Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: Bypassing the firewall

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    161

    Bypassing the firewall

    is there a way to bypass a firewall to detect the internal network. using tools like nmap and nessus

    here is what i get when i try to scan a target that uses a firewall

    Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-12-26 21:44 EST
    Note: Host seems down. If it is really up, but blocking our ping probes, try -P0Nmap run completed -- 1 IP address (0 hosts up) scanned in 16.064 seconds


    yet when i ping the target i get this

    bash-2.05b# ping 204.118.xxx.xxx
    PING 204.118.xxx.xxx (204.118.xxx.xxx) 56(84) bytes of data.
    64 bytes from 204.118.xxx.xxx: icmp_seq=5760 ttl=50 time=62.3 ms
    64 bytes from 204.118.xxx.xxx: icmp_seq=5761 ttl=50 time=64.3 ms
    64 bytes from 204.118.xxx.xxx: icmp_seq=5762 ttl=50 time=62.3 ms
    64 bytes from 204.118.xxx.xxx: icmp_seq=5763 ttl=50 time=61.3 ms

  2. #2
    Member
    Join Date
    Nov 2003
    Posts
    33
    How do we know that you are not auditing your computer. You cant have a job because you are under 13. So you dont have many comps to work around. So why do you want to bypass a firewall???
    There are 10 kinds people on Earth.
    Those who know Binary and those who dont.

    [flip]4675636B207468652064616D6E20626C6F6F6479206861636B65642D757020776F726C6400[/flip]

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    You're under 13 god? Hmm, they start early these days.

    Couple of things to look at:

    - Can you traceroute to the host? If not what hop does the traceroute die at? Also try a tracert from
    a Windows box as it uses ICMP instead of TCP to do the trace. (You can also try 'pathping' if you
    have an XP box handy)
    - Read the NMAP Docs, there is some really good firewall related scanning material in there.
    - Try doing a slower scan (explained in the NMAP Docs), many networks with a good IDS implemented
    will just drop your traffic if you are doing anything too agressive.
    - If you don't know the network, _always_ assume there is one or more NIDS (possibly on the border routers, and the target gateway).
    You can determine for certain the presence of a NIDS later, but these days this assumption is a safe bet.

    Just be cool with your scans, a lot of people get pissed about them (for good reason), so keep that in mind.

    -- spurious

    [Edit] This is a valid security question, and whomever gave god neg's, a piece of coal to you.
    Get OpenSolaris http://www.opensolaris.org/

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    thanks spurious_inode, i am not sure about the 13 thing this is not my age, and from where did you get that from leapinglangoor.

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795

    Thumbs down This is not the place to be asking these types of questions!

    is there a way to bypass a firewall to detect the internal network. using tools like nmap and nessus

    here is what i get when i try to scan a target that uses a firewall

    I think xmaddness says it best
    We are a community that is here to help teach people how to secure their networks, not how to hack into them.
    These types of questions normally get negged What your asking is pretty much assist you in a malicious act. Hope this helps Computer Nerd22

  6. #6
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    i am not trying to hack anything, i am just asking is it possible??

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    I have a problem with the basic idea that if someone asks a question that involves real security as does
    this post, the legions of neg-happy hordes all come out of the woods to dish out little red dots. This is total
    bullshit. What is it about actual security realted topics, like how to scan through a firewall, etc. that scares
    people; this is a security site correct?

    Face it folks, real security involves things like firewall testing and other things that go bump in the night.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  8. #8
    Member
    Join Date
    Nov 2003
    Posts
    33
    Look at your profile, it says "AntiOnline Jr. Member" --- You are under 13 if your birth year is above 1990.
    There are 10 kinds people on Earth.
    Those who know Binary and those who dont.

    [flip]4675636B207468652064616D6E20626C6F6F6479206861636B65642D757020776F726C6400[/flip]

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    I assume you are kidding. If not, please note that 'AntiOnline Jr. Member' is a title in reference to the number of
    posts that the member has made. I am 32, and my title is 'AntiOnline Jr. Member' because I have not yet reached
    170 posts.

    Honest mistake since the the sign-up makes the distiction between >= 13 and <= 13.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

  10. #10
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    Birthday 0000-00-00

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •