Firewall Responses Detection & Breaking The Firewalls
The behavior of packets and its responses explained last post has been noted by a number of firewall vendors. By understanding such enumerations, the have modified their security system’s for high anonymity by spoofing the source address of the RST/ACK packet to be that of the target host. As such, the response received by an inquisitive attacker is supposed to be a RST/ACK from the target, rather than the gateway.
This is, of course, uncertain as it implies that the packet has reached the target before being rejected, when we may have already assume that there is. But actually there is a gateway that is filtering the traffic.
Firewalls Break in Generally in modifies Firewall and Intrusion Detection Systems (IDS) environments, rather than denying unacceptable policies, they will simply drop the packet without any comment. As the scanner never receives a positive or negative response, there is no way of telling whether the packet did not reach the target because of network problems or whether the target no longer exists or if the packet was intentionally drop en route.
And this is where firewalls succeeds & hide from intruder the way network ports are responding and further attack chances are reduced. The resulting ambiguity and timeouts will slow down the scanning process, and prevent many tools from revealing information of any kind.
But this does not mean that this firewall is unbreakable, experiences one’s always have something strong in their hand named – Experience