Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Hacking & Exploits Network Hacking Question about PenTesting and Nmap

Thread Rating:
  • 249 Vote(s) - 3.43 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Question about PenTesting and Nmap

Offline resplits821710


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
03-09-2018, 05:05 PM
Hello, i am doing some research on a few interesting topics about security and i have a question to ask.

Nmap provides a few tools and techniques that can be use to "evade" a firewall. Correct me if i am wrong but those techniques only work if the target's firewall is misconfigured. So what does a professional PenTester do if the firewall is not misconfigured or if he cannot "evade" said firewall? Are there other ways to port scan? Or does he not port scan at all and simply tries a different approach? And if so, what kind of approach?

You do not need to give me a tutorial, i am asking this for educational purposes so i only need "theory" not "practice". Thank you very much :biggrin: !
Reply

Offline hydraulus495656


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Nov 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
03-13-2018, 04:01 PM
Many of the firewall evasion techniques nmap provides don't rely so much on "misconfiguration" as they do a lack of a security control(s) being in place. Fragmented packets will only bypass things that don't queue IP fragments, decoy cloaking only bypasses stuff that doesn't implement router path tracing (and a couple other things), spoofing the source port only works on things that allow all traffic through whatever port you specified, etc etc etc.

You can learn about all of this stuff here -

[To see links please register here]

Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through