Breaking into Computer Networks from the Internet

Judul E-Book: Breaking into Computer Networks from the Internet
Pengarang: Roelof Temmingh
Format E-Book: PDF
Besar File: 1.21 MB
Hosting File: MediaFire + Mega

Preview Content e-book:

The idea would thus be to send a TCP connect on well-known ports and hope
that 1) the firewall passes it through 2) the host is listening on the
specified port. Given the response of the host, one can determine which of
1) and 2) happened. If we get no response we know that the firewall is
blocking us - if we get a response from the server telling us that the port
is not open we at least know that it was not filtered by the firewall.
Hereby two examples:

>telnet wips.sensepost.com 22
telnet: connect to address Connection refused
telnet: Unable to connect to remote host

The host responded by telling us that it is not listening on port 22. It
also tells us that there is nothing between us and the host (on port 22).
So, if we find that for a certain block a number of hosts returns a
"connection refused" while other are return a SSH version (port 22 is SSH)
we can safely assume that the firewall is configured to allow anyone to
connect to port 22 (anywhere in the netblock). Another example
>telnet wips.sensepost.com 44
telnet: Unable to connect to remote host: Connection timed out

Here the connection to port 25 is timing out - telling us that there are
something blocking the packet to arrive at the final destination. Let us
assume that we scan a netblock for port 25 and we find that certain hosts
answers with a SMTP greeting, while others simply time out. This tells us
that the firewall is configured to only allow packets with a certain
destination port on a certain destination IP to enter the network. If we
find a "connection refused" answer in a the same net we know that someone
probably screwed up - the service is not running, but the config on the
firewall has not been updated to close the "hole".

A machine that is dead will respond in the same way as a machine that is
protected by a firewall that does not allow anything through. Thus, getting
no response from a server does not mean that it is heavily firewalled - it
might just be switched off, or unplugged.

Download e-book : Mediafire or Mega mega decription key:Yq0RVkxWXey8oDch42Y9dC49rIAAlvsQ82uysoxaM40
Disqus Comments