Good evening,
I just had a lot of trouble with completing the challenge exercise (1.3) in the “Identifying Ingress and Egress Rules”. I want to know if I followed the right steps.
I followed the instructions to set up the room, ensuring I selected the Ingress-Egress-Challenge and then booted the firewalls, starting all machines and finally configuring the Debian-B machine with the socat command.
I had no issues completing an nmap scan from the Kali A machine to the Debian-B machine to see what ports were allowed through the engress rule, but the problem I ran into was I could not work out what ports the Egress rule was stopping/blocking. I followed the guide exercise to ensure I was running the right commands. I was getting a considerable amount of ports that returned as filtered, not just four as suggested in the answer. I purely just bruteforced the first task to get the right answer but this took longer than desired. The answer did not make sense to what I was seeing so I must have been doing something wrong.
I want to know what nmap command I should have been running to find the answer for task one, or atleast a strong suggestion. When I ran -p- or -p 1-65355, this netted me too many filtered ports when paired with -sN for example. Was I supposed to be attempting to bypass the Egress filter to work it out?
I have attached a picture of my nmap scan of port found to be open on the internal network by the Kali-B machine, I am using the -sF to do a TCP FIN scan and -d for more verbose information. I did this same scan with each scan type (-sN, -sF, -sX) and got similar results.
Any help is greatly appreciated! Have a great rest of your day.