For more secure server, we have to close some ports to users.

If need access to this ports, we can give permission to our IP address.  Please dont forget, “iptables” can be block all IP address but when you restart the server it will be clean all of this commands.

Examples:

1. Closing FTP port except xxx.xxx.xxx.xxx

iptables -t filter -I INPUT 1 -p tcp -s ! xxx.xxx.xxx.xxx –dport 21 -j REJECT –reject-with icmp-host-prohibited

2. Closing SSH port except xxx.xxx.xxx.xxx

Continue Reading…

Mount ftp shares:

1. Install required packages

apt-get install curlftpfs

2. Create directory to mount the ftp site

mkdir /mnt/my-ftpsite

3. Add the curlftpfs mount into fstab to make it mount everytime the system is started (pico /etc/fstab)

curlftpfs#{username}:{password}@{host} /mnt/my-ftpsite fuse rw,allow_other,uid={userid} 0 0

4. Mount the ftp site Continue Reading…

VMware Server is totally free. All you need is just to register your name and address to obtain a number of serial numbers.

You may get up to 100 serial numbers at a time. In VMware, there are 3 network types: bridge, nat, and host-only:

Bridge is the most powerful one but you need an extra IP address.

If you don’t have one, you might be interesting in nat or host-only. Nat seems to be better to keep your guest OS up-to-date and connected to the internet.  Nat means you can’t connect to the guest OS directly from internet so you can’t run it as a server.

Anyway, it is possible to forward port to the guest OS behind NAT

Usually, the nat configuration will be stored in a file named nat.conf located in each VMware’s network device.

For example, my host OS has vmnet8 as a nat device so there is a nat.conf as follow:

/etc/vmware/vmnet8/nat/nat.conf

Port forwarding is in section incomingtcp and incomingudp.

For example, I would like to ssh to the guest OS on port 22 through port 2222 on the host OS.

[incomingtcp]
2222 = 172.168.254.100:22

After that I have to restart VMware’s network services as below.

/usr/lib/vmware/net-services.sh restart

So now I can ssh to the guest OS as follow:

ssh -p 222 mydomain.com

BitMeter OS is a free, open-source, bandwidth monitor that works on Windows, Linux and Mac OSX.
BitMeter OS keeps track of how much you use your internet/network connection, and allows you to view this information either via a web browser,
or by using the command line tools.

The Web Interface displays various graphs and charts that show how your internet/network connection has been used over time.

The Monitor pane displays a graph that updates once each second, showing you what’s happening with your connection right now:

BitMeter OS Monitor Pane
Continue Reading…

Nmap (“Network Mapper”) is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

In addition to my list you can also check out this Comprehensive Guide to Nmap here and of course the man pages

Here are some really cool scanning techniques using Nmap:

1) Get info about remote host ports and OS detection

nmap -sS -P0 -sV -O <target>

Where < target > may be a single IP, a hostname or a subnet

-sS TCP SYN scanning (also known as half-open, or stealth scanning)

-P0 option allows you to switch off ICMP pings.

-sV option enables version detection

-O flag attempt to identify the remote operating system

Other option:

-A option enables both OS fingerprinting and version detection

-v use -v twice for more verbosity.

nmap -sS -P0 -A -v < target >

2) Get list of servers with a specific port open

nmap -sT -p 80 -oG – 192.168.1.* | grep open

Change the -p argument for the port number. See “man nmap” for different ways to specify address ranges.

3) Find all active IP addresses in a network

nmap -sP 192.168.0.*

There are several other options. This one is plain and simple.

Another option is:

nmap -sP 192.168.0.0/24

for specific  subnets

4)  Ping a range of IP addresses

nmap -sP 192.168.1.100-254

nmap accepts a wide variety of addressing notation, multiple targets/ranges, etc.

5) Find unused IPs on a given subnet

nmap -T4 -sP 192.168.2.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp

6) Scan for the Conficker virus on your LAN ect.

nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 192.168.0.1-254

replace 192.168.0.1-256 with the IP’s you want to check.

7) Scan Network for Rogue APs.

nmap -A -p1-85,113,443,8080-8100 -T4 –min-hostgroup 50 –max-rtt-timeout 2000 –initial-rtt-timeout 300 –max-retries 3 –host-timeout 20m –max-scan-delay 1000 -oA wapscan 10.0.0.0/8

I’ve used this scan to successfully find many rogue APs on a very, very large network.

8) Use a decoy while scanning ports to avoid getting caught by the sys admin

sudo nmap -sS 192.168.0.10 -D 192.168.0.2

Scan for open ports on the target device/computer (192.168.0.10) while setting up a decoy address (192.168.0.2). This will show the decoy ip address instead of your ip in targets security logs. Decoy address needs to be alive. Check the targets security log at /var/log/secure to make sure it worked.

9) List of reverse DNS records for a subnet

nmap -R -sL 209.85.229.99/27 | awk ‘{if($3==”not”)print”(“$2″) no PTR”;else print$3″ is “$2}’ | grep ‘(‘

This command uses nmap to perform reverse DNS lookups on a subnet. It produces a list of IP addresses with the corresponding PTR record for a given subnet. You can enter the subnet in CDIR notation (i.e. /24 for a Class C)). You could add “–dns-servers x.x.x.x” after the “-sL” if you need the lookups to be performed on a specific DNS server. On some installations nmap needs sudo I believe. Also I hope awk is standard on most distros.

10) How Many Linux And Windows Devices Are On Your Network?

sudo nmap -F -O 192.168.0.1-255 | grep “Running: ” > /tmp/os; echo “$(cat /tmp/os | grep Linux | wc -l) Linux device(s)”; echo “$(cat /tmp/os | grep Windows | wc -l) Window(s) devices”

Page 2 of 512345