linux_09------System scan and security policy on Linux

Source: Internet
Author: User
Tags ack

First Xie Mu class net
/**
* Linux System scanning technology
*
* Host scan, route scan, batch service scan, system security Policy (anti-SYN and DDoS attack)
*/

/**
* Host Scan
* Ping fping hping
*
* fping
* Fping Installation
* Download:
* (mkdir/services && cd/services)
* Wggethttp://www.fping.org/dist/fping-3.13.tar.gz
* Unzip:
* TAR-ZXVF./fping-3.13.tar.gz
* Installation:
* CD fping-3.13
*./configure
* Make
* Make Install
*
* fping Parameters
*-H
*-A only shows the surviving hosts
*-U only shows non-surviving hosts
*-G support for host segment mode
*-F Support File Way
*
* fping +ip1 + IP2
* Fping-g 192.168.1.1 192.168.1.255
* Fping-g 192.168.1.1/24
* fping-f filename
* fping-a-G 120.77.140.1 120.77.140.10 > Alive.log
*
*
* hping
* Support TCP/IP packet assembly with hping when ICMP packet is blocked
* hping Installation
* Download:
* wgetHttps://github.com/antirez/hping/archive/master.zip
* Unzip:
* Unzip Master.zip
* Installation:
* Error:pcap.h:no Such file or directory-dependent package required (PCAP)
* Yum List |grep Pcap
* yum-y Install "*pcap*"
* Error:net/bpf.h:no Such file or directory-> not found bpf.h
* Find/-name bpf.h
* ln-sf/usr/include/pcap/bpf.h/usr/include/net/bpf.h
*/usr/bin/ld:cannot find-ltcl-> need to be installed LTCL
* Yum List |grep tcl
* yum-y Install "*tcl*"
*./configure
* Make
* Make Strip
* Make Install
*
* Hping Parameters
* Initiate a TCP probe for a specific target
*-P port probe port of target host
*-S set TCP mode SYN packet
*-A forged IP forgery source IP, simulated DDoS attack
*
* Hping-p 22-s 121.43.156.66
* Ping 121.43.156.33
* can ping through,
* Connection on 121.43.156.66:sysctl-w net.ipv4.icmp_echo_ignore_all=1 Forbidden Ping
* Again through hping and ping find ping is not through, but hping still can pass.
*
* Crawl 120.76.140.88 packets sent over 121.43.156.66 via tcpdump-np-ieth1 SRC host 120.76.140.88
* hping-p 22-s 121.43.156.66-a 121.76.140.88
*/

/**
* Route Scan
* Query A host to another host through the number of route hops, and data latency situation
* Tracert NTR
* MTR can test the connectivity of a host to each route
*
* Tracerout
* The default already installed
* 1. The default is to use the UDP protocol (more than 30000 of the read the research port)
* 2. Using the TCP protocol-t-p
* 3. Using ICMP protocol-I.
*
* Traceroute www.baidu.com
* Traceroute-n www.baidu.com
* traceroute-t-P 80-n www.baidu.com
*
* mtr
* default is installed
* mtr www.baidu.com
* Loss Items
*
* View route hop count, drop packet condition.
*/

/**
* Bulk Host service Scan
* Purpose: Batch host survival Scan, scan for host service
* Fast access to the host's survival status in the network
* More detailed, only to obtain the Host service investigation situation
* Nmap NCAT
*
* Nmap
*-P ICMP protocol type ping scan
*-ss TCP SYN Scan TCP semi-open scan
*-st TCP Connect () scan TCP full open scan
*-SU UDP scan UDP protocol scan
*
* NMAP-SP 120.76.140.1/24 host segment scan to see the surviving hosts
* Name-ss 120.76.140.1/24 did not establish three handshake, only send SYN packets
*
* NMAP-SS 121.43.156.66 View host-enabled ports (typically scanned to 1024 and common ports)
* nmap-ss-p 0-30000 121.43.156.66 Specify scan port range
*
* nmap-st-p 0-30000 121.43.156.66 Build a full handshake to simulate real user requests
*
* NMAP-SU 121.43.156.66 effective through the firewall, but relatively slow
*
* NCAT
* Tools for safety testing
*-W Set timeout time
*-Z one input/output mode
*-v shows the command execution process
*
* * Yum-y Install NC
* Method One, based on TCP protocol (default)
* nc-v-z-w2 121.43.156.66 1-50
* Mode two, based on UDP protocol-U
* Nc-v-u-z-w2 121.43.156.66 1-50-> to wait a long time
*/

/**
* Prevention Strategy
* Common attack methods: SYN attack, DDoS attack, malicious scan
*
* SYN attack:
* The use of TCP protocol defects, resulting in system services stopped, network bandwidth ran full or slow response
* The attacking machine forges a source IP (hping-a), the target machine responds to the spoofed IP, increases the record to the backlog, but the target machine cannot get a third response,
* will continue to retry, has been waiting, backlog can not be deleted, resulting in bandwidth run-up and so on.
* 1. Increase the backlog queue length
* 2. Adjust the number of retries
* 3. Refusal of the third handshake
* DDoS attacks:
* Distributed Access denial of service (multiple access, massive access results in service response)
*
* (permanently effective need to modify the/etc/sysctl.config file, reduced to 3 times)
* Method One: Reduce the number of retries when sending Syn+ack packets
* Sysctl-w net.ipv4.tcp_synack_retries=3
* Sysctl-w net.ipv4.tcp_syn_retries=3
* Way Two: SYN Cookie Technology
* Sysctl-w Net.ipv4.tcp_syncookies=1
* Method Three: Increase the backlog queue length
* Sysctl-w net.ipv4.tcp_max_syn_backlog=2048
* This value is associated with memory.
*
* Other Preventive strategies
* 1. Turn off ICMP protocol requests
* Sysctl-w net.ipv4.icmp_echo_ignore_all=1
* 2. Deny scan by iptables mode
* iptables-a forward-p tcp-syn-m limit-limit 1/s-limit-burst 5-j ACCEPT
* iptables-a forward-p tcp-tcp-flags syn,ack,fin,rst rst-m limit-limit 1/s-j ACCEPT
* iptables-a forward-p icmp-icmp-type echo-request-m limit-limit 1/s-j ACCEPT
* (iptables follow-up)
*/

linux_09------System scan and security policy on Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.