROP packets with INPUT chain
command is successful was checked by executing the command below.

sudo iptables -L -v

Figure 4

STEP 5: Filtering packets based on the source ports of FTP, Telnet, and HTTP with
FORWARD chain
The packets from the source ports of FTP, Telnet, and HTTP with the FORWARD chain were
dropped by executing command as shown below.

sudo iptables -A FORWARD -p tcp –dport 21 -j DROP

sudo iptables -A FORWARD -p tcp –dport 23 -j DROP
sudo iptables -A FORWARD -p tcp –dport 80 -j DROP

Figure 5
STEP 6: Check status of DROP packets with FORWARD chain command
The status of current iptables configuration to ensure DROP packets with FORWARD chain
command is successful was checked by executing the command below.

sudo iptables -L -v

Figure 6

STEP 7: Filtering packets based on the source ports of FTP, Telnet, and HTTP with
OUTPUT chain
The packets from the source ports of FTP, Telnet, and HTTP with the OUTPUT chain were
dropped by executing command as shown below.

sudo iptables -A OUTPUT -p tcp –dport 21 -j DROP

sudo iptables -A OUTPUT -p tcp –dport 23 -j DROP
sudo iptables -A OUTPUT -p tcp –dport 80 -j DROP

Figure 7

STEP 8: Check status of DROP packets with OUTPUT chain command

The status of current iptables configuration to ensure DROP packets with OUTPUT chain
command is successful was checked by executing the command below.

sudo iptables -L -v
 Figure 8

STEP 9: Save configurations

Current configurations for DROP packets with INPUT, FORWARD, and OUTPUT chains
commands were saved by executing the command as shown below.

sudo /sbin/iptables-save

Figure 9

STEP 10: Identify IP address to hack

The IP address for the targeted device was found by opening the Activities overview and typing
the “Settings”. Next, “Settings” was clicked. Then, as the device was connected using Wi-Fi,
“Wi-Fi” was clicked in the sidebar to open the panel. After that, was clicked for the IP
address and more details on your connection. The new tab shows the details of your IP address,
including IPv4 and IPv6 addresses. Examples of retrieved details for targeted device can be refer
to figure below.

Figure 10

STEP 11: Execute Intense Scan on Zenmap for hacking session

Intense Scan was executed on the targeted device by utilizing Zenmap using command of “nmap
-T4 -A -v" with IPv4 address for the targeted device being put at the end of the command as
shown in the figure below. The scan should be reasonably quick most of the time, scan the most
common TCP ports. It will make an effort in determining the OS type and what services and
their versions are running.

This is due to the use of a rather quick timing template (-T4) and the (-A) option, which attempts
to ascertain services, versions, and OS. The verbose output (-v) will also provide us with a lot of
information as Zenmap progresses through the scan

As can be seen from the figure below, the results of the scan shows the current state of the source
ports for FTP, Telnet, and HTTP. The STATE for the listed ports was labeled as “filtered” which
means that a firewall, filter, or other network obstacle is blocking the port so that Zenmap cannot
tell whether it is open or closed.
 Figure 11

STEP 12: Execute TCP SYN Connect Scan on Zenmap for hacking session
TCP SYN Connect Scan was executed on the targeted device by utilizing Zenmap using
command of “nmap -Ss -v -v -Pn" with IPv4 address for the targeted device being put at the end
of the command as shown in the figure below.

TCP SYN Scan was performed due to (-Ss). This just means that Zenmap will send a TCP SYN
packet just like any normal application would do. If the port is open the application must reply
with SYN/ACK, however to prevent half open connections Zenmap will send a RST to tear
down the connection again.

The verbose output (-v) will also provide us with a lot of information as Zenmap progresses
through the scan. While, the (-Pn) option is to assume the host is up thus skipping the host
discovery phase.

As can be seen from the figure below, the results of the scan shows the current state of the source
ports for FTP, Telnet, and HTTP. The STATE was shown as “filtered” and the REASON was
shown “no-response”. This is due to the DROP packets command that we had executed earlier
on. This command was proven to be successful for blocking the incoming packets that was send
to the targeted device as an attempt to flood it with packets.
 Figure 12

STEP 13: Continuous attempts to prove the command was successful

Multiple attempts of TCP SYN Scan were executed to prove the DROP command was
successful. As can be seen from multiple figures below, the number of packets send increased
with each scan performed, but all managed to be dropped due to the DROP command that has
been implemented.

Figure 13

Figure 14

Figure 15
4. CONCLUSION

The predominant firewall of Linux is iptable. In general, an iptables ruleset is processed by the
Linux kernel for each packet comparably to a batch program: rules are evaluated sequentially,
but the action (sometimes called target) is only applied if the packet matches the criteria of the
rule. A list of rules is called a chain. Ultimately, the Linux kernel needs to determine whether to
ACCEPT or DROP the packet, hence, those are the common actions. Further possible actions
include jumping to other chains and continue processing from there.Our tool Zenmap supports
the Linux iptables firewall because it is widely used and well-known for its vast amount of
features.Lastly, we have blocked http,FTP and telnet incoming and outgoing, and double checked
with using Zenmap.

5. REFERENCES

1. Brown, K. (2014, February 6). The Beginner’s Guide to iptables, the Linux Firewall.
Retrieved May 25, 2022, from How-To Geek website:
https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/

2. iptables - Unix, Linux Command. (2022). Retrieved May 25, 2022, from
Tutorialspoint.com website: https://www.tutorialspoint.com/unix_commands/iptables.htm

3. KALI – How to configure IPTABLES to block Telnet and FTP – The Visual Guide.
(2013, August 16). Retrieved May 25, 2022, from University of South Wales: Cyber
University of the year: Three years running: 2019, 2020, 2021 website:
https://uwnthesis.wordpress.com/2013/08/16/kali-how-to-set-up-iptables-to-block-telnet-
and-ftp/

4. Heyan Maurya. (2020, October 28). How to install Zenmap Nmap GUI on Ubuntu 20.04
LTS. Retrieved May 25, 2022, from Linux Shout website:
https://www.how2shout.com/linux/install-zenmap-nmap-gui-on-ubuntu-20-04-lts-linux/

5. Bypassing Firewall Rules | Nmap Network Scanning. (2022). Retrieved May 25, 2022,
from Nmap.org website: https://nmap.org/book/firewall-subversion.html