Packet sniffing can reveal destination IP/port and crafting a return packet to mimic the returning asset, while intercepting the legit packet and neutralizing it ("man in the middle");

Windows has by default some ports open (in some configurations) such as "Printer and file sharing", Windows XP has this;

Of course the principle conduit into the system is the browser, which uses port 80/8080, so by default requested assets are delivered unhindered (ie the header Source/destination is properly configured as 'requested';

"Ping reply" when not properly constrained can be leveraged to some extent;

See SANS https://isc.sans.edu/reports.html for specific port attack numbers.



"Brute force" applies more to pounding on a password, not attempting to penetrate a firewall. Unrequested packets attempting to enter are dropped, so repeated knocks will yield no effect: the firewall does not get 'tired' and stop resisting (dropping packets).

Yes brute force

One major action by cyber crime is "tunneling to circumvent firewall policy".... this is a major botnet type activity too, to break into the computer and further attempt disabling antivirus/antispyware products present as well attempting to disable firewall blocking of covert communications as like with a Trojan Downloader used to install malware as part of the botnet payload.



Tunneling to circumvent firewall policy

http://en.wikipedia.org/wiki/Tunneling_protocol



"Users can also use tunneling to "sneak through" a firewall, using a protocol that the firewall would normally block, but "wrapped" inside a protocol that the firewall does not block, such as HTTP. If the firewall policy does not specifically exclude this kind of "wrapping", this trick can function to get around the intended firewall policy.



Another HTTP-based tunneling method uses the HTTP CONNECT method/command. A client issues the HTTP CONNECT command to a HTTP proxy. The proxy then makes a TCP connection to a particular server:port, and relays data between that server:port and the client connection. Because this creates a security hole, CONNECT-capable HTTP proxies commonly restrict access to the CONNECT method. The proxy allows access only to a whitelist of specific authorized servers."



NOTE: Now what applies here is that IPv4 was evaporating quickly and IPv6 was in place and is native in the Windows Vista release. Tunneling of course is renewed in IPv6....



IPv4

From Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/IPv4

"Internet Protocol version 4 (IPv4) is the fourth revision in the development of the Internet Protocol (IP) and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet. IPv4 is still by far the most widely deployed Internet Layer protocol (As of 2011[update], IPv6 deployment is still in its infancy)....."



IPv6

From Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/IPv6

"Internet Protocol version 6 (IPv6) is a version of the Internet Protocol (IP). It is designed to succeed the Internet Protocol version 4 (IPv4). The Internet operates by transferring data between hosts in small packets that are independently routed across networks as specified by an international communications protocol known as the Internet Protocol....."

by brute force or programed to avoid firewalls