assignmet2

assignment1/relatorio.aux

@@ -0,0 +1,13 @@
+\relax 
+\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo }
+\@nameuse{bbl@beforestart}
+\catcode `"\active 
+\babel@aux{portuguese}{}
+\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent }
+\gdef \@abspage@last{5}

assignment1/relatorio.log

@@ -0,0 +1,244 @@
+This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17)  22 MAR 2026 22:27
+entering extended mode
+ \write18 enabled.
+ %&-line parsing enabled.
+**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex
+LaTeX2e <2024-11-01> patch level 2
+L3 programming layer <2025-01-18>
+(/usr/share/texmf-dist/tex/latex/base/article.cls
+Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
+(/usr/share/texmf-dist/tex/latex/base/size12.clo
+File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
+)
+\c@part=\count196
+\c@section=\count197
+\c@subsection=\count198
+\c@subsubsection=\count199
+\c@paragraph=\count266
+\c@subparagraph=\count267
+\c@figure=\count268
+\c@table=\count269
+\abovecaptionskip=\skip49
+\belowcaptionskip=\skip50
+\bibindent=\dimen141
+)
+(/usr/share/texmf-dist/tex/generic/babel/babel.sty
+Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT
+eX and XeLaTeX
+\babel@savecnt=\count270
+\U@D=\dimen142
+\l@unhyphenated=\language33
+
+(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
+\bbl@readstream=\read2
+\bbl@dirlevel=\count271
+
+(/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf
+Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system
+Package babel Info: Making " an active character on input line 143.
+))
+(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex
+Package babel Info: Importing font and identification data for portuguese
+(babel)             from babel-pt.ini. Reported on input line 11.
+)
+(/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty
+Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar
+amond fonts.
+
+(/usr/share/texmf-dist/tex/generic/iftex/ifxetex.sty
+Package: ifxetex 2019/10/25 v0.7 ifxetex legacy package. Use iftex instead.
+
+(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty
+Package: iftex 2024/12/12 v1.0g TeX engine tests
+))
+(/usr/share/texmf-dist/tex/generic/iftex/ifluatex.sty
+Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead.
+)
+(/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
+Package: xkeyval 2022/06/16 v2.9 package option processing (HA)
+
+(/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
+(/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
+\XKV@toks=\toks17
+\XKV@tempa@toks=\toks18
+
+(/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex))
+\XKV@depth=\count272
+File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
+))
+(/usr/share/texmf-dist/tex/latex/base/textcomp.sty
+Package: textcomp 2024/04/24 v2.1b Standard LaTeX package
+)
+(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
+Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
+)
+(/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty
+Package: fontaxes 2020/07/21 v1.0e Font selection axes
+LaTeX Info: Redefining \upshape on input line 29.
+LaTeX Info: Redefining \itshape on input line 31.
+LaTeX Info: Redefining \slshape on input line 33.
+LaTeX Info: Redefining \swshape on input line 35.
+LaTeX Info: Redefining \scshape on input line 37.
+LaTeX Info: Redefining \sscshape on input line 39.
+LaTeX Info: Redefining \ulcshape on input line 41.
+LaTeX Info: Redefining \textsw on input line 47.
+LaTeX Info: Redefining \textssc on input line 48.
+LaTeX Info: Redefining \textulc on input line 49.
+)
+LaTeX Info: Redefining \oldstylenums on input line 163.
+LaTeX Info: Redefining \textsw on input line 173.
+)
+(/usr/share/texmf-dist/tex/latex/listings/listings.sty
+\lst@mode=\count273
+\lst@gtempboxa=\box52
+\lst@token=\toks19
+\lst@length=\count274
+\lst@currlwidth=\dimen143
+\lst@column=\count275
+\lst@pos=\count276
+\lst@lostspace=\dimen144
+\lst@width=\dimen145
+\lst@newlines=\count277
+\lst@lineno=\count278
+\lst@maxwidth=\dimen146
+
+(/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty
+File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
+)
+(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty
+File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
+\c@lstnumber=\count279
+\lst@skipnumbers=\count280
+\lst@framebox=\box53
+)
+(/usr/share/texmf-dist/tex/latex/listings/listings.cfg
+File: listings.cfg 2024/09/23 1.10c listings configuration
+))
+Package: listings 2024/09/23 1.10c (Carsten Heinz)
+LaTeX Font Info:    Trying to load font information for OT1+EBGaramond-LF on in
+put line 28.
+
+(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
+File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
+mond-LF.
+)
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 12.0pt on input line 28.
+
+(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
+File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
+\l__color_backend_stack_int=\count281
+\l__pdf_internal_box=\box54
+)
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
+\openout1 = `relatorio.aux'.
+
+LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for OMS/cmsy/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+\c@mv@tabular=\count282
+\c@mv@boldtabular=\count283
+\c@lstlisting=\count284
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 20.74pt on input line 29.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 14.4pt on input line 29.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <14.4> on input line 29.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <7> on input line 29.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 17.28pt on input line 30.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 17.28pt on input line 30.
+
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 12.0pt on input line 2.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <12> on input line 4.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <8> on input line 4.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <6> on input line 4.
+)
+\tf@toc=\write3
+\openout3 = `relatorio.toc'.
+
+
+
+[1
+
+{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
+/enc/dvips/ebgaramond/ebg_dacnth.enc}]
+(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
+File: lstlang1.sty 2024/09/23 1.10c listings language file
+)
+(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
+File: lstlang1.sty 2024/09/23 1.10c listings language file
+)
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 10.0pt on input line 37.
+
+Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44
+\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns
+(23.214.219.130), mail(23.214.219.134),
+ []
+
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 14.4pt on input line 45.
+
+
+[2]
+
+[3]
+LaTeX Font Info:    Font shape `OT1/cmtt/bx/n' in size <10> not available
+(Font)              Font shape `OT1/cmtt/m/n' tried instead on input line 93.
+
+
+[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
+Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126
+\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c
+ria[][]ao de sce-na-rios em VMs, a configura[][]ao
+ []
+
+
+
+[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
+ ***********
+LaTeX2e <2024-11-01> patch level 2
+L3 programming layer <2025-01-18>
+ ***********
+ ) 
+Here is how much of TeX's memory you used:
+ 4439 strings out of 474546
+ 72779 string characters out of 5749982
+ 968296 words of memory out of 5000000
+ 27469 multiletter control sequences out of 15000+600000
+ 573916 words of font info for 59 fonts, out of 8000000 for 9000
+ 352 hyphenation exceptions out of 8191
+ 57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s
+</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
+r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
+hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
+t/fonts/type1/public/cm-super/sftt1000.pfb>
+Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela
+torio.pdf (5 pages, 78451 bytes).
+PDF statistics:
+ 42 PDF objects out of 1000 (max. 8388607)
+ 26 compressed objects within 1 object stream
+ 0 named destinations out of 1000 (max. 500000)
+ 1 words of extra memory for PDF output out of 10000 (max. 10000000)
+

assignment1/relatorio.tex

@@ -0,0 +1,126 @@
+\documentclass[12pt,a4paper]{article}
+\usepackage[portuguese]{babel}
+\usepackage[lining]{ebgaramond}
+\usepackage{listings}
+
+\lstdefinestyle{mystyle}{
+    basicstyle=\ttfamily\footnotesize,
+    breakatwhitespace=false,         
+    breaklines=true,                 
+    captionpos=b,                    
+    keepspaces=true,                 
+    numbers=left,                    
+    numbersep=5pt,                  
+    showspaces=false,                
+    showstringspaces=false,
+    showtabs=false,                  
+    tabsize=2
+}
+
+\lstset{style=mystyle}
+
+\title{Practical Assignment \#1}
+\author{
+    João Neto -- 2023234004\\[1em]
+    Vasco Alves -- 2022228207
+}
+
+\begin{document}
+\maketitle
+\tableofcontents
+\newpage
+
+\section{Introduction}
+O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10).
+
+\begin{lstlisting}[language=bash]
+Rede,Interface,Gama IP
+DMZ,enp0s8,23.214.219.128/25
+Internal,enp0s9,192.168.10.0/24
+Internet,enp0s10,87.248.214.0/24
+\end{lstlisting}
+As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98).
+Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router.  Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio.
+\section{Firewall}
+\subsection{Packet fileter without NAT}
+O policy que foi escolhido foi:
+\begin{lstlisting}[language=bash]
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT ACCEPT
+\end{lstlisting}
+Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho.
+Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos:
+\begin{lstlisting}[language=bash]
+sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT
+sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT
+sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT
+\end{lstlisting}
+Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos:
+\begin{lstlisting}[language=bash]
+sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT
+\end{lstlisting}
+Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo:
+\begin{lstlisting}[language=bash]
+sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+\end{lstlisting}
+No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras:
+\begin{lstlisting}[language=bash]
+sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+\end{lstlisting}
+Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias.
+\subsection{Packet filtering with NAT}
+Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos:
+\begin{lstlisting}[language=bash]
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT
+sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
+sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
+sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT
+sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT
+\end{lstlisting}
+
+\section{Intrusion Detection}
+As regras que utilizamos para o suricata foram estas:
+\begin{lstlisting}[language=bash]
+drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
+drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
+drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
+drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
+\end{lstlisting}
+A primeira é para port scaning, a segunda e a terceira é para o caso de SQL injection, e a ultima é para XSS atacks.
+Também atualizamos o iptables para passar para o suricata os pacotes para analizar e bloquear com:
+\begin{lstlisting}[language=bash]
+sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
+sudo iptables -I INPUT -j NFQUEUE --queue-bypass
+\end{lstlisting}
+
+\section{Tests utilizados}
+Netcat foi utilizado para maior parte dos testes excepto para FTP, em que devido ás suas caracteristicas especificas, utilizamos os serviços para ter a certeza que funcionava com a nossa configuração. Utilizamos estes comandos curl para testar se eram bloqueados:
+\begin{lstlisting}[language=bash]
+curl -i "http://23.214.219.132/index.php?id=1%20union%20select%201,2,3"
+curl -i "http://23.214.219.132/login.php?user='or%201=1"
+curl -i "http://23.214.219.132/search.php?q=<script>alert('XSS')</script>"
+\end{lstlisting}
+
+\section{Conclusion}
+Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata
+\end{document}

assignment1/relatorio.toc

@@ -0,0 +1,8 @@
+\babel@toc {portuguese}{}\relax 
+\contentsline {section}{\numberline {1}Introduction}{2}{}%
+\contentsline {section}{\numberline {2}Firewall}{2}{}%
+\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}%
+\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}%
+\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}%
+\contentsline {section}{\numberline {4}Tests utilizados}{5}{}%
+\contentsline {section}{\numberline {5}Conclusion}{5}{}%

relatorio.aux

@@ -4,10 +4,5 @@
 \catcode `"\active 
 \babel@aux{portuguese}{}
 \@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent }
-\gdef \@abspage@last{5}
+\@writefile{toc}{\contentsline {section}{\numberline {2}Conclusion}{2}{}\protected@file@percent }
+\gdef \@abspage@last{2}

relatorio.log

@@ -1,47 +1,61 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17)  22 MAR 2026 22:27
+This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13)  19 APR 2026 21:36
 entering extended mode
  \write18 enabled.
  %&-line parsing enabled.
-**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio
-(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex
-LaTeX2e <2024-11-01> patch level 2
-L3 programming layer <2025-01-18>
+**/home/raw/uni/fsi/trabalho/relatorio
+(/home/raw/uni/fsi/trabalho/relatorio.tex
+LaTeX2e <2025-11-01>
+L3 programming layer <2026-01-19>
 (/usr/share/texmf-dist/tex/latex/base/article.cls
-Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
+Document Class: article 2025/01/22 v1.4n Standard LaTeX document class
 (/usr/share/texmf-dist/tex/latex/base/size12.clo
-File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
+File: size12.clo 2025/01/22 v1.4n Standard LaTeX file (size option)
 )
-\c@part=\count196
-\c@section=\count197
-\c@subsection=\count198
-\c@subsubsection=\count199
-\c@paragraph=\count266
-\c@subparagraph=\count267
-\c@figure=\count268
-\c@table=\count269
+\c@part=\count275
+\c@section=\count276
+\c@subsection=\count277
+\c@subsubsection=\count278
+\c@paragraph=\count279
+\c@subparagraph=\count280
+\c@figure=\count281
+\c@table=\count282
 \abovecaptionskip=\skip49
 \belowcaptionskip=\skip50
-\bibindent=\dimen141
+\bibindent=\dimen148
 )
 (/usr/share/texmf-dist/tex/generic/babel/babel.sty
-Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT
+Package: babel 2026/02/14 v26.3 The multilingual framework for LuaLaTeX, pdfLaT
 eX and XeLaTeX
-\babel@savecnt=\count270
-\U@D=\dimen142
-\l@unhyphenated=\language33
+\babel@savecnt=\count283
+LaTeX Encoding Info:    Redeclaring text command \ij (encoding OT1) on input li
+ne 2078.
+LaTeX Encoding Info:    Redeclaring text command \IJ (encoding OT1) on input li
+ne 2080.
+LaTeX Encoding Info:    Redeclaring text command \ij (encoding T1) on input lin
+e 2082.
+LaTeX Encoding Info:    Redeclaring text command \IJ (encoding T1) on input lin
+e 2083.
+LaTeX Encoding Info:    Ignoring declaration for text command \ij (encoding ?) 
+on input line 2084.
+LaTeX Encoding Info:    Ignoring declaration for text command \IJ (encoding ?) 
+on input line 2086.
+LaTeX Encoding Info:    Ignoring declaration for text command \SS (encoding ?) 
+on input line 2111.
+\U@D=\dimen149
+\l@unhyphenated=\language4
 
 (/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
 \bbl@readstream=\read2
-\bbl@dirlevel=\count271
+\bbl@dirlevel=\count284
+
+(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex)
+Package babel Info: Importing font and identification data for portuguese
+(babel)             from babel-pt.ini. Reported on input line 4330.
 
 (/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf
-Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system
-Package babel Info: Making " an active character on input line 143.
+Language: portuges 2026/01/24 v1.2u Portuguese support from the babel system
+Package babel Info: Making " an active character on input line 132.
 ))
-(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex
-Package babel Info: Importing font and identification data for portuguese
-(babel)             from babel-pt.ini. Reported on input line 11.
-)
 (/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty
 Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar
 amond fonts.
@@ -56,69 +70,72 @@ Package: iftex 2024/12/12 v1.0g TeX engine tests
 Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead.
 )
 (/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
-Package: xkeyval 2022/06/16 v2.9 package option processing (HA)
+Package: xkeyval 2025/11/04 v2.10 package option processing (HA)
 
 (/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
 (/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
 \XKV@toks=\toks17
 \XKV@tempa@toks=\toks18
+\XKV@tempb@toks=\toks19
 
 (/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex))
-\XKV@depth=\count272
+\XKV@depth=\count285
 File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
 ))
 (/usr/share/texmf-dist/tex/latex/base/textcomp.sty
 Package: textcomp 2024/04/24 v2.1b Standard LaTeX package
 )
 (/usr/share/texmf-dist/tex/latex/base/fontenc.sty
-Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
+Package: fontenc 2025/07/18 v2.1d Standard LaTeX package
 )
 (/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty
-Package: fontaxes 2020/07/21 v1.0e Font selection axes
-LaTeX Info: Redefining \upshape on input line 29.
-LaTeX Info: Redefining \itshape on input line 31.
-LaTeX Info: Redefining \slshape on input line 33.
-LaTeX Info: Redefining \swshape on input line 35.
-LaTeX Info: Redefining \scshape on input line 37.
-LaTeX Info: Redefining \sscshape on input line 39.
-LaTeX Info: Redefining \ulcshape on input line 41.
-LaTeX Info: Redefining \textsw on input line 47.
-LaTeX Info: Redefining \textssc on input line 48.
-LaTeX Info: Redefining \textulc on input line 49.
+Package: fontaxes 2026-01-02 v2.0.2 Font selection axes (deprecated)
+Applying: [2024-11-01] Use figureversions if present on input line 74.
+
+(/usr/share/texmf-dist/tex/latex/figureversions/figureversions.sty
+Package: figureversions 2025-04-29 v1.0.1 Figure versions
+)
+Already applied: [0000-00-00] Fall back to v1 on input line 76.
 )
 LaTeX Info: Redefining \oldstylenums on input line 163.
 LaTeX Info: Redefining \textsw on input line 173.
 )
 (/usr/share/texmf-dist/tex/latex/listings/listings.sty
-\lst@mode=\count273
-\lst@gtempboxa=\box52
-\lst@token=\toks19
-\lst@length=\count274
-\lst@currlwidth=\dimen143
-\lst@column=\count275
-\lst@pos=\count276
-\lst@lostspace=\dimen144
-\lst@width=\dimen145
-\lst@newlines=\count277
-\lst@lineno=\count278
-\lst@maxwidth=\dimen146
+\lst@mode=\count286
+\lst@gtempboxa=\box53
+\lst@token=\toks20
+\lst@length=\count287
+\lst@currlwidth=\dimen150
+\lst@column=\count288
+\lst@pos=\count289
+\lst@lostspace=\dimen151
+\lst@width=\dimen152
+\lst@newlines=\count290
+\lst@lineno=\count291
+\lst@maxwidth=\dimen153
 
 (/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty
-File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
+File: lstpatch.sty 2025/11/14 1.11b (Carsten Heinz)
 )
 (/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty
-File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
-\c@lstnumber=\count279
-\lst@skipnumbers=\count280
-\lst@framebox=\box53
+File: lstmisc.sty 2025/11/14 1.11b (Carsten Heinz)
+\c@lstnumber=\count292
+\lst@skipnumbers=\count293
+\lst@framebox=\box54
 )
 (/usr/share/texmf-dist/tex/latex/listings/listings.cfg
-File: listings.cfg 2024/09/23 1.10c listings configuration
+File: listings.cfg 2025/11/14 1.11b listings configuration
 ))
-Package: listings 2024/09/23 1.10c (Carsten Heinz)
+Package: listings 2025/11/14 1.11b (Carsten Heinz)
+
+==> First Aid for listings.sty no longer applied!
+    Expected:
+        2024/09/23 1.10c (Carsten Heinz)
+    but found:
+        2025/11/14 1.11b (Carsten Heinz)
+    so I'm assuming it got fixed.
 LaTeX Font Info:    Trying to load font information for OT1+EBGaramond-LF on in
 put line 28.
-
 (/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
 File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
 mond-LF.
@@ -127,11 +144,13 @@ LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
 (Font)              scaled to size 12.0pt on input line 28.
 
 (/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
-File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
-\l__color_backend_stack_int=\count281
-\l__pdf_internal_box=\box54
+File: l3backend-pdftex.def 2025-10-09 L3 backend support: PDF output (pdfTeX)
+\l__color_backend_stack_int=\count294
+)
+(/home/raw/uni/fsi/trabalho/relatorio.aux
+Package babel Info: 'portuguese' activates 'portuges' shorthands.
+(babel)             Reported on input line 5.
 )
-(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
 \openout1 = `relatorio.aux'.
 
 LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 28.
@@ -148,9 +167,9 @@ LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 28.
 LaTeX Font Info:    ... okay on input line 28.
 LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 28.
 LaTeX Font Info:    ... okay on input line 28.
-\c@mv@tabular=\count282
-\c@mv@boldtabular=\count283
-\c@lstlisting=\count284
+\c@mv@tabular=\count295
+\c@mv@boldtabular=\count296
+\c@lstlisting=\count297
 LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
 (Font)              scaled to size 20.74pt on input line 29.
 LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
@@ -164,81 +183,48 @@ LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
 LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
 (Font)              scaled to size 17.28pt on input line 30.
 
-(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc
+(/home/raw/uni/fsi/trabalho/relatorio.toc
 LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
 (Font)              scaled to size 12.0pt on input line 2.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <12> on input line 4.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <8> on input line 4.
-LaTeX Font Info:    External font `cmex10' loaded for size
-(Font)              <6> on input line 4.
 )
 \tf@toc=\write3
 \openout3 = `relatorio.toc'.
 
-
-
  [1
 
 {/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
-/enc/dvips/ebgaramond/ebg_dacnth.enc}]
-(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
-File: lstlang1.sty 2024/09/23 1.10c listings language file
+/enc/dvips/ebgaramond/ebg_dacnth.enc}] (/usr/share/texmf-dist/tex/latex/listing
+s/lstlang1.sty
+File: lstlang1.sty 2025/11/14 1.11b listings language file
 )
 (/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
-File: lstlang1.sty 2024/09/23 1.10c listings language file
+File: lstlang1.sty 2025/11/14 1.11b listings language file
 )
 LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
 (Font)              scaled to size 10.0pt on input line 37.
-
-Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44
-\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns
-(23.214.219.130), mail(23.214.219.134),
- []
-
-LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
-(Font)              scaled to size 14.4pt on input line 45.
-
-
  [2]
-
-[3]
-LaTeX Font Info:    Font shape `OT1/cmtt/bx/n' in size <10> not available
-(Font)              Font shape `OT1/cmtt/m/n' tried instead on input line 93.
-
-
-[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
-Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126
-\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c
-ria[][]ao de sce-na-rios em VMs, a configura[][]ao
- []
-
-
-
-[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
+(/home/raw/uni/fsi/trabalho/relatorio.aux)
  ***********
-LaTeX2e <2024-11-01> patch level 2
-L3 programming layer <2025-01-18>
+LaTeX2e <2025-11-01>
+L3 programming layer <2026-01-19>
  ***********
  ) 
 Here is how much of TeX's memory you used:
- 4439 strings out of 474546
- 72779 string characters out of 5749982
- 968296 words of memory out of 5000000
- 27469 multiletter control sequences out of 15000+600000
- 573916 words of font info for 59 fonts, out of 8000000 for 9000
- 352 hyphenation exceptions out of 8191
- 57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s
+ 4333 strings out of 469495
+ 71923 string characters out of 5470098
+ 655827 words of memory out of 5000000
+ 32986 multiletter control sequences out of 15000+600000
+ 638248 words of font info for 53 fonts, out of 8000000 for 9000
+ 16 hyphenation exceptions out of 8191
+ 62i,7n,99p,213b,1276s stack positions out of 10000i,1000n,20000p,200000b,200000s
 </usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
 r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
-hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
-t/fonts/type1/public/cm-super/sftt1000.pfb>
-Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela
-torio.pdf (5 pages, 78451 bytes).
+hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb>
+Output written on /home/raw/uni/fsi/trabalho/relatorio.pdf (2 pages, 44498 byte
+s).
 PDF statistics:
- 42 PDF objects out of 1000 (max. 8388607)
- 26 compressed objects within 1 object stream
+ 27 PDF objects out of 1000 (max. 8388607)
+ 16 compressed objects within 1 object stream
  0 named destinations out of 1000 (max. 500000)
  1 words of extra memory for PDF output out of 10000 (max. 10000000)
 

relatorio.tex

@@ -19,7 +19,7 @@
 
 \lstset{style=mystyle}
 
-\title{Practical Assignment \#1}
+\title{Practical Assignment \#2}
 \author{
     João Neto -- 2023234004\\[1em]
     Vasco Alves -- 2022228207
@@ -31,96 +31,13 @@
 \newpage
 
 \section{Introduction}
-O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10).
+Introdução!!!!
 
 \begin{lstlisting}[language=bash]
-Rede,Interface,Gama IP
-DMZ,enp0s8,23.214.219.128/25
-Internal,enp0s9,192.168.10.0/24
-Internet,enp0s10,87.248.214.0/24
-\end{lstlisting}
-As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98).
-Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router.  Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio.
-\section{Firewall}
-\subsection{Packet fileter without NAT}
-O policy que foi escolhido foi:
-\begin{lstlisting}[language=bash]
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -P OUTPUT ACCEPT
-\end{lstlisting}
-Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho.
-Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos:
-\begin{lstlisting}[language=bash]
-sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT
-sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT
-sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT
-\end{lstlisting}
-Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos:
-\begin{lstlisting}[language=bash]
-sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT
-\end{lstlisting}
-Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo:
-\begin{lstlisting}[language=bash]
-sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
-\end{lstlisting}
-No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras:
-\begin{lstlisting}[language=bash]
-sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-\end{lstlisting}
-Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias.
-\subsection{Packet filtering with NAT}
-Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos:
-\begin{lstlisting}[language=bash]
-sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT
-sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
-sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
-sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2
-sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT
-sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT
-\end{lstlisting}
-
-\section{Intrusion Detection}
-As regras que utilizamos para o suricata foram estas:
-\begin{lstlisting}[language=bash]
-drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
-drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
-drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
-drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
-\end{lstlisting}
-A primeira é para port scaning, a segunda e a terceira é para o caso de SQL injection, e a ultima é para XSS atacks.
-Também atualizamos o iptables para passar para o suricata os pacotes para analizar e bloquear com:
-\begin{lstlisting}[language=bash]
-sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
-sudo iptables -I INPUT -j NFQUEUE --queue-bypass
-\end{lstlisting}
-
-\section{Tests utilizados}
-Netcat foi utilizado para maior parte dos testes excepto para FTP, em que devido ás suas caracteristicas especificas, utilizamos os serviços para ter a certeza que funcionava com a nossa configuração. Utilizamos estes comandos curl para testar se eram bloqueados:
-\begin{lstlisting}[language=bash]
-curl -i "http://23.214.219.132/index.php?id=1%20union%20select%201,2,3"
-curl -i "http://23.214.219.132/login.php?user='or%201=1"
-curl -i "http://23.214.219.132/search.php?q=<script>alert('XSS')</script>"
+hmmmm
 \end{lstlisting}
 
 \section{Conclusion}
-Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata
+Conclusão!!!
+
 \end{document}

relatorio.toc

@@ -1,8 +1,3 @@
 \babel@toc {portuguese}{}\relax 
 \contentsline {section}{\numberline {1}Introduction}{2}{}%
-\contentsline {section}{\numberline {2}Firewall}{2}{}%
-\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}%
-\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}%
-\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}%
-\contentsline {section}{\numberline {4}Tests utilizados}{5}{}%
-\contentsline {section}{\numberline {5}Conclusion}{5}{}%
+\contentsline {section}{\numberline {2}Conclusion}{2}{}%