Well if you want to pen-test, there are a range of tools available, depends on your 
experience, and breadth of knowledge too. On the automated front you could try using 
Nessus, but again, interpretation of the results will depend on your knowledge and 
experience. For example you may want to test RDBMS (Oracle, MS SQL etc) access through 
a web application, in this case you need to know about the code the developer used to 
construct the web front/end/middleware. Anyway how long is a piece of string?!. I used 
to work for Oracle as an Ethical Hacker, so take that as you will, if you want any 
more info send me an email with some more details...

Cheerio



 
On Thursday, September 16, 2004, at 01:43AM, cmustard <[EMAIL PROTECTED]> wrote:

>Greets,
>
>I think I have my pf rules pretty well configured
>and I'm ready to implement them externally (to internet).
>Before I do, I would really like to try some
>penetration testing, search for vaulnerbilites/weakness/expolits
>to make sure my rules are as sound as I believe they are.
>I have of course nmap'ed and port scanned my box, etc.
>
>Are there any expolits (there are no 'known' expliots
>in my current set up) or tests anybody does before
>'rolling' out new pf rules (or firewall rules in general)
>to assure they are sound.
>
>I try to keep the box current as far as software expolits.
>I am more interested in how to circumvent my firewall or
>see if it can be.
>
>Thanks.
>
>
>
>
>-- 
>[EMAIL PROTECTED]
>SDF Public Access UNIX System - http://sdf.lonestar.org
>
>


--
Stu Thomas
web http://www.caughtbythe.net
mob +44 (0)7814 657351

Reply via email to