For this section, review the information from the chapter and try to expand on the topics. This will allow you to increase your knowledge of the different topics. To stimulate your thinking, try some of the following topics:
hosts.allow
and hosts.deny
. Research this feature, try to implement it on one of your virtual machines, and then attempt to scan the network services once they are wrapped. An example of a wrapped service that has been scanned by Nmap is shown in the following image:Using the image as an example, configure the settings and scan the ports that are wrapped to achieve the same results. Once you have done this, see if there are any characteristics that you can identify when you scan ports that are wrapped compared to the ones that are not wrapped. This is part of being an advanced penetration tester. That is, you have to deploy a number of different defensive mechanisms and then test them to see how they react when scanned and probed.
As the image shows, this configuration creates the port knocking sequence of four ports: 1111, 2222, 3333, and 4444. Once the port sequence is received, the iptables firewall will open port 22 for a period of 15 seconds and then it will close again. See if you can configure this to work, and then once you have tested it, scan the machine, and look at the sessions at the packet level to see if you can identify any characteristics of port knocking being configured. As an expansion of port knocking, see if you can capture the sequence when it works, and then deliberately send a sequence without the correct sequence and analyze the differences.