Testing and Analysis of Personal Firewalls Master of Science Thesis in Computer Science and Engineering RASHID REHMAN OBAID UR RAHMAN, SHEIKH Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering Göteborg, Sweden, October 2010 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Testing and Analysis of Personal Firewalls Rashid Rehman Sheikh Obaid Ur Rahman © Rashid Rehman, October 2010. © Obaid Ur Rahman, Sheikh, October 2010. Examiner:Arne Dahlberg Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden October 20100 Abstract The rapid growth of internet has directed a collinear increase of internet users. The majority of people using internet have limited understanding and knowledge of computer systems. The majority of users rely on the security software‟s that are provided by different firewall vendors to ensure the secure communication. These security software‟s design and developed by very highly qualified professionals to ensure threat detection against viruses, malware and spywares. The basic purpose of our thesis is to test and analyze the security firewalls against TCP ACK, TCP SYN, TCP FIN, TCP Connect, Echo Ping, UDP and Denial of Service attacks (Ping of Death, Teardrop, and Land Attack) to check security issues. We also have discussed the similarities and differences between them. Preface Finally, we have reached to another milestone of our lifes i.e., completion of ours MSc thesis. We thank God who gave us lot of courage during our studies and in every sphere of our lifes. First of all, we want to thank our dear supervisor and examiner Arne Dahlberg for giving us the opportunity. We have learned a lot from your practical expertise and invaluable writing skills. Your kindness and patience is worth appreciation. We will continue to build our careers on these bases. Then, we want to extend our gratitude to our father who always supported us in our studies and made our dream true to come abroad to follow advance course in Computer Networks and Distributed Systems. Our brothers and sisters contribution is always very crucial to our career. Their support is a great asset for us. We assure you all to continue our quest to gain knowledge and expertise to achieve excellence. i Table of Contents 1.0 Introduction ...................................................................................................................................... 2 1.1 Tools Used For Testing and Analyzing Firewalls ........................................................................... 3 1.2 Introduction of Firewalls ............................................................................................................... 4 1.2 Types of Filtering Techniques ....................................................................................................... 5 1.3 Port Scanning ................................................................................................................................ 6 1.3.1 UDP Port Scanning ................................................................................................................ 6 1.3.2 FIN Scan ................................................................................................................................. 6 1.3.3 TCP ACK ........................................................................................................................................ 6 1.3.4 TCP Connect Scan .................................................................................................................. 7 1.3.5 TCP SYN Flooding .................................................................................................................. 7 1.4 Types of Attacks ............................................................................................................................ 8 1.4.1 Land Attack ........................................................................................................................... 8 1.4.2 Ping of Death ......................................................................................................................... 8 1.4.3 Teardrop Attack .................................................................................................................... 8 1.5 Port States ..................................................................................................................................... 9 Open ...................................................................................................................................................... 9 Closed .................................................................................................................................................... 9 Filtered .................................................................................................................................................. 9 Unfiltered .............................................................................................................................................. 9 Open/Filtered ........................................................................................................................................ 9 Closed/Filtered ...................................................................................................................................... 9 2.0 Testing And Analysis of Firewalls ................................................................................................... 10 2.1 ZoneAlarm ................................................................................................................................... 10 ii 2.1.1 TCP ACK Scanning at Full security ....................................................................................... 10 2.1.2 TCP ACK at Medium Security .............................................................................................. 10 2.1.3 Echo Ping at Full Security .................................................................................................... 11 2.1.4 Echo Ping at Medium Security ............................................................................................ 11 2.1.5 TCP FIN at Full Security ....................................................................................................... 12 2.1.6 TCP FIN at Medium Security ............................................................................................... 12 2.1.7 TCP SYN Scan at Full Security .............................................................................................. 12 2.1.8 TCP SYN at Medium Security............................................................................................... 13 2.1.9 TCP Connect at Full Security ............................................................................................... 14 2.1.10 TCP Connect at Medium Security ........................................................................................... 14 2.1.11 UDP Scan at Full Security ................................................................................................... 15 2.1.12 UDP Scan at Medium Security ........................................................................................... 15 2.1.13 Teardrop Attack at High and Medium Security .................................................................. 16 2.1.14 Land Attack at Full and Medium Security ........................................................................... 16 2.1.15 Ping of Death at High and Medium Security .......................................................................... 17 2.2 Comodo Firewall ......................................................................................................................... 18 2.3 Kaspersky Firewall ....................................................................................................................... 20 2.4 McAfee Firewall .......................................................................................................................... 22 2.5 Win7 Firewall .............................................................................................................................. 25 2.6 Comparison ................................................................................................................................. 27 Conclusion .................................................................................................................................................. 29 References .................................................................................................................................................