Segmentation Testing
When performing segmentation tests for PCI compliance, there aside from my Nmap scans there are a few things I've wanted to keep jotted down. This section contains my notes.
Below are some basic commands to use while performing segmentation testing. It should be noted that these should be modified in order to be more thorough.
ICMP
nmap -sn $subnet -oA ICMP_Check
TCP
nmap -sS -Pn -p- $subnet -oA TCP_Scan
UDP
nmap -sU -Pn --top-ports 1000 $subnet -oA UDP_Scan
IPv6
nmap -6 $ipv6address -oA IPv6_Scan
Reporting
The following table is an example of how to report the results of a segmentation test:
10.1.1.1
53
tcp
DNS
10.2.2.2
80
tcp
HTTP
10.3.3.3
445
tcp
SMB
Notes
When performing a segmentation test against FortiGate devices, port 113/TCP may appear against every host as:
closed
. This is not a firewall misconfiguration. This documentation details more on this issue.When a port appears as
open|filtered
after performing a UDP scan, try running the following to verify if it is open:
nmap -sUC -p $port $ipaddress
Segmentation tests should note all open ports regardless of the business use case. If a business needs a port open, jusitifcation should be provided in the report.
Last updated