4. Scan beyond Firewalls and IDS

IDSs and firewalls are efficient security mechanisms; however, they still have some security limitations. You may be required to launch attacks to exploit these limitations using various IDS/firewall

Techniques to evade IDS/firewall:

Packet Fragmentation: Send fragmented probe packets to the intended target, which re-assembles it after receiving all the fragments
Source Routing: Specifies the routing path for the malformed packet to reach the intended target
Source Port Manipulation: Manipulate the actual source port with the common source port to evade IDS/firewall
IP Address Decoy: Generate or manually specify IP addresses of the decoys so that the IDS/firewall cannot determine the actual IP address
IP Address Spoofing: Change source IP addresses so that the attack appears to be coming in as someone else
Creating Custom Packets: Send custom packets to scan the intended target beyond the firewalls
Randomizing Host Order: Scan the number of hosts in the target network in a random order to scan the intended target that is lying beyond the firewall
Sending Bad Checksums: Send the packets with bad or bogus TCP/UDP checksums to the intended target
Proxy Servers: Use a chain of proxy servers to hide the actual source of a scan and evade certain IDS/firewall restrictions
Anonymizers: Use anonymizers that allow them to bypass Internet censors and evade certain IDS and firewall rules

1. Various Firewall Evasion techniques with nmap

Fragmented scan

nmap -f 192.168.18.110

Use common source ports

nmap -g 80 192.168.18.110

It used a common port to send the traffic. So, it evades firewall.

Sending smaller packets to scan

nmap --mtu 8 192.168.18.110

it fragments the packets (maximum 8 bytes size)

Decoy scan

nmap -D RND:10 192.168.18.110

decoy hides the actual source IP in a number of random IP addresses to hide the actual identity.

Spoof mac

nmap -sT -Pn --spoof-mac 0 192.168.18.110

-sT TCP scan

-Pn do not perform host discovery

--spoof-mac randomize the mac address

2. Colasoft packet builder to avoid AV

Packet Builder for Network Engineer - Colasoftwww.colasoft.com

3. Custom packet in Hping3

hping3 --udp --rand-source --data 500 192.168.18.110

--data specifies the packet body size

hping3 -S -p 80 -c 5 192.168.18.110

-S is for syn scan

-p port number

-c number of packets

Flood/ DDOS with Hping3

hping3 192.168.18.110 --flood

4. Browse anonymously with proxy switcher

Anonymous Browsing via Proxy Servers with Proxy Switcherwww.proxyswitcher.com

5.Browse anonymously with cyber Ghost

Fast, Secure, & Private VPN Service | CyberGhost VPNwww.cyberghostvpn.com

Exam Prep & Training for CEH Practical (Unofficial Course)Udemy

Previous3. Perform OS Discovery Next5. Network scanning using various tools

Last updated 1 year ago

hashtag1. Various Firewall Evasion techniques with nmap

hashtagFragmented scan

hashtagUse common source ports

hashtagSending smaller packets to scan

hashtagDecoy scan

hashtagSpoof mac

hashtag2. Colasoft packet builder to avoid AV

hashtag3. Custom packet in Hping3

hashtagFlood/ DDOS with Hping3

hashtag4. Browse anonymously with proxy switcher

hashtag5.Browse anonymously with cyber Ghost