Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 51 views

    Evading Firewalls: Firewall Identification

    Uploaded by

    Karen Garza
    The document discusses several techniques that attackers use to evade firewalls and gain unauthorized access to networks, including port scanning to identify open ports, firewalking to map network topology, banner grabbing to obtain version information, and IP spoofing. It also covers methods for bypassing firewall restrictions such as using proxy servers, tunneling traffic over protocols like HTTP and SSH that firewalls often allow, and hijacking external user sessions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Evading Firewalls: Firewall Identification

    Uploaded by

    Karen Garza
    51 views2 pages
    The document discusses several techniques that attackers use to evade firewalls and gain unauthorized access to networks, including port scanning to identify open ports, firewalking to map network topology, banner grabbing to obtain version information, and IP spoofing. It also covers methods for bypassing firewall restrictions such as using proxy servers, tunneling traffic over protocols like HTTP and SSH that firewalls often allow, and hijacking external user sessions.

    Original Description:

    hacking

    Original Title

    CEH V10-55-2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses several techniques that attackers use to evade firewalls and gain unauthorized access to networks, including port scanning to identify open ports, firewalking to map network topology, banner grabbing to obtain version information, and IP spoofing. It also covers methods for bypassing firewall restrictions such as using proxy servers, tunneling traffic over protocols like HTTP and SSH that firewalls often allow, and hijacking external user sessions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    51 views2 pages

    Evading Firewalls: Firewall Identification

    Uploaded by

    Karen Garza
    The document discusses several techniques that attackers use to evade firewalls and gain unauthorized access to networks, including port scanning to identify open ports, firewalking to map network topology, banner grabbing to obtain version information, and IP spoofing. It also covers methods for bypassing firewall restrictions such as using proxy servers, tunneling traffic over protocols like HTTP and SSH that firewalls often allow, and hijacking external user sessions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 2

    Evading Firewalls

    Firewall Identification
    Identification of firewall includes firewall fingerprinting to obtain sensitive
    information such as open ports, version information of services running in a network,
    etc. This information is extracted by different techniques such as Port scanning, Fire-
    walking, Banner grabbing, etc.

    Port Scanning
    Port Scanning is the examination procedure that is mostly used by the attackers to
    identify the open port. However, it may also be used by the legitimate users. Port
    scanning it does not always lead to an attack as it used by both of them. However, it is
    a network reconnaissance that can be used before an attack to collect information. In
    this scenario, special packets are forwarded to a particular host, whose response is
    examined by the attacker to get information regarding open ports.

    Fire-walking
    Fire-walking is a technique in which an attacker, using ICMP packet find out the
    location of firewall and network map by probing the ICMP echo request with TTL
    values exceeding one by one. It helps the attacker to find out a number of hops.

    Banner Grabbing
    Banner grabbing is another technique in which information from a banner is grabbed.
    Different devices such as routers, firewalls, and web server even display a banner in
    the console after login through FTP, telnet. Vendor information for a target device and
    firmware version information can be extracted using banner grabbing.

    IP Address Spoofing
    As defined earlier in the workbook, IP Address Spoofing is a technique, that is used to
    gain unauthorized access to machines by spoofing IP address. An attacker illicitly
    impersonates any user machine by sending manipulated IP packets with spoofed IP
    address. Spoofing process involves modification of header with a spoofed source IP
    address, a checksum, and the order values.

    Source Routing
    Source routing is a technique of sending the packet via selected route. In session
    hijacking, this technique is used to attempt IP spoofing as a legitimate host with the
    help of Source routing to direct the traffic through the path identical to the victim's
    path.
    By passing Techniques
    Bypassing Blocked Sites Using IP Address
    In this technique, Blocked Website in a network is accessed using IP address. Consider
    a firewall blocking the incoming traffic destined to a particular domain. It can be
    accessed by typing IP address in URL instead of entering domain name unless IP
    address is also configured in access control list.

    Page 381 of 503


    Bypass Blocked Sites Using Proxy
    Accessing the blocked websites using a proxy is very common. There are a lot of online
    proxy solution available which hide your actual IP address to allow to access restricted
    websites.

    Bypassing through ICMP Tunneling Method


    ICMP tunneling is a technique of injecting arbitrary data in the payload of echo packet
    and forwarded to target host. ICMP tunneling functions on ICMP echo requests and
    reply packets. Basically using this ICMP tunneling, TCP communication is tunneled
    over ping request and replies because payload field of ICMP packets are not examined
    by most of the firewalls, whereas some network administrators allow ICMP because of
    troubleshooting purpose.

    Bypassing Firewall through HTTP Tunneling Method


    HTTP tunneling is another way to bypass firewalls. Consider a company with a web
    server listening traffic on port 80 for HTTP traffic. HTTP tunneling allows the attacker
    to despite the restriction imposed by the firewall by encapsulating the data in HTTP
    traffic.
    The firewall will allow the port 80; an attacker may perform the various task by hiding
    into HTTP such as using FTP via HTTP protocol.
    HTTP Tunneling Tools
     HTTPort
     HTTHost
     Super Network Tunnel
     HTTP-Tunnel
    Bypassing through SSH Tunneling Method
    OpenSSH is an encryption protocol that is basically used for securing the traffic from
    different threats and attacks such as eavesdropping, hijacking, etc. SSH connection is
    mostly used by applications to connect to the application servers. The attacker uses
    OpenSSH to encrypt the traffic to avoid detection by security devices.

    Bypassing Firewall through External Systems


    Bypassing through the external system is a process of hijacking a session of a
    legitimate user of a corporate network which is allowed to connect to an external
    network. An attacker can easily sniff the traffic to extract the information, stealing
    SessionID, cookies and impersonate him to bypass the firewall. An attacker can also
    infect the external system used by the legitimate user with malware or Trojan to steal
    information.

    Page 382 of 503

    You might also like