by Adrian Campean (@bimj0rk), Dan Deaconu (@DoubleDew) and Darius Nazemian (@dariusnp)
A firewall made using Kali Linux and Iptables with a test attack The app is specifially designed for Linux users with Iptables and UFW installed and running. To launch it, run the script file in the terminal of the Operating System.
The main features of the firewall are as follows:
- blocks incoming packets that enter from an external machine that claims to be inside the network. The attacker usually uses a specific port (usually eth0), and this can be used to our advantage.
- drops every packet that has a SYNCHRONIZED (SYN) flag
- limits the number a fragments a packet can be divided into
There are four main menus for the firewall:
- Start firewall: start and stops the firewall; if the chosen option is already selected, the user gets warned about it (this is done by saving the state of the firewall in a log file);
- Statistics: using netstat, statistics about network usage is saved in another log file and then outputed to the user;
- Rules: shows the iptables rules the user has set
- Settings: this is where the user can add or enable certain features (insert custom rule, delete rule, add a rule to a certain position in the chain, drop strange packets, track and drop SYN packets and limit the number of fragments a packet can have).
For testing purposes, we also created an attack in Python, using Scapy, that sends packets from a source with the IP address of 150.x.x.x, with SYN flags and fragmentted to 2048 fragments.