Well if you want to pen-test, there are a range of tools available, depends on your experience, and breadth of knowledge too. On the automated front you could try using Nessus, but again, interpretation of the results will depend on your knowledge and experience. For example you may want to test RDBMS (Oracle, MS SQL etc) access through a web application, in this case you need to know about the code the developer used to construct the web front/end/middleware. Anyway how long is a piece of string?!. I used to work for Oracle as an Ethical Hacker, so take that as you will, if you want any more info send me an email with some more details...
Cheerio On Thursday, September 16, 2004, at 01:43AM, cmustard <[EMAIL PROTECTED]> wrote: >Greets, > >I think I have my pf rules pretty well configured >and I'm ready to implement them externally (to internet). >Before I do, I would really like to try some >penetration testing, search for vaulnerbilites/weakness/expolits >to make sure my rules are as sound as I believe they are. >I have of course nmap'ed and port scanned my box, etc. > >Are there any expolits (there are no 'known' expliots >in my current set up) or tests anybody does before >'rolling' out new pf rules (or firewall rules in general) >to assure they are sound. > >I try to keep the box current as far as software expolits. >I am more interested in how to circumvent my firewall or >see if it can be. > >Thanks. > > > > >-- >[EMAIL PROTECTED] >SDF Public Access UNIX System - http://sdf.lonestar.org > > -- Stu Thomas web http://www.caughtbythe.net mob +44 (0)7814 657351
