Given a set of ports is there one that is more likely to bypass a firewall?

I’ve been trying to solve a homework question in a beginner infosec class, and I was stumped on an issue and I didn’t really know of the right place to ask. If it isn’t then please let me know.

Given the following ports,

8080/UDP

6667/TCP

53/TCP

443/TCP

if somebody was developing malware, which would be the most likely to be used by it to bypass the firewall?

I know that 53 and 443 are DNS and HTTPS respectively.

My way of thinking about the problem is that it’s likely a firewall would be set up to not drop incoming HTTPS traffic so that would be the best one to develop malware for, but I feel like there’s possibly a trick to the question I’m missing. Also it’s probably possible to eliminate UDP 8080 because it falls out of the commonly used UDP service range, meaning it’s likely to be blocked by default.

Any insight or explanation would be helpful. Thanks!

Stateless Firewall configuration and random port number from server

When I was reading about web servers, I came to know that though servers listen to static port (say port 80 for http), immediately after the connection, they assign a different port and thread to process. This helps in scalability; otherwise the server cannot listen to the static port until the processing of the previous request is finished.

Now my question is that if you have a stateless firewall at the client side (I know it is not a common scenario), how can we configure this? We can allow outbound and inbound to/from the destination server at port 80. But since the target port is randomly assigned, we cannot be sure of the inbound port number. Since the firewall is stateless, it doesn’t have any previous knowledge of outbound connection initiation. How do we configure this then? Thanks in advance.

Does changing my hostname has any influence on uncomplicated firewall (UFW?

I changed my hostname in /etc/hosts and in /etc/hostname and I had problems to connect my squeezebox clients to the server since then. I am not sure if both are related but I have not other idea. When I disabled the firewall everything worked fine. But the firewall had all relevant ports open and it worked well before I changed hostnames.

[Cloud Firewall] Proxy, VPN, Tor, Spam & Bot detection.

FireMason (https://firemason.io) is an IP lookup website featuring proxy, VPN, spam, Tor and bot detection. Using our data you can easily perform fraud checks on your online store, detect malicious players in your online game and much more!

Currently still in beta, but the product works very well. Looking for feedback so we can improve :)

Integrations

We are happy to help you integrate FireMason with your service or product. Just get in touch via private…

[Cloud Firewall] Proxy, VPN, Tor, Spam & Bot detection.

per-app firewall application for Linux

I have a big problem.I want to block internet access of some of installed application on my Fedora Linux. I can’t install Douane. and OpenSnitch has said in its github page :

THIS SOFTWARE IS WORK IN PROGRESS, DO NOT EXPECT IT TO BE BUG FREE AND DO NOT RELY ON IT FOR ANY TYPE OF SECURITY.

but I need a Reliable one, is there any solution?

Can a firewall recognize (and block) outbound traffic that consists of screen shots?

I recently watched this YouTube video about capturing webcam image traffic using Wireshark. Although the technique used in the video is not applicable to my question (because it is about a MITM situation), it shows how image data, such as from webcams, is sent across a network.

What I am mainly interested in is blocking screen shots taken by malware and similar code.

Question: Is it feasible to have a hardware firewall device to keep an eye on packet data and remove packets that contain images, or is this sort of low-level analysis typically too taxing for a consumer-grade devices?

How is it possible to scan the internal network to perform lateral movement without being detected by a firewall?

How is it possible to scan the internal network to perform lateral movement without being detected by a firewall? I’m trying to do a decent scan on the internal network for days. I have a meterpreter shell, add subnet, set proxychains port 1080 and do a slow scan with nmap. I would like to know what other techniques that Pentesters use in their day to day that are effective.

WebServer is an ubuntu, but the internal network is packed with Windows and Linux machines, thus bringing a realistic environment for training. I am doing these studies in a controlled environment.