Firewalk is an active Reconnaissance network scanner that will help determine what our Layer 4 protocols our router or firewall will pass or deny. This is a great tool for finding a way into an environment through bad, poor, or missing ACL. Because of this, it is also a great tool to audit firewall or router ACLs to make sure they are handling traffic correctly. Firewalk uses ICMP error messages and TTL expirations to let us know whether a port is open or not, very similar to a traceroute. If a port is opened or allowed, the packet destined for that port will typically be silently dropped by the security device. But if the port is opened, the TTL of the packet will expire at the next hop and issue an ICMP_TIME_EXCEEDED
error message.
Firewalk is a two-phase tool. The first phase is called the hop ramping phase. Its sole job is to find the correct hop count to the target_gateway
, so that is has the right TTL (hop count plus one) to lock onto for the next phase. Phase two involves...