Firewalls and intrusion detection systems (IDS) are examples of security measures designed to keep hackers out of a network. Even firewalls and IDS, nevertheless, have certain security drawbacks. A selection of them are listed below.
Packet Fragmentation
When a probe packet is sent to a network, it may divide into multiple smaller
packets, or fragments, a process known as packet fragmentation. This process
was developed to avoid false positives generated by other scans because of a
packet filtering device on the target system. The IDS and firewalls behind the
host typically queue up all of these packets and handle them one at a time
when they arrive at the host. Nevertheless, because this processing approach
uses more CPU and network resources, most intrusion detection systems are
configured to ignore fragmented packets while performing port scans.
Therefore, attackers use packet fragmentation tools such as Nmap and fragroute to split the probe packet into smaller packets using the command nmap -sS -T4 -A -f -v <IP>.
Source Routing
Source Port Manipulation
The primary source of security misconfigurations is naive trust in the source port number. The firewall is mostly configured by the administrator by permitting inbound traffic from popular ports like HTTP, DNS, FTP, and so on. Although firewall elements with protocol parsing or application-level proxies can make the firewalls secure.
IP Address Decoy
- nmap -D RND:10 [target] - Using this command, Nmap automatically generates a random number of decoys for the scan and randomly positions the real IP addresses between the decoy IPs.
- nmap -D decoy1,decoy2,decoy3..,ME,... [target] - Using this command, you can specify the IP addresses of the decoys to scan the victim's network. Here, you must comma-separate each fake IP address. Alternatively, you can use the ME command to set the position of your genuine IP address within the decoy list. This is an optional command; if you leave it, Nmap will automatically assign your actual IP address to any random location during the scan. Eg: nmap -D 192.168.0.1,172.120.2.1,10.10.0.1,ME,192.168.5.1 192.186.85.15
IP Address Spoofing
Custom Packets
- By using Packet Crafting Tools: Attackers create custom TCP packets using various packet crafting tools like Colasoft Packet Builder, NetScan Tools Pro, etc. to scan a target beyond a firewall.
- By appending Custom Binary Data: Attackers send binary data (0's and 1's) as payloads in the packets sent to the target machine present behind the firewall. The option used by Nmap is --data <hex_string>. Any <hex_string> is specified in the formats 0xAABBCC or \xAA\xBB\xCC. For example, --data 0xcalmstorm (or) --data \xCA\xF1\xA9.
- By appending Custom String: This can be done using the Nmap command, --data-string <string>. The <string> is enclosed with double quotes ("") and special characters from the shell are not used. For example, --data-string "Scan conducted by HackHunt".
- By appending Random Data: This can be done using the Nmap command, --data-length <number>. For protocol-specific and no random payloads, --data-length 0 is used.
Randomizing Host Order
Proxy Chaining
- The user requests a resource from the destination.
- A proxy client in the user's system connects to the proxy server and passes the request to the proxy server.
- The proxy server strips the user's identification information and passes the request to the next proxy server.
- This process is repeated by all the proxy servers in the chain.
- Finally, the unencrypted request is passed to the web server.
Anonymizers
- Phases of Hacking
- Introduction to Scanning - Second Step to Hacking
- Host Discovery Techniques via Scanning
- Port Scanning Techniques
- Working of TCP 3-Way Handshake
- IP Spoofing Countermeasures
- Proxy Servers
No comments:
Post a Comment