Advanced Techniques
Although we have mentioned techniques for identifying and possiblycircumventing a network security device such as a firewall, we will
now examine more advanced techniques for coaxing information from
a gateway.
Pinging Firewalled Hosts
Whilst standard ICMP pings will often be filtered at some gateways,
there are other techniques for identifying viable target hosts.
By using a tool such as nmap, or even manual techniques given time,
we may systematically probe the target IP range for hosts listening on
specific ports. For example, sweeping the IP range on TCP ports 80 and
443 will detect web servers, whilst scanning on TCP/21 should find any
FTP servers. Since the service ports must be open through a Firewall for
the service to function, by probing known service ports we may find
extra hosts despite our ICMP echo/replies being barred.
Advanced Traceroute
We have already discussed that traceroute may operate on ICMP or
UDP packets, and that both should be used because filters and other
devices may react differently to the different types of traffic.
Traceroute also provides options to vary the source port of a UDP scan,
which provides useful opportunities for at least partially penetrating
the firewall.
No comments:
Post a Comment