Perimeter firewall scanning for open outbound ports
One of the main principles to follow when setting up your perimeter firewall is to only allow traffic that is absolutely necessary through, and explicitly deny all other traffic.
Being able to see what ports are available on the perimeter will help you to understand the attack surface better and what ports are available for use.
Setting up the attacker machine
For this we will need an external attack box. We will setup a python listener script and redirect all traffic to port 9999.
Python listener script
Setting up the NAT forward rule
We will need to setup a NAT rule to forward all incoming traffic to port 9999 (our python listening port).
Pre-routing – This chain is applied to any incoming packet once it is entered the network stack and this chain is processed even before any routing decision has been made regarding the final destination of the packet.
-t nat: This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out).
To view the iptables rules use the following command:
Deleting the rule:
Setting up the victim machine
Using the Invoke-PortScan.ps1 module from PowerSploit you can now start the port scan against your attacker box. Any reply on the attacker box indicates that port allows outbound traffic through the firewall
Last updated