Evading Honeypots and Firewall Methodology
Firewall Pen Testing:
- Start Footprint the target
- Perform port scanning to detect firewall
- Firewall Detected
>if no (>if yes, then end)
=Perform banner grabbing to detect firewall
=if not, then perform firewalking to detect firewall
Firewall Pen Testing:
- Disable a trusted host
- Perform IP add spoofing (tp gain unauthorised access to a comp or network)
- Perform source routing (to designate the packet route in order to bypass the firewall)
- Perform IP fragmentation (to force TCP header info into next fragment in order to bypass firewall)
- Use ip add in place of URL (type IP add num instead of name)
- Use anonymous website surfing sites
- Use proxy servers (that block actual IP add, and display another)
- Perform ICMP tunnling (to tunnel a backdoor app in data portion of ICMP echo packets)
- Perform ACK tunneling (using tools such as AckCmd to tunnel backdoor app with TCP packets with the ACK bit set)
- Perform HTTP Tunneling (use tools such as super netork tunnel httport to tunnel traffic across TCP port 80)
- Perform SSH Tunneling (use tools as Bitvise to encrypt and tunnel all traffic from local to remote machine)
- Use External Systems
- Perform MITM attack
- Perform XSS attack
- Document all findings
IDS pen testing:
- Disable a trusted host
- Perform Insertion attack
- Implement Evasion technique
- Perform Deniel of service attack
- Obfuscate or encode the attack payload
- Perform false positive generation technique
- Perform session splicing technique
- Perform unicode evasions technique
- Perform fragmentation attack
- Perform overlapping fragments technique (to craft a series of packets with TCP seq number configured to overlap)
- Perform time to live attack
- Perform invalid RST packets technique (to bypass IDS as it prevents IDS from processing the stream)
- Perform urgency flag technique (to evade IDS as some IDS do not consider the TCP protocols urgency feature)
- Perform polymorphic Shellcode technique (try to bypass IDS by encrypting the shellcode to make it undetectable to IDS)
- Perform ASCII shelllcode technique (try to evade IDS pattern matching signatures by hiding the shellcode content using ACSII codes)
- Perform app layer attack (as many IDS fail to check the compresed file formats for signatures)
- Perform encryption and flooding techniques (estab an encrypted session with the victim or send loads of unnecessary traffic to produce noise that cannot be analysed by the IDS)
- Perform post connection SYN attack
- Perform Pre Connection SYN attack
- Document all findings