|
About Firewalking:
- It portscans a system behind a firewall without ever actually connecting to that system.
- It does not list the ports that are open, like a typical portscan would.
- It lists ports for that system that are allowed to communicate through the firewall.
- The scanner sends packets with a Time-To-Live (TTL) set to expire one step past the firewall.
- If the hacker receives an ICMP TTL Expired message for a port, then that port is allowed to communicate through the firewall.
Because the hacker never touches the system, firewalking is not recorded in the system's logs.
|