> From: <robert .
> The FIN scanning method (presented in Phrack Magazine 49, article 15)
> where you can scan for open ports on a host behind a packet-filtering
> firewall even though your rules denys it is certainly working on
> Checkpoint ver. 2.1(a)
What exactly do you mean by working? You must have some type of
filter that allows port communications if the sessions are
established internally like the Cisco "established" ACL.
I'm not familiar with Checkpoint but any packet filter that is
filtering on a destination port is going to toss the packet
regardless of the SYN or any other flag unless there is some
It may get to the router/firewall itself if its an output filter
or it may get through a Cisco-like "established" filter but I
don't think its going to get through anything else.
James Madison University