Firewalk Scanning Phase
¨Firewalk generates a series of packets with TTL set to one greater than the hop count to the packet filtering device
¨Packets contain incrementing destination TCP and UDP port numbers
¨An ICMP Time Exceeded response means that the port is open through the firewall
¨If nothing or ICMP Port Unreachable comes back, the port is probably filtered by the firewall
¨Works well against traditional and stateful packet filters
¨Does not work against proxy-based firewalls since proxies do not forward packets