Shannon Morse shares several commands you can use to evade firewalls and intrusion detection systems on NMap.

Download HD  |   Download MP4

Welcome to HakTip — the show where we breakdown concepts, tools and techniques for hackers, gurus and IT ninjas. I’m Shannon Morse and today we’re going to go over evading firewalls in NMap!

Firewalls are put in place because of tools like NMap. NMap has the power to give you a mapping of a network system. You can see everything, from OS versions to open ports. Firewalls and intrusion detection systems are made to prevent NMap and other programs from getting that information. To evade these firewalls, we have several options. Let’s take a look.

Type this command: nmap -f Also, you can type: nmap –send-eth -f This command will send smaller 8-byte probes instead of a whole packet. There is also this command: nmap –mtu 8 MTU stands for Maximum Transmission Unit, which, although similar to -f, will allow you to specify the transmission. You can use any multiples of 8, so you can change your bytes to 8, 16, 32, 64, etc. I just scanned that target the the –mtu option, and 8-byte packets. You may need to add –send-eth to your command to make it work.

Type this command: nmap -D RND:10 This is the decoy option, that lets you scan using multiple decoy IP addresses. NMap will send several packets from several destinations with this command. To the target, it’ll look like it’s being scanned from several machines all at once, and the one actually doing the attack will be harder to find. You can also specify exact decoys be using this command: nmap -D decoy1,decoy2 RND:10

You may also want to try the Idle Zombie scan, which will exploit an idle system by using it to scan your target. It’ll only work if the zombie is actually in an idle state when you run it. This command looks like: nmap -sI (where 145 is my target, 55 is my zombie).

Other than specifying the byte size, we can also specify the source port number with: nmap –source-port 54 NMap usually picks random ports to send out a probe on. But this will force it to use a specific port. -g will also let you change your source port.
We’ll be back after this break!

We’re back with evading firewalls! Now, lets try this one: nmap –data-length 25 This adds random data to probe packets, because some targets look for a specific size of a packet to accept. The size is in bytes and can be any size.

You can also randomize your target scan by using: nmap –randomize-hosts This is used to randomize your target scan order. And if you want to spoof a MAC address of an ethernet device, you can use: nmap -sT -PN –spoof-mac 0 The 0 means nmap will generate a random MAC address.

Lastly we have sending bad checksums. Use: nmap –badsum to send packets with the incorrect checksums. TCP/IP uses checksums to make sure you are who you say you are. You won’t receive anything back though, meaning the system is probably substancially configured right.

And that’s it for evading firewalls! What would you like to see next about NMAP? Send me a comment below or email us at And be sure to check out our sister show, Hak5 for more great stuff just like this. I’ll be there, reminding you to trust your technolust.

Leave a Reply

Your email address will not be published. Required fields are marked *


1 Comment

  • your videos are so helpful with lots of details thank you, keep it going

  • You are an impressive writer. I am impressed with how well you expressed your views in this article. This is very intelligent and thought-provoking content.

  • If you would like to obtain much from this piece of writing then you have
    to apply such methods to your won webpage.

  • Hello my friend! I want to say that this post is amazing, great written and
    include almost all vital infos. I would like to look extra
    posts like this .

  • Wow, that’s what I was searching for, what a data! existing here at this web site, thanks
    admin of this web page.

  • Hi there would you mind letting me know which hosting company you’re
    utilizing? I’ve loaded your blog in 3 completely different internet browsers and I
    must say this blog loads a lot faster then most.
    Can you recommend a good hosting provider at a fair price?

    Many thanks, I appreciate it!

  • Hi to every single one, it’s actually a nice for me to pay a quick visit this web site,
    it contains useful Information.