MODULE 5:- Scanning Network and Vulnerability
- Introduction of port Scanning – Penetration testing
- TCP IP header flags list
- Examples of Network Scanning for Live Host by Kali Linux
- important nmap commands in Kali Linux with Example
- Techniques of Nmap port scanner – Scanning
- Nmap Timing Templates – You should know
- Nmap options for Firewall IDS evasion in Kali Linux
- commands to save Nmap output to file
- Nmap Scripts in Kali Linux
- 10 best open port checker Or Scanner
- 10 hping3 examples for scanning network in Kali Linux
- How to Install Nessus on Kali Linux 2.0 step by step
- Nessus scan policies and report Tutorial for beginner
- Nessus Vulnerability Scanner Tutorial For beginner
What is a firewall?
Firewall is a software or hardware to protect private network from public network. If hacker make activity to scan network, these methods are discarded by Firewall. so this is most important for hackers and Pentester to scan the network without being caught. If you can bypass firewall then you are safe. In this tutorial you will learn how to bypass and test firewall.
Best nmap options to bypass firewall
During penetration testing, you may encounter a system that is using firewall and IDS to protect the system. If you just use the default settings, your action may get detected or you may not get the correct result from Nmap. The following options may be used to help you evade the firewall/IDS:
• -f (fragment packets):
This purpose of this option is to make it harder to detect the packets. By specifying this option once, Nmap will split the packet into 8 bytes or less after the IP header.
With this option, you can specify your own packet size fragmentation. The Maximum Transmission Unit (MTU) must be a multiple of eight or Nmap will give an error and exit.
• -D (decoy):
By using this option, Nmap will send some of the probes from the spoofed IP addresses specified by the user. The idea is to mask the true IP address of the user in the logfiles. The user IP address is still in the logs. You can use RND to generate a random IP address or RND:number to generate the <number> IP address. The hosts you use for decoys should be up, or you will flood the target. Also remember that by using many decoys you can cause network congestion, so you may want to avoid that especially if you are scanning your client network.
• –source-port <portnumber> or –g (spoof source port):
This option will be useful if the firewall is set up to allow all incoming traffic that comes from a specific port.
This option is used to change the default data length sent by Nmap in order to avoid being detected as Nmap scans.
This option is usually set to one in order to instruct Nmap to send no more than one probe at a time to the target host.
• –scan-delay <time>:
This option can be used to evade IDS/IPS that uses a threshold to detect port scanning activity. You may also experiment with other Nmap options for evasion as explained in the Nmap manual (http://nmap.org/book/man-bypass-firewalls-ids.html).