Here's a link to what firewalking is actually meant for:http://articles.techrepublic.com.com/51 ... 55357.html
Basically, the idea of firewalking is to send traffic with increased TTL (time to live) to they'll try to go PAST the firewall. This is effective in that, if a port is open on the firewall, you can get past the firewall, and enumerate services running on servers / machines sitting in the DMZ, or on the production network (if the DMZ isn't properly configured, or is not being used.)
It IS a popular technique, and I use it all the time, as do others, in testing the effectiveness of ACL's. Basically, you'll quickly find out if ACL's are only allowing traffic to the proper hosts behind the firewall, if they're blocking the traffic, or if they're not stopping anything, at all, and you start seeing responses from systems that SHOULDN'T be accessible from the public firewall / router interfaces.
It can be handy, as sometimes, you'll find a vulnerable machine / service sitting in there, that you wouldn't normally find through 'traditional' port scans and others, and it allows you to 'map out' the dmz, etc.
~ hayabusa ~
"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'
OSCE, OSCP , GPEN, C|EH