Network Security Troubleshooting

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey there Cybrarians,
00:00
and welcome back to the Linux
00:00
plus course, here at Cybrary.
00:00
I'm your instructor Bob Gills.
00:00
In today's lesson, we're going to
00:00
talk about network security commands.
00:00
Upon completion of this lesson,
00:00
you are going to be able to use the IP set and whois
00:00
tools to work with
00:00
firewall settings as well as verify domain ownership.
00:00
We're just going to have a quick demo lesson today.
00:00
Let's get right into it with some demo time.
00:00
Here we are at our demo environment,
00:00
and recall when we were in module 19,
00:00
we talked a little bit about IP set,
00:00
and IP set is just a named set of IP addresses.
00:00
We can use the IP set command
00:00
>> to list and modify IP sets.
00:00
>> For example, let's create one.
00:00
We're going to go ahead and do sudo IP set,
00:00
and we'll call this one bad IP.
00:00
This sudo IP set create bad IPs,
00:00
and we'll say that we're going to make this a hash,
00:00
and it's going to be a network, and we'll hit "Enter."
00:00
I'll provide my password,
00:00
escalate privileges so that I can be rude,
00:00
and there we go, we're good to go.
00:00
Now, we can do sudo IP set list,
00:00
and we see bad IPs.
00:00
We see as a type of hash net,
00:00
version 6, good information and you're good to go.
00:00
If we have a list of IPs in arrange,
00:00
we don't want to allow,
00:00
we can add them to the IP set that we
00:00
created by using sudo IP set,
00:00
and then specifying adding to the bad IPs, IP set.
00:00
We'll just specify a range.
00:00
I'll just give it a bogus range of 10.10.10.1/24.
00:00
Now we can check the IPs allowed on
00:00
here by doing a sudo IP set list again.
00:00
We can see any stuff that's allowed
00:00
or anything that's removed here.
00:00
We can see members in his list,
00:00
and these ones are no longer
00:00
allowed because we block these.
00:00
If we find that
00:00
the IP addresses here are a little too restrictive,
00:00
maybe we don't need the whole range,
00:00
we can actually remove that from the list.
00:00
We can remove the range by doing a sudo IP set,
00:00
del on bad IP's,
00:00
and we're going to specify 10.10.10.1/24
00:00
, and that'll be removed.
00:00
Now for you is sudo IP set list,
00:00
we can see that there are no members in
00:00
this IP set because we've gone ahead and removed it.
00:00
Now let's take a look at the whois command.
00:00
Let's go over and take a look at that.
00:00
We can type clear to clear the screen,
00:00
you can also do a control L.
00:00
The whois command is used to
00:00
determine who owns the domain.
00:00
This can be really useful if you
00:00
are trying to figure out,
00:00
you resolve an attacking IP address,
00:00
and I got to figure out who owns
00:00
the domain and what's going on with it.
00:00
We can run the whois command really simply.
00:00
For example, we could do whois bad IPs.com and then do,
00:00
but that's a little too much information.
00:00
Let's just go ahead and do heads
00:00
or you just get ahead of this information.
00:00
Now we can see down here the
00:00
>> domain name is bad IPs.com,
00:00
>> and we can see that it's actually on
00:00
this domain registrar and named cheap.com.
00:00
It's owned by name cheap.
00:00
We can also see sometimes
00:00
a contact number and e-mail address
00:00
to use to report issues.
00:00
Here we see that there's a register.
00:00
For having problems with this domain or an IP address,
00:00
it's on this domain, we can go ahead and contact,
00:00
abusenamecheap.com, and get them to help us to
00:00
track down what's going on and why we're
00:00
having an attack coming from this domain.
00:00
But with that, we've reached the end of this lesson.
00:00
In this lesson we covered using
00:00
IP set and whois to work with
00:00
firewall settings as well as verified
00:00
domain ownership on a Linux system.
00:00
Thanks so much for being here,
00:00
and I look forward to seeing you in the next lesson.
Up Next