Install and Test Comodo Firewall Against BackTrack (Required)

Section 0. Background Information

Comodo Firewall
- Comodo Internet Security was designed around the concept of layered security and provides the following layers of protection: Antivirus, Firewall, Host-based intrusion prevent (Defense+), and Remote assistance (GeekBuddy).
Lab Notes - Các bạn cần thực hiện kỹ bài lab này (và bài lab zone alarm) để nắm cách test firewall của mình !
- In this lab we will do the following:
  1. Download Comodo Firewall
  2. Test Comodo Firewall Against BackTrack (Ping)
  3. Test Comodo Firewall Against BackTrack (nmap basic scan)
  4. Test Comodo Firewall Against BackTrack (nmap half-open TCP scan)
  5. Test Comodo Firewall Against BackTrack (nmap SCTP INIT scan)
  6. Test Comodo Firewall Against BackTrack (nmap intense scan)
Prerequisites
- Instructions:
  1. Windows 7: Lesson 1: Installing Windows 7
  2. BackTrack: Lesson 1: Installing BackTrack 5
Thực hiện 100 %

Section 1. Start your Windows 7 VM

Edit Virtual Machine Settings
- Instructions:
  1. Click on Windows 7
  2. Click on Edit virtual machine
Configure Network Adapter
- Instructions
  1. Select Network Adapter
  2. Click the radio button "Bridged: Connected directly to the physical network."
  3. Click the Okay button
Start Windows 7
- Instructions:
  1. Click on Windows 7
  2. Click on Play virtual machine

Section 2. Login to Windows 7

Section 3. Verify you have a Network IP Address

Bring up Command Prompt
- Instructions:
  - Start --> Command Prompt
Verify IP Address
- Instructions:
  1. ipconfig
- Notes:
  - In my case, my IP Address is 192.168.1.106.
  - In your case, your IP Address will probably be different.

Section 4. Install Spybot Search and Destroy

Open Internet Explorer
- Instructions:
  1. Click the Start Button
  2. Type "Internet Explorer" in the search box
  3. Click on Internet Explorer
Go to the Comodo Firewall Site
- Instructions:
  1. Paste the following website address in the URI box.
    - http://personalfirewall.comodo.com/
  2. Click the Download Button
File Download
- Instructions:
  1. Click Run
Do you want to run this software?
- Instructions:
  1. Click Run
User Account Control
- Instructions:
  1. Click Yes
Select Setup Language
- Instructions:
  1. Select the language: English (United States) - By COMODO
  2. Click OK
Optional Entry
- Instructions:
  1. It is not necessary to supply your email.
  2. It is not necessary to check any of the check boxes.
  3. Just click on Agree and Install
Installing
- Informational:
  1. Continue to Next Step
Select Network
- Instructions:
  1. Select the appropriate network that matches yours.
  2. If you are at a school, coffee shop, airport, etc; then you will select "I am at PUBLIC PLACE"
Restart Your Machine
- Instructions:
  1. Click Fix It
Select Start Menu Folder
- Instructions:
  1. Select Next

Section 5. Configure BackTrack Virtual Machine Settings

Open Your VMware Player
- Instructions:
  1. On Your Host Computer, Go To
  2. Start --> All Program --> VMWare --> VMWare Player
Edit BackTrack Virtual Machine Settings
- Instructions:
  1. Highlight BackTrack5R1
  2. Click Edit virtual machine settings
Edit Network Adapter
- Instructions:
  1. Highlight Network Adapter
  2. Select Bridged
  3. Do not Click on the OK Button.

Section 6. Login to BackTrack

Start BackTrack VM Instance
- Instructions:
  1. Start Up VMWare Player
  2. Select BackTrack5R1
  3. Play virtual machine
Login to BackTrack
- Instructions:
  1. Login: root
  2. Password: toor or <whatever you changed it to>.
Bring up the GNOME
- Instructions:
  1. Type startx

Section 7. Open Console Terminal and Retrieve IP Address

Open a console terminal
- Instructions:
  1. Click on the console terminal
Get IP Address
- Instructions:
  1. ifconfig -a
- Notes:
  - As indicated below, my IP address is 192.168.1.107.
  - Please record your IP address.

Section 8. Test Comodo Firewall with BackTrack (Ping)

Ping Windows 7
- Notes:
  - Obtain the IP Address of the Window 7 machine running Comodo from (Section 3, Step 2)
- Instructions:
  1. ping -c 5 192.168.1.106
    - -c, this flag indicates the number of pings, which in this example is 5 pings.
    - 192.168.1.106 is the IP Address for my Windows 7 machine.
Open Comodo Firewall
- Instructions:
  1. Click on the Comodo Firewall Icon
View Firewall Events
- Instructions:
  1. Click on View Firewall Events
Reviewing Firewall Events
- Note:
  1. Notice that Comodo did not alert us of the BackTrack ping.

Section 9. Test Comodo Firewall with BackTrack (nmap basic scan)

Conduct Basic nmap scan
- Instructions:
  1. nmap 192.168.1.106
- Notes:
  - Obtain the IP Address of the Window 7 machine running Comodo from (Section 3, Step 2)
Viewing Firewall Alerts
- Notes:
  - Notice Comodo Firewall provides an Alert this time.
- Instructions:
  1. For our testing purposes, keep clicking the allow button until the alert messages stop.
  2. Click the Refresh Button.
Viewing Firewall Alerts
- Notes:
  - You should start seeing events that were initiated from BackTrack's nmap.
- Instructions:
  1. Continue to Next Section

Section 10. Test Comodo Firewall with BackTrack (nmap TCP half-open stealth scan)

Conduct nmap TCP half-open stealth scan
- Instructions:
  1. nmap -sS 192.168.1.106
- Notes:
  - Obtain the IP Address of the Window 7 machine running Comodo from (Section 3, Step 2).
  - -sS, This technique is often referred to as half-open scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and then wait for a response. It is also relatively unobtrusive and stealthy since it never completes a TCP connections.
Viewing Comodo Results
- Instructions:
  1. Click the allow button until no more alerts are displayed.
- Notes:
  - Notice you were still alerted when nmap uses a half-open TCP scan.

Section 11. Test Comodo Firewall with BackTrack (nmap SCTP INIT scan)

Conduct nmap SCTP INIT scan
- Instructions:
  1. nmap -sY 192.168.1.106
    - Replace 192.168.1.106 with the Windows 7 IP Address obtain from (Section 3, Step 2).
- Notes:
  - This technique is often referred to as half-open scanning, because you don't open a full SCTP association. You send an INIT chunk, as if you are going to open a real association and then wait for a response.
  - SCTP is a relatively new alternative to the TCP and UDP protocols, combining most characteristics of TCP and UDP, and also adding new features like multi-homing and multi-streaming. SCTP INIT scan is the SCTP equivalent of a TCP SYN scan. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. Like SYN scan, INIT scan is relatively unobtrusive and stealthy, since it never completes SCTP associations.
Viewing Comodo Results
- Notes:
  - Notice Comodo did not detect the half-open SCTP INIT scan.
- Instructions:
  1. Continue to Next Section

Section 12. Test Comodo Firewall with BackTrack (nmap intense scan)

Conduct nmap intense scan
- Instructions:
  1. nmap -T4 -A -v 192.168.1.106
    - Replace 192.168.1.106 with the Windows 7 IP Address obtain from (Section 3, Step 2).
- Notes:
  - -T, is a timing template with the following settings: paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5). The first two are for IDS evasion.
  - -A, to enable OS and version detection, script scanning, and traceroute.
  - -v, is verbose mode.
Viewing Comodo Results
- Notes:
  - Notice Comodo is now going crazy.
- Instructions:
  1. Click Remember my answer
  2. Keep clicking on the Block button as Alerts appear.
  3. Click the Refresh button
Analyzing Comodo Results
- Notes:
  - Notice Comodo is now Blocking scans from 192.168.1.107 for ports 49157, 135, and 49156.
- Instructions:
  1. Continue to Next Step.
Analyzing nmap Results
- Notes:
  - Notice that although you blocked the intense scan with Comodo, nmap was still able to determine the operating system and version.
- Instructions:
  1. Continue Next Section