+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: Question about PenTesting and Nmap (/Thread-Question-about-PenTesting-and-Nmap)
Question about PenTesting and Nmap - BinarOper - 03-09-2018
Hello, i am doing some research on a few interesting topics about security and i have a question to ask.
Nmap provides a few tools and techniques that can be use to "evade" a firewall. Correct me if i am wrong but those techniques only work if the target's firewall is misconfigured. So what does a professional PenTester do if the firewall is not misconfigured or if he cannot "evade" said firewall? Are there other ways to port scan? Or does he not port scan at all and simply tries a different approach? And if so, what kind of approach?
You do not need to give me a tutorial, i am asking this for educational purposes so i only need "theory" not "practice". Thank you very much
!
RE: Question about PenTesting and Nmap - x n - 03-13-2018
Many of the firewall evasion techniques nmap provides don't rely so much on "misconfiguration" as they do a lack of a security control(s) being in place. Fragmented packets will only bypass things that don't queue IP fragments, decoy cloaking only bypasses stuff that doesn't implement router path tracing (and a couple other things), spoofing the source port only works on things that allow all traffic through whatever port you specified, etc etc etc.
You can learn about all of this stuff here - https://nmap.org/book/man-bypass-firewalls-ids.html