Bypassing Firewalls with SYN+FIN

There exists a vulnerability within many firewalls and other systems that permit a session to be established in spite of firewall rules. The specifics are outlined here

To briefly demonstrate this, I will craft custom TCP packets with the SYN and FIN flags set. I will use Nmap for my port scanning, and Nemisis for all others:

NMap

nmap -v -v --scanflags SYNFIN -P0 <target>

Nemesis

nemesis tcp -v -fS -fF -D <target>  -S <myip>

In the case of Nmap, notice how the ports that were originally “filtered” are now “open”. Note, not all systems are vulnerable to this bypass.  Sorry for not having a better demo. Go and try it out on your own and see how it works. enjoy!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s