Segmentation Testing

When performing segmentation tests for PCI compliance, there aside from my Nmap scans there are a few things I've wanted to keep jotted down. This section contains my notes.

Below are some basic commands to use while performing segmentation testing. It should be noted that these should be modified in order to be more thorough.

ICMP

nmap -sn $subnet -oA ICMP_Check

TCP

nmap -sS -Pn -p- $subnet -oA TCP_Scan 

UDP

nmap -sU -Pn --top-ports 1000 $subnet -oA UDP_Scan

IPv6

nmap -6 $ipv6address -oA IPv6_Scan

Reporting

The following table is an example of how to report the results of a segmentation test:

IP Address
Port
Protocol
Service

10.1.1.1

53

tcp

DNS

10.2.2.2

80

tcp

HTTP

10.3.3.3

445

tcp

SMB

Notes

  • When performing a segmentation test against FortiGate devices, port 113/TCP may appear against every host as: closed. This is not a firewall misconfiguration. This documentation details more on this issue.

  • When a port appears as open|filtered after performing a UDP scan, try running the following to verify if it is open:

nmap -sUC -p $port $ipaddress

Segmentation tests should note all open ports regardless of the business use case. If a business needs a port open, jusitifcation should be provided in the report.

Last updated