Firewalls act as network gatekeepers by filtering traffic based on predefined security rules. They operate at various layers of the OSI model:
This involves sending packets with a fake source IP address to trick the firewall into thinking the traffic is coming from a trusted internal source.
The course in question focuses on teaching students how to evade detection by IDS, firewalls, and honeypots. By mastering these techniques, students can better understand how attackers operate and develop more effective strategies for defending against such threats. The course covers a range of topics, including:
Firewalls are the gatekeepers, but every gate has a keyhole. Firewalls act as network gatekeepers by filtering traffic
(encoding payloads, such as using Unicode, so they aren't recognized by signature databases). : These filter traffic based on predefined security rules. Evasion Techniques : Common methods include DNS tunneling
Stepping into a honeypot can compromise an entire engagement by alerting defenders instantly. Skilled testers apply specialized techniques to confirm whether a server is legitimate or a decoy.
Spoofing involves altering the source IP header to mimic a trusted machine. Decoying inserts multiple fake IP addresses alongside the real attack traffic to obscure the true origin of the scan or exploit. Tunneling Protocols : These filter traffic based on predefined security rules
If a firewall blocks port 445 (SMB), the attacker moves to port 80 (HTTP) or 443 (HTTPS). If that is blocked, they move to port 53 (DNS). involves dynamically switching ports to evade static filter rules.
Today, we dive deep into the art of evasion, exploring how skilled operators move invisibly through networks, the tools they use, and how platforms like and professional certifications like the Certified Ethical Hacker (CEH) are training the next generation of defenders to think like the enemy.
Firewalls are designed to block unauthorized access to a network. However, firewalls can be evaded using various techniques, including: including: Simulating hardware defenses
Simulating hardware defenses, such as the and ASA firewalls , using network simulation tools like GNS3 . Intrusion Detection Systems (IDS):
: Incorporates deep packet inspection (DPI), application awareness, and integrated IDS/IPS features.
An IDS is like a network security camera. It monitors traffic for suspicious patterns (signatures) or weird behavior (anomalies). How Evasion Happens: Fragmentation: