Firewalls: Re: FIN Scanning through all kind of packet-filtering firewalls?

Firewalls
(November 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: FIN Scanning through all kind of packet-filtering firewalls?
From:	gary flynn <gary @ habanero . jmu . edu>
Date:	Fri, 7 Nov 1997 15:06:19 -0500
To:	firewalls @ GreatCircle . COM, owner-firewalls-list @ GreatCircle . COM

> From: <robert .
 stahlbrand @
 nmac .
 ericsson .
 se>
> 
> The FIN scanning method (presented in Phrack Magazine 49, article 15)
> where you can scan for open ports on a host behind a packet-filtering
> firewall even though your rules denys it is certainly working on
> Checkpoint ver. 2.1(a) 

What exactly do you mean by working? You must have some type of
filter that allows port communications if the sessions are
established internally like the Cisco "established" ACL. 

I'm not familiar with Checkpoint but any packet filter that is
filtering on a destination port is going to toss the packet
regardless of the SYN or any other flag unless there is some
special programming.

It may get to the router/firewall itself if its an output filter
or it may get through a Cisco-like "established" filter but I
don't think its going to get through anything else.

Gary Flynn
Network Analyst
James Madison University

Follow-Ups:

Re: FIN Scanning through all kind of packet-filtering firewalls?
From: Darren Reed <avalon @ coombs . anu . edu . au>

Indexed By Date	Previous:	Re: [ANNOUNCE] NASA Computer Security Conference From: Information Security <guy @ panix . com>
Indexed By Date	Next:	Extensions to Radius From: Eric Vanuska <vanuskae @ halsp . hitachi . com>
Indexed By Thread	Previous:	FIN Scanning through all kind of packet-filtering firewalls? From: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>
Indexed By Thread	Next:	Re: FIN Scanning through all kind of packet-filtering firewalls? From: Darren Reed <avalon @ coombs . anu . edu . au>