On Mon, 15 Jan 2001 [EMAIL PROTECTED] wrote:
> I look for some of firewall scanner tools for firewall testing.
> Please help me to finding the best of them.
it depends on what you want to examine for. this isa scenario i try and
use, but can't always due to situation restraints: set up two sniffers,
one on either side of the firewall. now test the rules using the tools i
list below or similar.
basically what you're hoping to do is to watch for leaks in the firewall
of unwanted traffic or circumstances. tweak your rules accordingly.
the major issue is that no one tool will automate this process for you.
you have to have an understanding of what your firewall is intending to
stop, how to allow what traffic you do want to allow and how to read this
from the taces you generate. a nessus/SAINT/nmap scan without
interpretation will be meaningless.
the tools and their uses are:
isic
ip stack integrity checker. sends a flood of random packets to
a target. you can vary a variety of parameters. helps you to find
random leaks sometimes.
nemesis
libnet based packet construction utility. can build custom packets
quickly and easily inside a script to watch for a specific subset of
problems you suspect.
casl
custom attack scripting language. not ported to most modern UNIXen
but a binary for RedHat 5.2 exists out there. not in the Free Software
license world.
psh
packet shell from sun, also a packet generation utility.
http://playground.sun.com/
firewalk
the tool someone else posted about, can display weaknesses in your
firewall ACLs using custom crafted TTLs and port options. simply
a modified traceroute at its heart.,
nmap
the premeir port scanner, useful because you can really tweak up
the scans in an automated fashion.
tcpdump
the sniffer of choice for the job.
ethereal
a great GUI and protocol decoder on top of tcpdump's engine.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
