CEH Exam questions help !!

hinanaz85hinanaz85 Member Posts: 14 ■□□□□□□□□□
Hi guys really appreciate a help

TCP NULL
scan Using Hping , Can this bypass a firewall ?

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,896 Admin
    Yes or no depending on how the firewall is configured.
  • oanise93oanise93 Member Posts: 6 ■□□□□□□□□□
    If asked on the exam, I would answer yes, but like JD said in the real world yes and no.
  • hinanaz85hinanaz85 Member Posts: 14 ■□□□□□□□□□
    JDMurry can you plkease explain because i configured Cisco ASA and try to run Hping to the server inside but no luck .
  • ArchonArchon Member Posts: 183 ■■■□□□□□□□
    Would it help if you mentioned the rules that were setup in the firewall?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,896 Admin
    A TCP NULL packet has no TCP flags set. This is an illegal configuration in that "no flags" is undefined in the TCP specification (RFC 793). Modern security gateways will automatically reject TCP NULL packets as a bad packet. You may be able to configure a security gateway to allow TCP NULL packets. TCP NULL scans are used to determine the type of TCP stack used by a network port and not for sneaking packets past a (modern) firewall.
  • hinanaz85hinanaz85 Member Posts: 14 ■□□□□□□□□□
    thats would be really helpful
  • hinanaz85hinanaz85 Member Posts: 14 ■□□□□□□□□□
    Thnaks JDMurry :) really helpful . I this it is default part of Adaptive applicane algorham in ASA
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,896 Admin
    I found a case where a firewall would need to be configured to allow TCP NULL packets. It seems that there are some Linux (and possibly UNIX as well) TCP/IP stacks that accepts NULL packets as if they were ACK packets, although this behavior is not specified in RFC 793. I'm guessing someone made an accidental coding error (or a deliberate decision) when the stack was written and it became a feature that would break backward compatibility it is were "fixed."
Sign In or Register to comment.