Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
TARG_1# cat /proc/net/ip_tables_names
TARG_1# iptables-save
Verify that the “dpkvke8h18” table is not present in the output of either
command.
5) Capability Tests
5.1) Redirection Test
Create a DNAT rule in the “dpxvke8h18” table to redirect traffic bound for
EAST_3 and send it to EAST_5:
TARG_1# iptables -t dpxvke8h18 -I PREROUTING \
–s 192.168.1.2 -d 192.168.2.3 \
-j DNAT --to-destination 192.168.2.5
TARG_1# iptables -t dpxvke8h18 -L PREROUTING –nv
Verify that the new rule appears in the output of the “iptables -L" command.
Confirm that the DNAT rule works by running netcat (udp) and netcat (tcp)
tests. Verify that the traffic is sent to EAST_5 and *not* EAST_3.
Before proceeding, flush the PREROUTING chain in the “dpxvke8h18” table:
TARG_1# iptables -t dpxvke8h18 -F PREROUTING
TARG_1# iptables -t dpxvke8h18 -L PREROUTING -nv
Verify that the new rule no longer appears in the output of the “iptables -L”
command.
5.2) Precedence Test
To test if the “dpxvke8h18” table has precedence over the “nat” table, create
a DNAT rule in the “nat” table to redirect traffic to EAST_4, then create a
DNAT rule in the “dpxvke8h18” table to redirect traffic to EAST_5:
SECRET//NOFORN