Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Fire Walking - A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Accessing

Fire Walking - A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Accessing

Ratings: (0)|Views: 6 |Likes:
Published by cepimanca

More info:

Published by: cepimanca on Apr 20, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/20/2010

pdf

text

original

 
1
Firewalking
A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway AccessControl Lists
Cambridge Technology PartnersEnterprise Security ServicesDavid GoldsmithSenior Security Architect
dhg@es2.net
Michael SchiffmanSenior Security Architect
mds@es2.net
October 1998
Contents of this document are Copyright © 1998 Cambridge Technology Partners Enterprise Security Services, Inc.Distribution is unlimited under the condition that due credit is given and no fee is charged.http://www.es2.netESS is a division of Cambridge Technology Partners, Inc.
 
2
T
ABLE
O
F
C
ONTENTS
i.Terminology3ii.A note about examples3I.Introduction4II.Traceroute5III.Information gathering using traceroute6IV.Firewalking9V.Firewalk The tool10VI.Risk Mitigation12
 
3
i. Terminology
ACLAccess Control List. A set of rules that enforce a security policy. Inthe scope of this paper, an Access Control List will solely apply tonetwork policy.Router/GatewayUsed interchangeably. In the scope of this report, they refer to amulti-homed host that is configured to forward IP datagrams. It mayor may not have a packet filtering ACL in place that denies somenetwork traffic.Ingress trafficDescribes network traffic that originates from the outside of anetwork perimeter and progresses towards the inside.Egress trafficDescribes network traffic that originates from the inside of a networperimeter and progresses towards the outside.FirewallRefers to a multi-homed host configured to forward IP datagramswhich uses a packet filtering ACL to control network traffic.
ii. A note about examples
There are several sample traceroute dumps used in this report. The astute reader will note that the IP addresses areRFC 1918[1] compliant non-routable internal network addresses. The empirical data and traceroute dumps are takendirectly from live Internet hosts
1
, and in order to protect their identity, we have changed the addresses to anonymize themachines and networks involved. 
1
 
In fact, in the traceroute dumps, the original RTTs (round-trip times) are left in as they appeared.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->