Re: Firewall testing

To: Javier Fernández-Sanguino Peña <jfs@computer.org>
Cc: debian-security@lists.debian.org
Subject: Re: Firewall testing
From: TOK <skybound@inbox.lv>
Date: 10 Feb 2003 01:41:41 +0100
Message-id: <[🔎] 1044837701.1919.38.camel@darkness>
In-reply-to: <[🔎] 20030206084106.GA11602@dat.etsit.upm.es>
References: <[🔎] JOECKCKPNCCGLPCHIFMDMEPECAAA.merk0020@algonquincollege.com> <[🔎] 20030205165642.GD6117@tao.merseine.nu> <[🔎] 20030206084106.GA11602@dat.etsit.upm.es>

On Don, 2003-02-06 at 09:41, Javier Fernández-Sanguino Peña wrote:
> On Wed, Feb 05, 2003 at 11:56:42AM -0500, dsr@tao.merseine.nu wrote:
> > On Wed, Feb 05, 2003 at 11:14:50AM -0500, merk0020 wrote:
> > > Hello I am about to make the Proxy/Firewall on your
> > > www.aboutdebian.com web site. I was wondering how to go about testing
> > > it when finished. I have multiple computers and various internet
> > > connections.
> > 
> (...)
> > 
> > Run an nmap scan over the test box and make sure it is consistent with 
> > your firewall config.
> > 
> 	Note that nmap (or nessus for that matter) will only determine the
> security of the proxy/firewall itself (if pointed at it) and not of the
> computers _behind_ it.
> 	You have to also port scan the boxes behind to determine if they
> are properly protected by the firewall.
> 
> A nice document on firewall testing would be CERT's:
> http://www.cert.org/security-improvement/practices/p060.html
> or Eugene Schultz's
> www.cerias.purdue.edu/homes/firewall/references/fwtest.doc
> 
> Also you could use a tool to test you firewall rules from inside/out such
> as "Firewall Tester" http://www.infis.univ.trieste.it/~lcars/ftester/.
> Is anyone aware of similar ones? (packaged in Debian?)
i found that question interesting enough to dig a bit:
$apt-cache search packet|grep IP (edited)
isic - Test the integrity of an IP Stack with semi-random packets
nemesis - TCP/IP Packet Injection Suite
rain - packet builder for testing IP protocols implementations.
sendip - A commandline tool to allow sending arbitrary IP packets.
stone - TCP/IP packet repeater in the application layer

other injectors can surely be found at packetstorm or similiar sites.
searching freshmeat (traffic/firewall + test):
http://freshmeat.net/projects/packit/
http://freshmeat.net/projects/trafficgenerator/
http://freshmeat.net/projects/apsr/
furthermore the somewhat related (and imho most interesting)
http://freshmeat.net/projects/fragroute/

sf doesn't add anything new, a glance at google just shows alot of noise
(LeakTest, ZoneAlarm, BlackICE)
thinking about it, this might be interesting, too:
http://www.doxpara.com/read.php/code/paketto.html

regards,
tok
> 
> 	Regards
> 
> 	Javi

Reply to:

References:
- Firewall testing
  - From: "merk0020" <merk0020@algonquincollege.com>
- Re: Firewall testing
  - From: dsr@tao.merseine.nu
- Re: Firewall testing
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: raw disk access
Next by Date: Re: [personal] securing pop3
Previous by thread: Re: Firewall testing
Next by thread: Re: Firewall testing
Index(es):
- Date
- Thread