homework_4

homework_4 - Jose Ortiz Jr IT 430 Homework 4 April 7 2009 1...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Jose Ortiz Jr. IT 430 Homework 4 April 7, 2009 1) Discuss two ways to determine which ports are allowed through a firewall and which ports are filtered in the context of a penetration test. Two popular methods of ascertaining the configuration of a firewall are ACK scans and Firewalking. In an ACK scan, TCP packets are sent to each port, with the ACT bit set. Firewalls typically respond to unfiltered ports with a TCP packet that has the RST bit set. Most firewalls do not respond to filtered ports. By recording the RST packets that are returned from a firewall, you can assess what services might be running on the inside of a network. For example, if you get a RST packet for a scan of TCP port 80, you know that a web server is likely on the inside of the network because web traffic uses TCP port 80. The second method of determining the firewall configuration is firewalking. Firewalking depends on the firewall generating an ICMP TTL expired message. As packet goes through a firewall, the firewall decrements the IP TTL field by 1. When the TTL get to 0, tan ICMP TTL expired message is return to the sender. Firewalking sends packets to a firewall with a TTL set to one more than the TTL necessary to get to the firewall. One packet is sent for each port you want to test. If a port is being filtered, you receive no response because the packet will be dropped If a port is unfiltered, the firewall decrement the TTL by one. Because the packet is sent with a TTL and ICMP TTL expired message back to you. By listening to the ICMP TTL messages, you can begin to map out the rule set on the firewall. For each ICMP TTL message you receive, you can list that port as being unfiltered. 2) Discuss several methods used to bypass a firewall in the context of a penetration
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 3

homework_4 - Jose Ortiz Jr IT 430 Homework 4 April 7 2009 1...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online