Re: Firewall ACL determinations

From: Alon Swartz (alonsw@netvision.net.il)
Date: 02/26/02 

Date: Tue, 26 Feb 2002 03:18:59 +0200
From: Alon Swartz <alonsw@netvision.net.il>
To: Penatration Testing <PEN-TEST@SECURITYFOCUS.COM>

You could use the tool firewalk or even nmap with the -sA or -sW switches.
-sA is for an ACK Scan.

It could be used to map a rule base by determining whether the FW is
stateful or a SYN Blocking packet filter. Nmap will send an ACK packet
(indicates a successful receipt of a packet) to each port being scanned.
Since there was no established connection, the firewall will reply with a
RST packet if the port is not filtered.

-sW is for a window Scan.
Similar to -sA but uses TCP window size to determine whether ports are
filtered, not filtered or open.

Hope the above helps.
Regards,

Alon Swartz.

-----Original Message-----
From: Kelley John C. J9C548 [mailto:kelleyj@je.jfcom.mil]
Sent: Friday, February 22, 2002 20:17
To: Pen-Test (E-mail)
Subject: Firewall ACL determinations

All,
        What 'best practice' tools are available for ACL determination? I
have been tasked to develop a full spectrum vulnerability assessment test
plan and have not found a great deal on ACL determination. Any info or
links are appreciated.

        Thanks,

        John

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: Hacking demo - most spectacular techniques
    ... I setup an IIS 5 box and a firewall. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: How to Tackle the Legal Tangle?
    ... How to Tackle the Legal Tangle? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)