Ping a URL beyond a Firewall

esmorris62esmorris62 Junior MemberRegistered Users Posts: 1 ■□□□□□□□□□
In our class discussion this week, we are to ping our school's URL. Our firewall blocks inbound and outbound ping requests. My instructor is implying that I can bypass my firewall manually in order to retrieve a successful ping. Not that I am doubting him, but if it can be manually bypassed - then what is the use? Any help in helping me understand 1) how to do it and 2) what is the reason for allowing it to be manually bypassed?

Thank you.

Scott

Comments

  • rogue2shadowrogue2shadow Member Posts: 1,501 ■■■■■■■■□□
    The term "ping" is used loosely in my experience and can mean "seeing if a machine is up" or literally issuing ICMP echoes and waiting for replies. I might be able to kind of explain this from a "non-ping" (TCP) point of view if that makes any sense?

    If you were to use a tool such as hping3, you could create a TCP packet with either an ACK or FIN flag and based on whether or not you got a RST back, along with a scanning tool like NMAP, you would have a decent chance at guessing whether or not the firewall would accept that kind of pass through. (I advise you don't scan your school's webpage or craft packets against it).

    It also depends on the type of firewall that is administered (packet filtering vs stateful inspection).

    I think the general idea is if you fool the system into thinking a session was already established you will be able to get an inadvertent response due to RFCs requiring some sort of "answer" based on the foundation of the protocol. If ICMP echo replies are implicitly blocked from going outbound, the ping itself will occur but will be suppressed and you won't get an answer.

    If I'm wrong in any capacity please correct me guys :)
  • NightShade03NightShade03 Security Nut Member Posts: 1,383 ■■■■■■■□□□
    If I'm wrong in any capacity please correct me guys :)

    Nope you are dead on. I will just add that most sites block ICMP requests these days, usually because they rely on internal/external monitoring software to tell those that need to know (the NOC or IT dept) if the website is up or not.
  • QHaloQHalo DoWork Member Posts: 1,488
    Or you could just telnet to a known open port such as 80 or 443 and see if you get a response. I use it at work to check Citrix ICA/IMA, 1494 and 2512, services to see if they are active when troubleshooting issues. It's not ping but a way around ICMP blocking and a way to tell if a host is online.
  • L0gicB0mb508L0gicB0mb508 Cyber Ninja Member Posts: 538
    esmorris62 wrote: »
    In our class discussion this week, we are to ping our school's URL. Our firewall blocks inbound and outbound ping requests. My instructor is implying that I can bypass my firewall manually in order to retrieve a successful ping. Not that I am doubting him, but if it can be manually bypassed - then what is the use? Any help in helping me understand 1) how to do it and 2) what is the reason for allowing it to be manually bypassed?

    Thank you.

    Scott

    Do a Google search on Hping.
    I bring nothing useful to the table...
Sign In or Register to comment.