Ask the Expert

If a firewall discards all outside pings, then how can you get into it?

If a firewall discards all outside pings, then how can you get into it? I can scan the I.P. for services running, like FTP or W3, but when I do a port scan on the router it doesn't respond. I am not a hacker, but security conscious and paranoid and would like to know if someone would be able to hack into the router/firewall I have put up.
Someone with the right tools and time can always find a way to hack into anything. To answer your question, if you have locked down the router/firewall so that it does not announce the services it has available, then you are doing the right thing. However, when a port scanner is looking for open ports, it typically tries to send a SYN command to the port. Many new attacks send something other than a SYN (like an ACK, FIN, or RST). In some cases, the system might respond to one of these because these packets are sent out of the standard TCP 3-way handshake sequence (and will respond with an RST, since it does not understand why the command was sent). If the system replies with an RST, it then means that something was listening.

This was first published in April 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: