----- Original Message ----- From: "Alvin Oga" <[EMAIL PROTECTED]> To: "Thorsten Henninger" <[EMAIL PROTECTED]> Cc: "Jiunn-Jye Chen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: March 19, 2002 8:49 PM Subject: Re: Firewall test software?
> > hi ya Hi Alvin. > port scanning is NOT a firewall test??? > - it doesnt matter that it says port 25 is open for the mail server > - it doesnt matter that it says port 80 is open for the web server I have to disagree. Port scanning over the years has shown many bugs in firewalls. I have seen so many Cisco routers crash just because the Ack and Fin flags are set or something along those lines (I'm sure we could point out more than just one case). > what you are really interested in is... > - is apache the latest/greatest ... ( no known exploits ) > - is sendmail the latest/greatest ... ( no known exploits ) This is true, but I think the original question was asking how he/she could test their firewall policies. > if you left all the ports open on your firewall ... > - you dont need a port scanner to tell you its open > ( there's more issues... What if your router has SNMP open to the outside, but you don't know how this happened? I have seen this before with routers that are mainly used for small businesses and homes. > if you wanna test that your firewall is working properly ... > - hook up a random laptop ... if that laptop can > sniff your sensitive data... your firewall failed... What data? You mean the data coming/going to/from other workstations? What if the LAN is connected to one hub or two hubs? A switch would be much better for this (yes, I know we can have fun with ARP ;) ). > if the outside customers cannot send and receive emails from > your employee from inside the company ... your firewall failed... I'm lost and it's late. > if the outside custoemrs can see your internal network topology... > you should change your firewall rules This is what he/she is trying to accomplish. > ... gazillion firewall tests ... > > if you unplug the firewall ... > - can people still work ???? .. if not its not working "right" Again, I am lost and it's late >=) > if the hackers gets into your firewall... > - what can they sniff ... Too much! That's where encryption comes into play. Here are my recommendations. Do you really like your firewall policies? Can you deny everything in/out unless permitted? Do you have the latest firewall firmware or software? Here are some tools. http://www.sys-security.com/html/projects/X.html http://www.insecure.org/nmap/ http://packetstormsecurity.org/UNIX/firewall/ftester-0.5.tar.gz http://www.phreedom.org/article.php?id=29 http://www.thehackerschoice.com/download.php?t=r&d=amap-0.95.tar.gz http://ettercap.sourceforge.net/ http://www.earth.li/projectpurple/progs/sendip.html http://mixter.warrior2k.com/nsat-1.41.tar.gz http://gps.sourceforge.net/ http://salix.org/raccess/ http://www.phenoelit.de/irpas/index.html http://www.phenoelit.de/vippr/index.html This should get you started =) Don't forget that an RFC archive is your best friend! > have fun linuxing > alvin > > > On Tue, 19 Mar 2002, Thorsten Henninger wrote: > > > Hi, > > I like this online fireall scan: > > > > http://scan.sygatetech.com/ > > > > Then do a "Quick Scan" > > and they show you, if any insecure ports are open and so on .... > > There are a lot more "Online Firewall Tests" available, > > I do not really know if they are good, but at least they show you > > any major leaks! > > > > regards, > > > > Thorsten > > > > > > Jiunn-Jye Chen wrote: > > > > >Hi > > > I have set up one pix firewall. How can I know that the policies I > > >have set work properly? Is there any sofeware that can test a firewall's > > >policies working correctely and produce some reference data? > > >Thanks > > > Eric Chen > > > > > > > > >_______________________________________________ > > >Firewalls mailing list > > >[EMAIL PROTECTED] > > >http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
