How to detect whether the remote system firewall is on or off using VC++

Question

3.00/5 (1 vote)

See more:

VC8.0

C++

How to detect whether the remote system firewall is on or off using VC++

Posted 25-Jan-11 1:40am

Gokulnath007

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

DaveAuld · Answer 1 · 2011-01-25T02:20:00

Solution 1

If you are sitting at the internet side looking in, the chances are you will never know if it has been properly configured.

Many internet facing addresses/ports will not respond to any ping requests etc, or acknowledge there existence. If they did ack, that is just advertising to potential hackers that there is 'something' there.

For example, Visit http://www.grc.com/[^] follow the links to ShieldsUp and put your internet ip in.

Posted 25-Jan-11 2:20am

DaveAuld

Comments

Gokulnath007 25-Jan-11 8:28am

NO. i need the code in VC++ to check whether the remote system firewall is on or off. provided IP address and Port are known...

Sergey Alexandrovich Kryukov 25-Jan-11 11:10am

What do you mean 'no'?! you got correct answer, forget about getting "code in VC++"

Dylan Morley 25-Jan-11 9:34am

Dave has given you the correct answer here. You can't just tell if *any* firewall is up or down

Maybe have a look at nmap - http://nmap.org/. That uses port scanning to try and determine what is up or down. Useful tool either way.

But as Dave mentioned, a properly configured system won't respond to certain requests - if it did it would just give hackers a clue!

Sergey Alexandrovich Kryukov 25-Jan-11 11:09am

This is correct answer - my 5. The presence of Firewall activity can be an educated guess based on indirect data. nmap data says what's responding and what's not, it does not indicate why.

Andrew Brock · Answer 2 · 2011-01-25T05:28:00

Firstly, DaveAuld has a good Answer. If the computer is accessed over the internet, its access will most likely be restricted by a router or gateway.
If however, the computer is attached via a modem, direct link to the internet (as is the case in many universities) or on the local network in your house and in the room next door that you are too lazy to go look at, then you may consider using code to find out.

Then you hit the next hurdle: There is no explicit way of telling if there is a firewall running, they don't advertise it or anything and there are so many different ones that behave in different ways, but they will deny you access to several features that are otherwise commonly available.

Almost all firewalls will block a echo request (ping) unless explicitly told not to for whatever reason, while the echo response server is most commonly running on all systems, providing a pretty quick and easy way of getting a good estimate if the system is firewalled.

If you know the OS (I will stick with Windows) then there are also a number of other ports that are commonly open.
135 - Microsoft End Point Mapper (RPC server for remote admin)
139 - NetBIOS NetBIOS Session Service (Windows file sharing)
445 - Microsoft-DS Active Directory, Windows shares (more Windows file sharing)

If port 135 is open they you should be able to connect to the remote management interface with RPC and look at the services running on the computer given you know a valid username and password.

You can also check this with mmc.exe and add a services snap-in with the remote computer's address.

Dave Morley's suggestion of nmap is a very good one, and it also has a user interface with pre-set command lines for easy use.

There are other tools that may also be useful (no source code provided unlike nmap), and although they justify making these tools with legitimate uses, these boards are not the place to be sharing system exploit analysis tools.