Firewall identification with Scapy
By evaluating the responses that are returned from select packet injections, it is possible to determine if remote ports are filtered by a firewall device. In order to develop a thorough understanding of how this process works, we can perform this task at the packet level using Scapy.
Getting ready
To use Scapy to perform firewall identification, you will need a remote system that is running network services. Additionally, you will need to implement some type of filtering mechanism. This can be done with an independent firewall device or with host-based filtering such as Windows firewall. By manipulating the filtering settings on the firewall device, you should be able to modify the responses for injected packets.
How to do it…
To effectively determine if a TCP port is filtered or not, both a TCP SYN packet and a TCP ACK packet need to be sent to the destination port. Based on the packets that are returned in response to these injections, we can determine if...
