issuhub.com

CEH

(Jeff_L) #1

382 Chapter 16 ■ Evading IDSs, Firewalls, and Honeypots


For the CEH exam, be sure to know your firewall types and what

distinguishes them from one another. Also be sure to know which layer of

the OSI model each operates at and why.

What’s That Firewall Running?


To determine a type of firewall and even a brand, you can use your experience with port

scanning and tools to build information about the firewall your target is running. By

identifying certain ports, you can link the results to a specific firewall and from that point

determine the type of attack or process to take in order to compromise or bypass the device.

Some firewalls such as Check Point FireWall-1 and Microsoft Proxy Server

listen on ports TCP 256–259 and TCP 1080 and 1745.

Fortunately we you can perform banner grabbing with Telnet to identify the service

running on a port. If you encounter a firewall that has specific ports running, that may help

in identification. It is possible to banner grab and see what is reported back.

Firewalking

Another effective way to determine the configuration of a firewall is through firewalking.

Firewalking may sound like a painful process and test of courage, but it is actually the

process of probing a firewall to determine the configuration of ACLs by sending TCP and

UDP packets at the firewall. The key to making this successful is the fact that the packets

are set to have one more hop in their time to live (TTL) in order to get them past the

firewall or elicit a response stating otherwise.

To perform a firewalk against a firewall, you need three components:

Firewalking Host The system, outside the target network, from which the data packets

are sent to the destination host, in order to gain more information about the target network

Gateway Host The system on the target network that is connected to the Internet,

through which the data packet passes on its way to the target network

Destination Host The target system on the target network that the data packets are

addressed to

The most popular tool for performing firewalking is the command-line tool

firewalk, but other tools are available that perform the same process.

Once you have used firewalking to gain information about the firewall and how it

responds to traffic and probes, the next step is to plan your attack. You may find it possible

to use tools such as packet crafters and port redirection to evade the configuration in place.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.