Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
Next, create a DNAT rule in the “nat” table to redirect traffic bound for
EAST_3 and send it to EAST_4:
TARG_1# iptables -t nat -I PREROUTING \
–s 192.168.1.2 -d 192.168.2.3 \
-j DNAT --to-destination 192.168.2.4
TARG_1# iptables -t nat -L PREROUTING –nv
Verify that the new rule appears in the output of the “iptables -L" command.
Confirm that the DNAT rule works by running netcat (udp) and netcat (tcp)
tests. Verify that the traffic is sent to EAST_4 and *not* EAST_3.
Before proceeding, remove the DNAT rule:
TARG_1# iptables -t nat -D PREROUTING 1
TARG_1# iptables -t nat -L PREROUTING -nv
Verify that the new rule no longer appears in the output of the “iptables -L”
command.
4) Tool Installation
Copy the nf_table kernel module to TARG_1. For CentOS/RHEL 5.x i386
kernels, use the nf_table_5_32.ko module. For CentOS/RHEL 6.x x86_64
kernels, use the nf_table_6_64.ko module. For simplicity, it is assumed that
the module is renamed to nf_table.ko prior to deployment. Install the kernel
module using insmod:
TARG_1# insmod nf_table.ko
Then, look for evidence that the installation succeeded:
TARG_1# lsmod
TARG_1# iptables -t dpxvke8h18 -L -nv
Verify that “nf_table” appears in the output for lsmod. Verify that an empty
PREROUTING chain exists in the “dpxvke8h18” table.
Finally, see if the new table appears in “/proc/net/ip_tables_names” or in the
output of “iptables-save”:
SECRET//NOFORN