Mapping beyond the firewall
Attackers normally start network debugging using the traceroute utility, which attempts to map all of the hosts on a route to a specific destination host or system. Once the target is reached, the TTL field will be 0, while the target will discard the datagram and generate an ICMP time exceeded packet back to its originator. A regular traceroute will be similar to that shown in Figure 3.17:
As you see from the preceding example, we cannot go beyond a particular IP, which most probably means that there is a packet filtering device at hop 3. Attackers would dig a little bit deeper to understand what is deployed on that IP.
Deploying the default UDP datagram option will increase the port number every time it sends a UDP datagram. Hence, attackers will start pointing to a port number to reach the final target destination.
