# Firewall/IDS Evasion

## Proxies

### Rotating Proxy Service

* There are a lot services out there that will sell you rotating proxies (Google "rotating proxies").
* The way it works is that you get an single IP addresses to connect through, and that IP connects out to the Internet using any number of randomly rotating proxies.

```bash
nmap -sX -proxy http://1.1.1.1:1080 -iL targetlist.txt
```

### Proxychains

```
proxychains nmap -v -T4 -sX 1.2.3.4
```

* You can use TOR Nodes.
* You have multiple ways to configure your proxy connection with proxychains.

## Decoy Scan (Noisy)

* Spoof addresses in the network

```bash
nmap -D RND:10 -sS <domain>
```

## Fragmented packets

```bash
nmap -f -sX -Pn -v <domain>
nmap -sX -v --mtu 32 <domain> # similar to -f, sends limited amount of data during transmition
```

## Badchecksums

* The TCP/IP Protocol uses "checksums" to ensure data integrity.
* By crafting packets with incorrect checksum information, we might be able to trick the target host into sending a response.

```bash
nmap -sX -T4 --badsum <IP>
```

## Changing data length

* If you are going to experiment with this, try scanning a single port that you know is open 80 or 443 and play with it.

```bash
nmap -sS --data-length 300 scanme.nmap.org
```

## Styling Nmap Results

* <https://github.com/honze-net/nmap-bootstrap-xsl> - Nmap Stylesheet repository

```bash
nmap -sS -T4 -A -sC -oA scanme --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl scanme.nmap.org scanme2.nmap.org
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hackzzz.gitbook.io/welcome/everything-about-and-notes/network-pentesting/firewall-ids-evasion.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.