In this chapter, we built a systematic step-by-step process for when we performed assessments against a variety of devices. We started the chapter with the router device, and then we moved on to the switches. Following the routers and switches, we moved on to a discussion on what to do when we encounter firewalls.

Once we learned how to deal with a number of different devices, we moved on to methods to identify the filtering rules that are in place. We discovered when a scan is conducted against certain devices, they will not respond in accordance with the standards as set forth in the RFC; furthermore, we were able to discover that when there is a rule in place on a device, it is common for that one port to have a response that provides us with additional details about how to proceed against that device.

Finally, we closed the chapter with a discussion on tricks to penetrating filters, and we looked at using a fragmentation scan; however, this did not provide much success. Then, we looked at the powerful technique of source port scanning, and in fact, this was very successful in allowing us to enumerate additional information about the target; furthermore, we showed how if the source port weakness is found, we have options to carryout an attack coming out from a specific source port.

This concludes the chapter. You now have a sound process and methodology for when you encounter devices. As we discussed in the chapter, there will be many times when you will struggle to find ways through the devices, but this is part of professional security testing, and it is the time when you will learn the most. In fact, the more you struggle the more you will learn, in most cases. Always remember to document all the things that you observe. This is a habit that a prudent and professional tester will deploy when building and testing their virtual labs. In the next chapter, we will take a look at how we architect an IDS/IPS range.