THM Extending Your Network - grunt92/IT-Sec-WriteUps GitHub Wiki

Introduction to Port Forwarding

What is the name of the device that is used to configure port forwarding?

router

Firewalls 101

What layers of the OSI model do firewalls operate at?

Layer 3, Layer 4

Note: Layer 3 = Network, Layer 4 = Transport

What category of firewall inspects the entire connection?

stateful

What category of firewall inspects individual packets?

stateless

Practical - Firewall

What is the flag?

Deploy the site by clicking the "View Site"-button. After the site is deployed you can start the simulation, but you have to act quickly. In the simulation, the attacker device will spam requests to a website and your task is to add rules to the firewall to prevent a shutdown of the website. To do so you have to select the IP of the attackers port in the "Source IP" drop-down, the IP of the attacked device (the webserver) in the "Destination IP" drop-down, select the correct Port( http:80 ), the "DROP" action and press the "Add Rule"-button. After pressing the "Add Rule"-button you should see that the packages from the attacker are stopped at the router and the strain on the server (represented by the battery) drops. When the battery reaches a low strain-level a pop-up will informing you that you saved the server and gives you the flag:

THM{FIREWALLS_RULE}

VPN Basics

What VPN technology only encrypts & provides the authentication of data?

PPP

What VPN technology uses the IP framework?

IPSec

LAN Networking Devices

What is the verb for the action that a router does?

routing

What are the two different layers of switches? Seperate these by a comma I.e.: LayerX,LayerY

Layer2,Layer3

Note Layer 2 = Data Link, Layer 3 = Network

Practical - Network Simulator

What is the flag from the network simulator?

Deploy the site by clicking on the "View Site"-button. After the site is deployed you have to send a TCP packet from computer1 to computer3 to receive the flag. To do so select computer1 from the "From:"-dropdown, computer3 from the "To:"-dropdown and select tcp from the "Packet Type:"-dropdown. Click on the "Send Packet"-button and the site will show you how the individual type of packets are sent between the devices. After computer1 has sent the TCP Packet to computer3 and received the responding TCP Handshake a pop-up will show and give you the required flag:

THM{YOU'VE_GOT_DATA}

How many HANDSHAKE entries are there in the Network Log?

5