4. Scan beyond Firewalls and IDS

IDSs and firewalls are efficient security mechanisms; however, they still have some security limitations. You may be required to launch attacks to exploit these limitations using various IDS/firewall

Techniques to evade IDS/firewall:

  • Packet Fragmentation: Send fragmented probe packets to the intended target, which re-assembles it after receiving all the fragments

  • Source Routing: Specifies the routing path for the malformed packet to reach the intended target

  • Source Port Manipulation: Manipulate the actual source port with the common source port to evade IDS/firewall

  • IP Address Decoy: Generate or manually specify IP addresses of the decoys so that the IDS/firewall cannot determine the actual IP address

  • IP Address Spoofing: Change source IP addresses so that the attack appears to be coming in as someone else

  • Creating Custom Packets: Send custom packets to scan the intended target beyond the firewalls

  • Randomizing Host Order: Scan the number of hosts in the target network in a random order to scan the intended target that is lying beyond the firewall

  • Sending Bad Checksums: Send the packets with bad or bogus TCP/UDP checksums to the intended target

  • Proxy Servers: Use a chain of proxy servers to hide the actual source of a scan and evade certain IDS/firewall restrictions

  • Anonymizers: Use anonymizers that allow them to bypass Internet censors and evade certain IDS and firewall rules

1. Various Firewall Evasion techniques with nmap

Fragmented scan

nmap -f 192.168.18.110

Use common source ports

nmap -g 80 192.168.18.110

It used a common port to send the traffic. So, it evades firewall.

Sending smaller packets to scan

nmap --mtu 8 192.168.18.110

it fragments the packets (maximum 8 bytes size)

Decoy scan

nmap -D RND:10 192.168.18.110

decoy hides the actual source IP in a number of random IP addresses to hide the actual identity.

Spoof mac

nmap -sT -Pn --spoof-mac 0 192.168.18.110

-sT TCP scan

-Pn do not perform host discovery

--spoof-mac randomize the mac address

2. Colasoft packet builder to avoid AV

LogoPacket Builder for Network Engineer - Colasoft

3. Custom packet in Hping3

hping3 --udp --rand-source --data 500 192.168.18.110

--data specifies the packet body size

hping3 -S -p 80 -c 5 192.168.18.110

-S is for syn scan

-p port number

-c number of packets

Flood/ DDOS with Hping3

hping3 192.168.18.110 --flood

4. Browse anonymously with proxy switcher

LogoAnonymous Browsing via Proxy Servers with Proxy Switcher

5.Browse anonymously with cyber Ghost

LogoFast, Secure & Anonymous VPN service | CyberGhost VPN
LogoCertified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Previous3. Perform OS DiscoveryNext5. Network scanning using various tools

Last updated

Was this helpful?