PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-02-08 06:26:33 +00:00
Code Issues Projects Releases Wiki Activity

Fix NSEdoc: wrap lines, fix bulleted lists

Browse Source
This commit is contained in:
dmiller
2015-07-11 04:01:05 +00:00
parent a59056e29e
commit 339f0ffd7d
63 changed files with 408 additions and 298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
scripts/firewall-bypass.nse
View File

@@ -5,16 +5,21 @@ local string = require "string"
local packet = require "packet"
description = [[
Detects a vulnerability in netfilter and other firewalls that use helpers to dynamically open ports for protocols such as ftp and sip.
Detects a vulnerability in netfilter and other firewalls that use helpers to
dynamically open ports for protocols such as ftp and sip.
The script works by spoofing a packet from the target server asking for opening a related connection to a target port which will be
fulfilled by the firewall through the adequate protocol helper port. The attacking machine should be on the same network segment as the
firewall for this to work. The script supports ftp helper on both IPv4 and IPv6. Real path filter is used to prevent such attacks.
The script works by spoofing a packet from the target server asking for opening
a related connection to a target port which will be fulfilled by the firewall
through the adequate protocol helper port. The attacking machine should be on
the same network segment as the firewall for this to work. The script supports
ftp helper on both IPv4 and IPv6. Real path filter is used to prevent such
attacks.
Based on work done by Eric Leblond.
For more information, see:
* http://home.regit.org/2012/03/playing-with-network-layers-to-bypass-firewalls-filtering-policy/
* http://home.regit.org/2012/03/playing-with-network-layers-to-bypass-firewalls-filtering-policy/
]]
---