Firewalk包装说明
Firewalk是一个积极的侦察网络安全工具,它试图确定第4层协议指定的IP转发设备将成为过去。 Firewalk通过发送出来的TCP或UDP数据包与TTL大一比目标网关。如果网关允许流量,将数据包转发到下一跳,他们将过期引起的ICMP_TIME_EXCEEDED消息。如果网关hostdoes不允许流量,它可能会在地板上丢弃的数据包,我们可以看到没有任何反应。
为了得到正确的IP TTL,这将导致过期包一举超越我们需要坡道跳数的网关。我们这样做是在作品路由跟踪以同样的方式。一旦我们有了网关跳数(在该点扫描据说是`bound`)我们可以开始我们的扫描。
它是显著注意到一个事实,即最终目的地主机没有达成。它只是需要在某处的下游,在网关的另一侧,从扫描主机。
资料来源:http://packetfactory.openwall.net/projects/firewalk/
Firewalk首页 | 卡利Firewalk回购
- 作者:麦克D.希夫曼,大卫·戈德史密斯
- 许可:BSD
包含在firewalk包工具
firewalk - 一个活跃的侦察网络安全工具。
[email protected]:~# firewalk -h
Firewalk 5.0 [gateway ACL scanner]
Usage : firewalk [options] target_gateway metric
[-d 0 - 65535] destination port to use (ramping phase)
[-h] program help
[-i device] interface
[-n] do not resolve IP addresses into hostnames
[-p TCP | UDP] firewalk protocol
[-r] strict RFC adherence
[-S x - y, z] port range to scan
[-s 0 - 65535] source port
[-T 1 - 1000] packet read timeout in ms
[-t 1 - 25] IP time to live
[-v] program version
[-x 1 - 8] expire vectorfirewalk用法示例
扫描端口8079-8081(-S8079-8081)通过eth0接口(-i eth0的),不解析主机名(-n),经由网关(192.168.1.1)针对目标IP使用TCP(-pTCP)(192.168 .0.1):
[email protected]:~# firewalk -S8079-8081 -i eth0 -n -pTCP 192.168.1.1 192.168.0.1
Firewalk 5.0 [gateway ACL scanner]
Firewalk state initialization completed successfully.
TCP-based scan.
Ramping phase source port: 53, destination port: 33434
Hotfoot through 192.168.1.1 using 192.168.0.1 as a metric.
Ramping Phase:
1 (TTL 1): expired [192.168.1.1]
Binding host reached.
Scan bound at 2 hops.
Scanning Phase:
port 8079: *no response*
port 8080: A! open (port not listen) [192.168.0.1]
port 8081: *no response*
Scan completed successfully.
Total packets sent: 4
Total packet errors: 0
Total packets caught 2
Total packets caught of interest 2
Total ports scanned 3
Total ports open: 1
Total ports unknown: 0