CEH Exam questions help !!

hinanaz85

Hi guys really appreciate a help

TCP NULL scan Using Hping , Can this bypass a firewall ?

JDMurray

Yes or no depending on how the firewall is configured.

oanise93

If asked on the exam, I would answer yes, but like JD said in the real world yes and no.

hinanaz85

JDMurry can you plkease explain because i configured Cisco ASA and try to run Hping to the server inside but no luck .

Archon

Would it help if you mentioned the rules that were setup in the firewall?

JDMurray

A TCP NULL packet has no TCP flags set. This is an illegal configuration in that "no flags" is undefined in the TCP specification (RFC 793). Modern security gateways will automatically reject TCP NULL packets as a bad packet. You may be able to configure a security gateway to allow TCP NULL packets. TCP NULL scans are used to determine the type of TCP stack used by a network port and not for sneaking packets past a (modern) firewall.

hinanaz85

thats would be really helpful

hinanaz85

Thnaks JDMurry really helpful . I this it is default part of Adaptive applicane algorham in ASA

JDMurray

I found a case where a firewall would need to be configured to allow TCP NULL packets. It seems that there are some Linux (and possibly UNIX as well) TCP/IP stacks that accepts NULL packets as if they were ACK packets, although this behavior is not specified in RFC 793. I'm guessing someone made an accidental coding error (or a deliberate decision) when the stack was written and it became a feature that would break backward compatibility it is were "fixed."