Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//NOFORN
- EAST_3: 192.168.2.3
- EAST_4: 192.168.2.4
- EAST_5: 192.168.2.5
2) Environment Configuration
NOTE: On some OS versions, iptables, route, insmod, lsmod, and/or rmmod
may be in /sbin, which may not be in the default path. In that case, use the
absolute path (e.g. “/sbin/iptables”) when running those commands. All
commands should be executed as root.
TARG_1 must be configured to route traffic between the networks. This can
be done by adding FORWARD rules:
TARG_1# echo “1” > /proc/sys/net/ipv4/ip_forward
TARG_1# iptables -I FORWARD -s 192.168.1.0/24 \
-d 192.168.2.0/24 -j ACCEPT
TARG_1# iptables -I FORWARD -s 192.168.2.0/24 \
-d 192.168.1.0/24 -j ACCEPT
WEST_2 must have a route for the EAST network, and should not be blocking
incoming connections from that network:
WEST_2# route add –net 192.168.2.0/24 gw 192.168.1.1
WEST_2# iptables –I INPUT –s 192.168.2.0/24 –j ACCEPT
Similarly, each EAST hosts must have a route for the WEST network:
EAST_3# route add –net 192.168.1.0/24 gw 192.168.2.1
EAST_3# iptables –I INPUT –s 192.168.1.0/24 –j ACCEPT
Repeat the above commands for EAST_4 and EAST_5.
3) Baseline Test
First, confirm that forwarding works by running ping, netcat (udp), and netcat
(tcp) tests (see Appendix A) in both directions (WEST->EAST and EAST-
>WEST).
SECRET//NOFORN

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh