loading
Loading content
loading
Also known as filter evasion
Firewall evasion covers the techniques an attacker uses to reach a target when filtering sits in the way. At the packet level that means fragmenting probes so a stateless filter cannot reassemble the signature, spoofing source addresses, mixing real scans with decoy traffic, or setting unusual TCP flags. At the protocol level it means tunneling traffic over DNS or HTTPS, abusing allowed ports like 443, or timing requests slowly to stay under rate thresholds.
The point is to learn what a defended host actually exposes. A firewall can drop or rewrite probes, so a naive scan reports filtered ports and misses live services. Evasion techniques tease apart dropped versus closed ports during port scanning and refine the network mapping of segmented environments. After a foothold, the same thinking guides pivoting through allowed paths to reach internal hosts.
Evasion and detection move together. The same fragmentation and decoy tricks that bypass a filter often trip intrusion detection, so an operator weighs stealth against the risk of an alert.
In a Trickest workflow you script timing, source rotation, and fragmentation options across distributed scan nodes, then compare results from different vantage points to map filtering behavior without hand-tuning each run.
Related terms