Madhans Tutorial : Firewall (What is FIN attack)

Madhans Firewall (What is FIN Attack)

What is fin attack? The article explains how the attackers are doing port scan.Suppose the attacker wants to know whether port no.8080 is open or not. Step 1 : he sends a tcp packet like this: Source IP:his ip address:80 Destination IP: 24.34.45.78:8080 Flag:FIN is set. It means " I want to close(finish) our talk" Step 2 : By analysing the REPLYreceived back for this FIN packet, the attacker will know certain information about the victim computer: 1. whether firewall is there or not. If it is there,wheter it is strong or not. 2. whether the port is open or closed. You can imagine the concept like this: You dial a pbx operator and tells " I have completed my talk with your boss mr.8080. Now you can disconnect thecall. The operator reply can be either of these: "But today my boss not at all turned up to office . You could not have spoken to my boss at all. Wrong number please." This much of reply is sent in one single word "RST" . RST stands for resetting the connection. If the boss is there, but at the same time, if the operator has not put through the call, then she will simply close the phone. This is equal to : the attack will NOTget any reply from the victim computer. From these two replies, the attacker will know whether the boss is sitting in the office or not (whether the port is open or not).

Posted By : Madhan

Disclaimer and Copyright