Re: Firewall Load Testing

• Previous message: Tina Bird: "remote MAC address discovery?"
• In reply to: Jason Dixon: "Firewall Load Testing"
• Next in thread: Gene: "Re: Firewall Load Testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Kurt Seifried" <bt@seifried.org>
To: "Jason Dixon" <jasondixon@myrealbox.com>, <pen-test@securityfocus.com>
Date: Tue, 10 Dec 2002 10:37:48 -0800

> My apologies if this isn't the right forum for this question; I'm
> running into great difficulty finding the right tool for this job short
> of writing my own. All of the other lists I've tried have come up
> blank.
>
> Basically, I'm looking to test a firewall's capabilities. At the very
> least, I'd like to have endpoint-to-endpoint creation and analyzation of
> thousands of concurrent, possibly varying in protocol type, connections
> through the firewall. At the very most, I'd like something to pen/load
> test the firewall in order to determine maximum states, connections (vpn
> and otherwise), etc.
>
> Is anyone familiar with a good toolkit or collection of *nix utilities
> that will do what I'm looking for?
>
> TIA,
> J.

There are hardware/software solutions to generate stupid (yes, that's a
technical term) amounts of traffic, but they tend to be pricey (but OTOH
they make for nice re-creatable tests). For 10/100 base interface firewalls
however a few unix systems on either end doing things like synfloods or
running Dan Kaminsky's new tools to scan networks (and create enormous
numbers of SYN packets) are freely available. Things like nmap on high
settings or several dozen (hundred) concurrent copies of Nessus going can
also generate significant loads. You can use tcpreplay to take captured
tcpdump streams and replay them, this can also be used to create large
amounts of arbitrarily wierd and hostile network traffic. In the OpenBSD
(and most BSD systems) ports tree, net and security directories there are
tons of tools to create these conditions.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Wolf, Glenn: "RE: remote MAC address discovery?"
• Previous message: Tina Bird: "remote MAC address discovery?"
• In reply to: Jason Dixon: "Firewall Load Testing"
• Next in thread: Gene: "Re: Firewall Load Testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [REVS] Bypassing Client Application Protection Techniques ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ... (Securiteam) Re: Recycler security issues on IIS server ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ... (microsoft.public.inetserver.iis.security) Why hasnt Symantec addressed nastier Messenger spoofs ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ... (comp.security.misc) Re:RE : suggestions on a good firewall ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ... (Security-Basics) Re: Service pack 2 (XP) ... I have a 'theory' that SP2 has a LOT to do with firewall and new browser ... besides those security features. ... The operative word is SPYWARE. ... (microsoft.public.windowsupdate)