Bypassing Firewalls with SYN+FIN

There exists a vulnerability within many firewalls and other systems that permit a session to be established in spite of firewall rules. The specifics are outlined here

To briefly demonstrate this, I will craft custom TCP packets with the SYN and FIN flags set. I will use Nmap for my port scanning, and Nemisis for all others:


nmap -v -v --scanflags SYNFIN -P0 <target>


nemesis tcp -v -fS -fF -D <target>  -S <myip>

In the case of Nmap, notice how the ports that were originally “filtered” are now “open”. Note, not all systems are vulnerable to this bypass.  Sorry for not having a better demo. Go and try it out on your own and see how it works. enjoy!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s