What is ICMP?
Internet Control Message Protocol
(ICMP) is the protocol used to transmit ancillary
information on communications. It tests network connectivity with the
ping
com-
mand, which sends an ICMP
echo request
message, which the recipient is meant to
answer with an ICMP
echo reply
message. It signals a firewall rejecting a packet, indi-
cates an overflow in a receive buffer, proposes a better route for the next packets in the
connection, and so on. This protocol is defined by several RFC documents. RFC777
and RFC792 were the first, but many others extended and/or revised the protocol.
è
http://www.faqs.org/rfcs/rfc777.html
è
http://www.faqs.org/rfcs/rfc792.html
For reference, a receive buffer is a small memory zone storing data between the time
it arrives from the network and the time the kernel handles it. If this zone is full, new
data cannot be received and ICMP signals the problem so that the emitter can slow
down its transfer rate (which should ideally reach an equilibrium after some time).
Note that although an IPv4 network can work without ICMP, ICMPv6 is strictly re-
quired for an IPv6 network, since it combines several functions that were, in the IPv4
world, spread across ICMPv4,
Internet Group Membership Protocol
(IGMP), and
Ad-
dress Resolution Protocol
(ARP). ICMPv6 is defined in RFC4443.
è
http://www.faqs.org/rfcs/rfc4443.html
162
Kali Linux Revealed
7.4.2. Syntax of
iptables
and
ip6tables
The
iptables
and
ip6tables
commands are used to manipulate tables, chains, and rules. Their
-t
table
option indicates which table to operate on (by default, filter).
Commands
The major options for interacting with chains are listed below:
• -L
chain
lists the rules in the chain. This is commonly used with the -n option to disable
name resolution (for example,
iptables -n -L INPUT
will display the rules related to in-
coming packets).
• -N
chain
creates a new chain. You can create new chains for a number of purposes, including
testing a new network service or fending off a network attack.
• -X
chain
deletes an empty and unused chain (for example,
iptables -X ddos-attack
).
• -A
chain rule
adds a rule at the end of the given chain. Remember that rules are processed
from top to bottom so be sure to keep this in mind when adding rules.
• -I
chain rule_num rule
inserts a rule before the rule number rule_num. As with the -A option,
keep the processing order in mind when inserting new rules into a chain.
• -D
chain rule_num
(or -D
chain rule
) deletes a rule in a chain; the first syntax identifies the
rule to be deleted by its number (
iptables -L --line-numbers
will display these num-
bers), while the latter identifies it by its contents.
• -F
chain
flushes a chain (deletes all its rules). For example, to delete all of the rules related
to outgoing packets, you would run
iptables -F OUTPUT
. If no chain is mentioned, all the
rules in the table are deleted.
• -P
chain action
defines the default action, or “policy” for a given chain; note that only stan-
dard chains can have such a policy. To drop all incoming traffic by default, you would run
iptables -P INPUT DROP
.
Rules
Each rule is expressed as
conditions
-j
action action_options
. If several conditions are described
in the same rule, then the criterion is the conjunction (logical AND) of the conditions, which is at
least as restrictive as each individual condition.
The -p
protocol
condition matches the protocol field of the IP packet. The most common values
are tcp, udp, icmp, and icmpv6. This condition can be complemented with conditions on the TCP
ports, with clauses such as --source-port
port
and --destination-port
port
.
163
Chapter 7 — Securing and Monitoring Kali Linux
|
