Firewall Tester 0.6

From: Andrea Barisani (lcars@infis.univ.trieste.it)
Date: 04/09/02


Date: Tue, 9 Apr 2002 11:32:30 +0200
From: Andrea Barisani <lcars@infis.univ.trieste.it>
To: pen-test@securityfocus.com


Hi to all!

I've just released version 0.6 of my Firewall Tester, you can find it at:

http://www.infis.univ.trieste.it/ftester/~lcars
http://ftester.sourceforge.net

Main new features in this version are:

* IDS testing option, manually or directly with snort rule files

* connection spoofing in IDS test mode for handling stateful inspection
  IDS (like the stream4 preprocessor of snort)

* implementation of some IDS evasion techniques

See the Changelog for details.

Since I can't fully test this new features feedback regarding their implementation
is very welcome :). If you think that there's something missing regarding snort
conf parsing or evasion techniques just let me know and I'll fix and/or add what is
necessary, there's definetly a great deal of work to do but I hope that this could be
a nice start.

I will also try to add the ability of parsing other IDS conf files if you send me the
necessary info.

Any code contribution/improvement is very welcome ;)

Thanks to all.

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer .*.
Department of Physics - University of Trieste /V\
lcars@infis.univ.trieste.it - PGP Key 0x8E21FE82 (/ \)
---------------------------------------------------- ( )
"How would you know I'm mad?" said Alice. ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Firewall Tester 0.6
    ... * connection spoofing in IDS test mode for handling stateful inspection ... IDS (like the stream4 preprocessor of snort) ... Since I can't fully test this new features feedback regarding their implementation ... necessary info. ...
    (Focus-IDS)
  • AW: DoS tools
    ... Subject: AW: DoS tools ... I think the best DOS tool is putting this IDS on ... I don't think you can simulate real life flooding stuff.. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Value of "richer" signatures?
    ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
    (Focus-IDS)
  • Re: ids inquisition
    ... Subject: ids inquisition ... Snort isn't one of them. ... Brian Caswell - CSV output plugin, ... Christian Lademann - active response, ...
    (Focus-IDS)
  • RE: IDS recommendations
    ... Subject: IDS recommendations ... Snort is a relatively raw tool and that usually adds ... >> I can appreciate your comments on the ISS product. ...
    (Focus-IDS)