Options
CEH Exam questions help !!
Hi guys really appreciate a help
TCP NULL scan Using Hping , Can this bypass a firewall ?
TCP NULL scan Using Hping , Can this bypass a firewall ?
Comments
-
OptionsJDMurray Admin Posts: 13,031 AdminYes or no depending on how the firewall is configured.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Optionsoanise93 Member Posts: 6 ■□□□□□□□□□If asked on the exam, I would answer yes, but like JD said in the real world yes and no.
-
Optionshinanaz85 Member Posts: 14 ■□□□□□□□□□JDMurry can you plkease explain because i configured Cisco ASA and try to run Hping to the server inside but no luck .
-
OptionsArchon Member Posts: 183 ■■■□□□□□□□Would it help if you mentioned the rules that were setup in the firewall?
-
OptionsJDMurray Admin Posts: 13,031 AdminA TCP NULL packet has no TCP flags set. This is an illegal configuration in that "no flags" is undefined in the TCP specification (RFC 793). Modern security gateways will automatically reject TCP NULL packets as a bad packet. You may be able to configure a security gateway to allow TCP NULL packets. TCP NULL scans are used to determine the type of TCP stack used by a network port and not for sneaking packets past a (modern) firewall.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Optionshinanaz85 Member Posts: 14 ■□□□□□□□□□Thnaks JDMurry really helpful . I this it is default part of Adaptive applicane algorham in ASA
-
OptionsJDMurray Admin Posts: 13,031 AdminI found a case where a firewall would need to be configured to allow TCP NULL packets. It seems that there are some Linux (and possibly UNIX as well) TCP/IP stacks that accepts NULL packets as if they were ACK packets, although this behavior is not specified in RFC 793. I'm guessing someone made an accidental coding error (or a deliberate decision) when the stack was written and it became a feature that would break backward compatibility it is were "fixed."
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray