A firewall is a security measure used to protect ports that are unused and open by filtering them to hosts with permissions. Some firewalls provide stateful packet inspection, which means they check addresses and ports and look inside the IP and TCP or UDP header to verify that it is an acceptable packet. Firewalls are meant for protection and detection. Most scans that aren’t stealthy will be picked up by firewalls and be alerted to the hosts and admins.

Usually standard firewalls are meant to detect Non-HTTP traffic to the website to stop legitimate traffic going through the firewall. However there are firewalls that function in the application layer of the OSI model. These are called Proxy Firewalls that take all of the legitimate traffic and filter the data correctly. These are integrated in most web servers that websites use and is not part of the internal network of the website. It is in a separate location outside the internal network which protects the network from outside connections.

One way to get through firewalls is through packet fragmentation. Firewalls have a limit of size to the datagrams that can be sent to the network (MTU). Fragmenting the packets is when the packets are divided and reassembled once they are through the firewall.

UDP and ICMP fragmentation attacks – These attacks involve the transmission of fraudulent UDP or ICMP packets that are larger than the network’s MTU, (usually ~1500 bytes). As these packets are fake, and are unable to be reassembled, the target server’s resources are quickly consumed, resulting in server unavailability

TCP fragmentation attacks (a.k.a. Teardrop) – Also known as Teardrop attacks, these assaults target TCP/IP reassembly mechanisms, preventing them from putting together fragmented data packets. As a result, the data packets overlap and quickly overwhelm the victim’s servers, causing them to fail.Teardrop attacks are a result of an OS vulnerability common in older versions of Windows, including 3.1, 95 and NT. While patches were thought to have put a stop to these attacks, a vulnerability resurfaced in Windows 7 and Windows Vista, making Teardrop attacks once again a viable attack vector.
The vulnerability was re-patched in the latest version of Windows, but operators should keep an eye out to ensure that it stays patched in all future versions

Other ways to bypass a firewall is