.

firewalking ?

<<

celord

Post Tue May 19, 2009 8:23 am

firewalking ?

Hello, this the my first topic:  :)
  I would like to know about firewallking, and google doesn't want to help me, I have read that that it is used to test ACLs and firewalls, but how? is it a "popular" technique ? And the site of the firewalk is down  :(
 
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue May 19, 2009 9:03 am

Re: firewalking ?

Here's a link to what firewalking is actually meant for:

http://articles.techrepublic.com.com/51 ... 55357.html

Basically, the idea of firewalking is to send traffic with increased TTL (time to live) to they'll try to go PAST the firewall.  This is effective in that, if a port is open on the firewall, you can get past the firewall, and enumerate services running on servers / machines sitting in the DMZ, or on the production network (if the DMZ isn't properly configured, or is not being used.)

It IS a popular technique, and I use it all the time, as do others, in testing the effectiveness of ACL's.  Basically, you'll quickly find out if ACL's are only allowing traffic to the proper hosts behind the firewall, if they're blocking the traffic, or if they're not stopping anything, at all, and you start seeing responses from systems that SHOULDN'T be accessible from the public firewall / router interfaces.

It can be handy, as sometimes, you'll find a vulnerable machine / service sitting in there, that you wouldn't normally find through 'traditional' port scans and others, and it allows you to 'map out' the dmz, etc.

HTH.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue May 19, 2009 9:07 am

Re: firewalking ?

Additionally, here's another useful link for firewall testing, which talks about firewalking, nmap and a few other tools for use in the process:

http://www.vesaria.com/Firewall/Testing ... hacker.php
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

celord

Post Wed May 20, 2009 11:02 am

Re: firewalking ?

Great I see that It is a technique that must or should be used as a complement with of an nmap scan
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Wed May 20, 2009 10:41 pm

Re: firewalking ?

As an aside, the countermeasure for this is to disable outbound ICMP_TIME_EXCEEDED or just icmp in general.
twitter.com/timmedin | http://blog.securitywhole.com
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Tue May 26, 2009 7:55 am

Re: firewalking ?

timmedin wrote:As an aside, the countermeasure for this is to disable outbound ICMP_TIME_EXCEEDED or just icmp in general.


If you disable the outbound ICMP you would also effect the internal users wanting to get out.  Is it an option to disable the inbound ICMP?  Granted, this would still allow an attacker internally from firewalking from an internal server to see what outbound ports are available on the firewall.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue May 26, 2009 8:49 pm

Re: firewalking ?

Blocking outbound ICMP won't have any affect on non-admin users. They aren't going to be using ping or any of the other ICMP functionality. They receive ICMP responses, but shouldn't send any ICMP messages.
twitter.com/timmedin | http://blog.securitywhole.com
<<

celord

Post Wed May 27, 2009 11:33 am

Re: firewalking ?

I see that the common thing to do is to block only incoming traffic from the outside and let all the outgoing icmp pass
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Wed May 27, 2009 2:39 pm

Re: firewalking ?

The Packetstorm page has the tools and guides for all things firewalk:


http://www.packetstormsecurity.org/UNIX/audit/firewalk/

=)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software