|
Firewall Wizards
mailing list archives
Re: FIN Scanning through all kind of packet-filtering firewalls?
From: Darren Reed <avalon () coombs anu edu au>
Date: Sat, 8 Nov 1997 20:09:37 +1100 (EDT)
In some mail from gary flynn, sie said:
From: <robert.stahlbrand () nmac ericsson se>
The FIN scanning method (presented in Phrack Magazine 49, article 15)
where you can scan for open ports on a host behind a packet-filtering
firewall even though your rules denys it is certainly working on
Checkpoint ver. 2.1(a)
[...]
I'm not familiar with Checkpoint but any packet filter that is
filtering on a destination port is going to toss the packet
regardless of the SYN or any other flag unless there is some
special programming.
I wouldn't be so sure about that. Checkpoint's FW-1 will pass all
packets through with the ACK flag set (except, I think SYN-ACK)
but will strip the body of any data. They do this so that they can
rebuild state for a connection which has remained open over (say)
the firewall rebooting or connection information expiring. If the
reply packet was returned, anyway, there's your scan!
Darren
 By Date 
By Thread
Current thread:
- Re: FIN Scanning through all kind of packet-filtering firewalls? Darren Reed (Nov 08)
| 
Intro
