Firewall identification with Nmap
Nmap has a streamlined firewall filtering identification function that can be used to identify filtering on ports based on ACK probe responses. This function can be used to test a single port or multiple ports in sequence to determine filtering status.
Getting ready
To use Nmap to perform firewall identification, you will need to have a remote system that is running network services. Additionally, you will need to implement some type of filtering mechanism. This can be done with an independent firewall device or with host-based filtering such as Windows firewall. By manipulating the filtering settings on the firewall device, you should be able to modify the results of the scans.
How to do it…
To perform an Nmap firewall ACK scan, Nmap should be called with the IP address specification, the destination port, and the -sA option:
root@KaliLinux:~# nmap -sA 172.16.36.135 -p 22 Starting Nmap 6.25 ( http://nmap.org ) at 2014-01-24 11:21 EST Nmap scan report for 172...
