hi john
> > port scanning is NOT a firewall test???
> > - it doesnt matter that it says port 25 is open for the mail server
> > - it doesnt matter that it says port 80 is open for the web server
> I have to disagree. Port scanning over the years has shown many bugs in
> firewalls. I have seen so many Cisco routers crash just because the Ack and
> Fin flags are set or something along those lines (I'm sure we could point
> out more than just one case).
yes... tiz true too ... wasn't thinking about running nmap/nessus
to check the flags...
> > what you are really interested in is...
> > - is apache the latest/greatest ... ( no known exploits )
> > - is sendmail the latest/greatest ... ( no known exploits )
> This is true, but I think the original question was asking how he/she could
> test their firewall policies.
yup..
> > if you left all the ports open on your firewall ...
> > - you dont need a port scanner to tell you its open
> > ( there's more issues...
> What if your router has SNMP open to the outside, but you don't know how
> this happened? I have seen this before with routers that are mainly used for
> small businesses and homes.
hummm ... a router should NOT have ports open .. ??
- and yes.. most tend to plug-n-play ... w/o checking...
> > if you wanna test that your firewall is working properly ...
> > - hook up a random laptop ... if that laptop can
> > sniff your sensitive data... your firewall failed...
> What data? You mean the data coming/going to/from other workstations? What
> if the LAN is connected to one hub or two hubs? A switch would be much
> better for this (yes, I know we can have fun with ARP ;) ).
i'd rather see a firewall or gateway w/ ipchains in lieu of hubbs
and switches between different LAN segments...
- so that one can control what kind of traffic goes to the other
side
> > if the outside customers cannot send and receive emails from
> > your employee from inside the company ... your firewall failed...
> I'm lost and it's late.
one should be able to send/receive emails... to/from the outside...
( usual first/2nd test that everything is working according
( to users... surfing websites being the first/2nd tests too
> > if the outside custoemrs can see your internal network topology...
> > you should change your firewall rules
> This is what he/she is trying to accomplish.
deny all incoming traffic... fairly straight forward...
and enable services one at a time...
> > ... gazillion firewall tests ...
> >
> > if you unplug the firewall ...
> > - can people still work ???? .. if not its not working "right"
> Again, I am lost and it's late >=)
am hinting at have 2 or more firewalls and gateway to the outside world
> > if the hackers gets into your firewall...
> > - what can they sniff ...
> Too much! That's where encryption comes into play.
yuppers... ssh or ssl only traffic ??
> Here are my recommendations.
>
> Do you really like your firewall policies?
> Can you deny everything in/out unless permitted?
> Do you have the latest firewall firmware or software?
More tools... Policy wise...
http://www.Linux-Sec.net/Policy -- some are RFCs
have fun
alvin
http://www.Linux-Sec.net ... fun stuff ..
> Here are some tools.
>
> http://www.sys-security.com/html/projects/X.html
> http://www.insecure.org/nmap/
> http://packetstormsecurity.org/UNIX/firewall/ftester-0.5.tar.gz
> http://www.phreedom.org/article.php?id=29
> http://www.thehackerschoice.com/download.php?t=r&d=amap-0.95.tar.gz
> http://ettercap.sourceforge.net/
> http://www.earth.li/projectpurple/progs/sendip.html
> http://mixter.warrior2k.com/nsat-1.41.tar.gz
> http://gps.sourceforge.net/
> http://salix.org/raccess/
> http://www.phenoelit.de/irpas/index.html
> http://www.phenoelit.de/vippr/index.html
>
> This should get you started =) Don't forget that an RFC archive is your best
> friend!
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
