How to bye pass Firewall

How to bye pass Firewall

To bye pass the Firewall

you must know the firewall identification means full information about Firewall like type , version , and rules of almost every firewall on a Network.

How to bye pass Firewall
How to bye pass Firewall

These are three technique for Firewall Identification

 

  • Port scanning
  • Firewalking
  • Banner grabbing

Port Scanning (How to bye pass Firewall)

Some firewalls have obvious signatures
  • Check Point’s FireWall-1 listens on TCP ports 256, 257, 258, and 259
  • Check Point NG listens on TCP ports 18210, 18211, 18186, 18190, 18191, and 18192 as well
  • Microsoft’s Proxy Server usually listens on TCP ports 1080 and 1745

Here we are providing you , the ways by which you can conceal your Scanning

  • Randomize target ports
  • Randomize target addresses
  • Randomize source ports
  • Distributed source scans
  • Using multiple computers on the Internet, each taking a small portion of the scanning targets
These techniques will fool most IDS systems with default rules.
And here are the Countermeasure of above
  • Block unneeded ICMP packets at your border router
  • Use an Intrusion Detection System, such as Snort
  • IPPL is a Linux daemon that detects port scans (link Ch 901)
  • Cisco routers have ACL rules to block scans

Firewalking (How to bye pass Firewall)

Firewalking is a method to collect information from remote network that are behind firewalls. Firewalk Looks Through a  Firewall

How to bye pass Firewall
How to bye pass Firewall
 In above figure  , Suppose The target is Router3
We want to know which ports Router3 blocks, and which ports it allows through.
Phase 1: Hopcount Ramping
  1. First Firewalk sends out a series of packets towards the destination with TTL=1, 2, 3, …
  2. When the target (Router3) is reached, that determines the TTL for the next phase
  3. In this example, the Target is at TTL=3, so all future packets will use TTL=4

 

Phase 2: Firewalking

  1. TCP or UDP paclets are sent from the scanning host to the Destination
  2. They all have TTL=4

Firwalking Countermesure

  • You can block “ICMP TTL expired” packets at the gateway
  • But this may negatively affect its performance
  • Because legitimate clients connecting will never know what happened to their connection

Banner Grabbing

Banner are messages sent out by network services while connecting to the service.They announce which service is running on System

Banner grabbing is simple method of OS detection, its also help to find services runs by Firewall. there are three measure services send out through it is TELNET , FTP and Web Server.

Banner Grabbing Countermeasures

  • Eliminate the open port on your firewall
– A management port should not be open externally anyway
  • If you must leave the ports open on the external interface of your firewall
–Change the banner to display a legal warning reminding the offender that all attempts to connect will be logged

How to bye pass Firewall

Breaching  Firewall

Byepassing a firewall using HTTP Tunnel

Placing Backdoors through Firewall

Hiding behind a Covert channel : Loki

The above topic and tools to bye pass firewall cover in next post as How to bye pass Firewall 2

FIREWALL

This post  will familiarize you with Firewall , bypass the firewall and tools to bye pass it.

WHAT IS FIRE WALL?

A hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization

It restricts information that comes to your computer from other computers, giving you more control over the data on your computer and providing a line of defense against people or programs that try to connect to your computer without invitation.

In fact, that’s why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.

what is firewall
what is firewall

Firewall objective

Its main objectives are to filter:
what should come in the intranet (inbound traffic) and
what should come out of the intranet (outbound traffic).

what is firewall
what is firewall

TYPES OF FIREWALL

Packet Filtering Firewall : They are usually part of a router and each packet is compared to a set of criteria before it is forwarded, dropped, or a message is sent to the originator.

what is firewall
what is firewall

Circuit level Gateway : they monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. On the other hand, they do not filter individual packets.

what is firewall
what is firewall

Application level gateways : also called proxies, are application specific. An application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. They offer a high level of security, but have a significant impact on network performance.

application-level-gateway

 

Stateful Multilayer Firewalls : combine aspects of the other three types of firewalls. They filter packets at the network layer and evaluate contents of  packets at the application layer. They allow direct connection between client and host, and they rely on algorithms to recognize and process application layer data instead of running application specific proxies.

 

Network-performance-firewall

Firewall defense your network using one of two access denial methodologies:

  • may allow all traffic through unless it meets certain criteria, or
  • may deny all traffic unless it meets certain criteria

And Criteria to be configured for  firewall

  • PROTOCOL.
  • DOMAIN NAME.
  • PORTS
  • IP ADDRESS

criteria-for-firewall

So these are four criteria on which your network should be defensed by Anti virus. The next post will be on How to bye pass Firewall