Sunday, 22 January 2012

Protect internet

SOPA and PIPA

The PROTECT IP Act (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA) is a proposed law with the stated goal of giving the US government and copyright holders additional tools to curb access to "rogue websites dedicated to infringing or counterfeit goods", especially those registered outside the U.S. The bill was introduced on May 12, 2011, by Senator Patrick Leahy (D-VT) and 11 bipartisan co-sponsors. TheCongressional Budget Office estimated that implementation of the bill would cost the federal government $47 million through 2016, to cover enforcement costs and the hiring and training of 22 new special agents and 26 support staff. The Senate Judiciary Committee passed the bill, but Senator Ron Wyden (D-OR) placed a hold on it

The Stop Online Piracy Act (SOPA) is a United States bill proposed by U.S. Representative Lamar S. Smith (Republican) to expand the ability of U.S. law enforcement to fight online trafficking in copyrighted intellectual property andcounterfeit goods. Provisions include the requesting of court-orders to bar advertising networks and payment facilities from conducting business with infringing websites, and search engines from linking to the sites, and court orders requiring Internet service providers (ISP) to block access to the sites. The law would expand existing criminal laws to include streaming of copyright material, imposing a maximum penalty of five years in prison.

Can we allow it ??

--> YES or No. decide after reading the above info.

according to me :

It will affect us the user of internet only. Never bring extreme politics into internet fields.

The Internet went silent on Wednesday, and Washington noticed.

OK, not the whole Internet, but on Wednesday several of its biggest players -- Google, Wikipedia and Reddit, to name just a few -- took part in a protest over two bills designed to protect copyright holders from Internet piracy, particularly in instances in which the piracy takes place overseas. The bills, which are heavily backed by entertainment industry trade groups like the Motion Picture Association of America and the Recording Industry Association of America, would give copyright holders and prosecutors the ability to pursue international websites that steal content.

Since the Stop Online Piracy Act in the House and the Protect IP Act in the Senate were introduced last year, tech companies and many of their users have been complaining that the bills were too broad. The protests reached a peak on Wednesday, when several major sites, like Wikipedia and Reddit, shut down for 24 hours while others, like Google, blacked out portions of their home pages; most of those sites also offered links to sign petitions or email Congress to express their outrage over the proposals.






What the bills do:
The entertainment industry was looking for ammunition to go after international content thieves, and SOPA/PIPA would have given them a way to do it. Because direct enforcement is tough, even in countries with whom the United States has strong trade agreements, the bills would have focused on ad networks and payment facilitators -- credit card companies and others, like PayPal, that process payments for online goods -- preventing them from doing business with violators. The bills also would have forced search sites, like Google or Yahoo, to stop listing violators.
Who liked them:
The entertainment industry, mostly. Movie and music giants say they lose huge amounts of potential revenue because of the sale and distribution of pirated content. Pharmaceutical companies also supported the bills, as they could have helped stop the flow of bootleg drugs into the United States. And the bills had the enthusiastic support of the U.S. Chamber of Commerce.
Who did not:
Pretty much the entire Internet. Opponents said the bills made it too easy to for content producers to bring legal action against domestic interests -- search sites or aggregators with user-submitted content -- even if the source of the pirated material was from another country. The management of sites that featured user-submitted content said they would be forced to closely monitor their submissions, a situation that would quickly become impossible for a large site like YouTube, which receives 48 hours worth of video every minute. Search sites said de-listing violators could force those companies to re-write the code that drives the searches, a change that could have far-reaching consequences for the basic operation of the Internet. Finally, the Internet companies continued to be concerned about being held liable should other enforcement actions fail. And the broader concerns? Those dealt with freedom of expression, halting development and potentially stunting business growth.
What's next:
It's hard to say whether SOPA/PIPA will be amended or scrapped in favor of new legislation, but even as the bill's authors announced they were being pulled on Friday, they said the efforts to protect intellectual property would continue.

As you read the above stuff now decide you want SOPA/PIPA ..
-information taken from wikipedia and few other website.
-Thanks for reading through the blog. Please follow the blog by singing in guys.

Sunday, 8 January 2012

Iptables

Iptables

operating system -   Linux
type -    filter 
license - GNU general public license  

How to convert your Linux box into firewall ?

what are Iptables ?
- Iptables is used to set up, maintain, and inspect the tables of Ipv4 packet filtering rules in the Linux kernel. Several different tables may be defined. Each table contains number of built-in chains and may also contain user defined chains.

Basically Linux firewall is called Iptables
 


OK know you have a doubt what are chains  
-Each chain is a set of rules which can match a set of packets.

 
-Each rule specifies what to do with a packet that falls into our rule list.  

Those packets are called the 'target',


Features of Iptables 

1. Filtering - blocking unwanted traffic). You can filter incoming and outgoing traffic by user, group, time/date, or service (application).


2. NAT (Routing) - If your computer has two or more network cards (or if you are using virtualization ) you can use a spare computer as a router, one network card connected to the Internet and the other to your LAN with iptables monitoring and filtering traffic.

3.  Logging (monitoring) network traffic.

if you are interested check Wikipedia - Comparison of firewalls ..

Your firewall, Iptables, is configured either from the command line (usually with a script) or a configuration tool ( UFW, GUFW, Firestarter, guard dog, Shorewall, etc). Unfortunately many of the graphical configuration tools do not offer all the available options, let alone explain the options (Guard dog is an exception to this generalization).

Configuring iptables requires at least a basic understanding of network protocols, that is one must know a little about networking protocols, servers, and ports to grasp iptables. So that you can build a strong firewall !!

Believe me friends working with Iptables is real fun! Its my own experience !
even you people will experience it !

If you simply wish to maintain a blacklist you can look at tools such as denyhosts and fail2ban. There is also a GUI tool "iplist".

                How to iplist  --> thanks uljanow

You should know the basics of networking concept to build a strong firewall.

 Like knowing TCP, UDP, ICMP protocols and about services ( /etc/services ).

Check out links for networking basic concepts !


You can see all services in your linux machine by

                                                      gedit /etc/services                                                          


Obviously the list be very long, so use the knowledge of Linux cmd "grep to see about a particular port

                                                    grep telnet /etc/services                


And use the scanning tool to grasp whatever information you want.

Tool -
           Nmap, Shields up
           netstat, lsof (scanning local machine)

Shields Up is a web based scanner you may use to scan for open ports. One common source of confusion, if you have a router you will be scanning your router and not your computer(s) behind the router.

Now we are done with the prerequisite. Now lets roll to the the main topic !!


Anatomy of iptables

 Iptables is nothing more then a set of rules for processing network packets coming and going to and from your computer (firewall). These rules are organized into tables and chains. A packets fate is determined by following the rules, one at a time, like links in a chain.

note this guys : tables are named in small letters and all the chains are in CAPS

Filter : As the word specifies, it filters packets.

Nat - Network allocation table :  Network Allocation Table : Think router or forwarding packets to other machines.

Mangle - Alteration off quality of service bits in the TCP header.

Raw - This table is used less frequently then Mangle is to allow exception to       iptables.


Chains :

filter : Used to filter or block packets 

   FORWARD -  Filters packets accessible by another NIC on the firewall (ie packets moving from eth0 [Internet] to eth1 [LAN].

   INPUT -  Filters inbound traffic (packets going to the firewall).

   OUTPUT - Filters outbound traffic (packets leaving the firewall).

nat (network Allocation Table):

    PREROUTING - Inbound packets to be routed (via NAT) to your clients.
   
  Output - Outbound packets for your firewall.

  POSTROUTING - Outbound packets routed from pther computers.

In addition to these default chains we can even use custom, or user defined chain :-)

Actions : What to do if a packet is matched in any of the rules ?

 If a packet matches a rule, the action is called a target.

  NOTE: Actions are specified with the -j flag, i.e -j ACTION

  ACCEPT - The packet is approved, or accepted.

  REJECT - the packet is blocked, and an error message is returned.

  DROP - The packet is blocked, no error message is returned.
  
  LOG - The packet is logged. After a packet is logged processing continues along the chain.

  JUMP - Just to "jump" to another chain.

In addition to the defaults you may direct iptables to another (user defined) chain.


Using iptables for Filtering 

It is very important to understand that the order of your rule is very critical. Iptables starts as usual from the top of the chain, with the rule of more priority i.e the !st rule, and proceeds down the chain until the first instance of DROP, REJECT, ACCEPT.

 The basic syntax is 

        iptables -option [Chain] [Rule] -j [Target]                  

the term 'Target' is the action to be taken if there is any match to the rule specified by us, for example say Accept, Reject, Drop or send the packet to another, possibly user defined chain.

 Options

-P [chain] sets default Policy (target or action) for the packet if no rule in a chain is macthed.

 iptables -P INPUT DROP # Will drop (block) all incoming packets. 

Note: the above policy will immediately terminate your telnet or ssh session if you have not allowed ssh connections in your INPUT chain. Very bad if you are managing your server remotely and do not have physical access.

Note: SSH is more preferred more telnet because the security in SSH i.e the data is encrypted so to some extent SSH is secure compared to telnet. 

Want to know more about encryption, guys just Google it out !

-A [chain] Appends a rule to the bottom, or end of the specified chain.
              Least preferred ..

-I [chain] Inserts a rule into chain (you specified the location). If no position is specified the default is #1 (first rule).

iptables -I INPUT 3 [RULE] # Will insert the [RULE] at the second position of the INPUT chain .    

See here the rank is specified as 3.

-D [chain] deletes a rule that matches its argument.

the rule may be specified with the number in the chain or rule itself would do the same.

iptables -D INPUT 2 # Will delete the second rule in the INPUT chain.       

iptables -D INPUT [RULE] # Will delete the [RULE] from the input chain.       

-F [chain] flushes (removes or deletes a rule that matches its argument.


By default, in no arguments are given, this will flush the chains in the filter table.
You may specify a table and/or chain.


iptables -F INPUT # Clears the INPUT chain in the filter table.  

iptables -t nat -F PREROUTING # Clears the PREROUTING table in the nat table.       

iptables -F # Clears all the chains in the filter table (INPUT, OUTPUT, and FORWARD).

iptables -t nat -F # Clears all the chains in the nat table.     

-L [chains] a New, user defined chain (blasklist for example).

By default this will list the chains in the filter table. You may specify a table with -t ( -t nat ).

-N creates a New, user defined chain (blacklist for example).

                    iptables -N blacklist                    

-X delets a user defined chain.

                    iptables -X blacklist                    

Before a chain must be deleted, it must be empty (contains no rules). To remove the rules from a table, make use of the option "-F" to flust out all the rules.


Target

 -j specifies target (action) default targets are LOG, ACCEPT, DROP and REJECT. You may also send processing of a packet to another chain.


iptables INPUT -j DROP # it will drop all the packets.
iptables INPUT -j blacklist # Will process the packets according to the blacklist chain(user defined).


 Rules

Some rules can be changed reversed with a '!'
Will take the reverse of what the rules tells.h
 



ipatbles -A INPUT -p tcp ! --dport 22 -j DROP # Will not drop any tcp packet to  destination port 22

-p specifies he ip protocol (tcp, udp and icmp)

iptables -A INPUT -p icmp -j DROP # Block ping 

-s specifies the source ip address (where the packet was sent from).

iptables -A INPUT -s 117.5 2.12.23 -j DROP # drop all the packets from 117.52.12.23

iptables -A blacklist -s 117.5 2.12.23 -j DROP # drop all the packets from 117.52.12.23 using a user defined chain, "blacklist"

iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j  DROP # drop all the packets for ssh( port 22 ) from outside the LAN.

-d specifies the source ip address (where the packet are sent to).


iptables -A INPUT -s 117.5 2.12.23 -j DROP # drop all the packets to 117.52.12.23



NOTE: source and destination IP address can be IP address, or with a netmask, or with a host name. But guys prevent using host names because it should query the DNS to resolve the host name, which will slow the process and DNS can be spoofed.



tcp options ( to be used with -p tcp )


 --sport specifies source port number or range 

if using a range, the syntax is LOW:HIGH
LOW:  the port specified + the ports higher than the specified port

:HIGH = the port specified and below it.

 --dport specifies the destination port, similar fromat to --sport above.

- -tcp-flags

Ah ! --tcp-flag will be 1 elaborate topic and bit complex and requires an understanding of the tcp protocol and the headrers.

Ex : the following are the examples which has the same effect over the packets :

iptables -A INPUT --p tcp --syn --dport 22 -j ACCEPT # short version 

iptables -A INPUT --p tcp --tcp-flag SYN, ACK, RST SYN --syn --dport 22 -j ACCEPT # LONG version 

Meaning for the above rule is "" Matches all incoming packets with SYN flag set, but the ACK and RST flags must be cleared as well.

Multiple tcp flags can be set on a packet.

The options "--tcp-flag" takes two arguments. The above command (long format) matches when its second flagged, and the rest of the flags specified in its first arguments are cleared.

note: using "ALL" as an argument is the same as using "SYN, ACK, RST, PSH, URG, FIN"


If you do not specify flags when using --tcp-flags, any SYN packet and SYN-ACK packet s accepted.

next comes the 

udp options( to be used with -p udp)


  --sport specifies source port number or range

  --dport specifies the destination port, similar fromat to --sport above.

 
icmp options( to be used with -p ICMP)

 --icmp-type this option specifies the icp type of the packet to be matched.

Use iptables -p --help to list the various options here (without arguments with default to all, which is what most of us want).


THANK YOU

-ADMIN

Happy h4ck1ng