Bypassing firewalls with Nmap
Most of the time during a pentest, we will come across systems protected by firewalls or Intrusion Detection Systems (IDS). The Nmap provides different ways to bypass these IDS/firewalls to perform port scans on a network. In this recipe, we will learn some of the ways we can bypass firewalls.
TCP ACK scan
The ACK scan (-sA
) sends acknowledgment packets instead of SYN packets, and the firewall does not create logs of ACK packets as it will treat ACK packets as responses to SYN packets. It is mostly used to map the type of firewall being used.
How to do it...
The ACK scan was made to show unfiltered and filtered ports instead of open ones.
The command for ACK scan is:
nmap -sA x.x.x.x
Let's look at the comparison of how a normal scan differs from an ACK scan:
Here we see the difference between a normal scan and an ACK scan:
How it works...
The scan results of filtered and unfiltered ports depends on whether a firewall being used is stateful or stateless. A stateful firewall...