We normally use 5 packets the tcp connection method

Info icon This preview shows pages 5–7. Sign up to view the full content.

View Full Document Right Arrow Icon
(We normally use 5 packets.) The TCP connection method is much slower, because the connection must wait to time out before it determines a host is unreachable. Some firewalls, however, will block ICMP echo requests, but not TCP connections to internal hosts. Every host that responds is a potential port of entry to the target's internal networks. Once the team builds a list of potential targets, they should scan each host to determine the particular services that are run on each. This time-consuming process requires attempting to make a connection to each TCP port on each target machine. Ports that have services running on them are listed on the host used by the testing team. Layer 3 - Attack and Penetration
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Our methodology dictates that once the testing team has a list of hosts and services, they then launch attacks on the target firewall and the network it protects. This stage of activity, therefore, involves two distinct types of attacks. Network attackers often defeat firewalls by gaining shell access (perhaps even root access) to the firewall, or using remote services available through the firewall to change critical configuration files or corrupt services that the firewall runs. The first set of attacks is thus directed against the firewall itself. The second attacks are against hosts within the security perimeter that the firewall and possibly other components are supposed to create; the purpose of these attacks to determine how well the firewall screens these incoming attack attempts. For the sake of ethical considerations 4 , we will not describe the specific attack methods we use in Layers 3 and 4. Suffice it to say that a firewall's bastion host often runs services (for example., the mail daemon) that are not adequately secured. These services are the first targets of our attacks. For example, we have found firewalls that run a stock Sun lpd program, a very susceptible target. Many firewalls have a vulnerability in syslogd that can be exploited. Other services may also be vulnerable. Other firewalls allow telnet connections from IP addresses external to the network, and, worse yet, have numerous active accounts that should have been disabled, but were not. Even if a firewall is resistant to penetration from an external location, internal hosts and even hosts in the DMZ are often accessible from outside the network. Firewall construction doctrine dictates that any host in the DMZ, such as the ftp or www server, should be expendable systems (that is, breaching their security mechanisms should not put the network at greater risk). Experience shows, however, that these expendable hosts are too often trusted by the firewall in some fashion. We have, furthermore, also found firewalls that are NFS-mountable by hosts within the DMZ or are in some other manner vulnerable because of relationships with hosts within this area. Any host within the DMZ is a good potential vehicle for directly accessing the firewall in addition to internal hosts .
Image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern