FW1 External Ruleset validation tools?

From: Leif Sawyer (lsawyer_at_gci.com)
Date: 09/10/03

  • Next message: Ian Lyte: "NAT.EXE Exceptions" 
    To: pen-test@securityfocus.com
Date: Wed, 10 Sep 2003 09:04:07 -0800

    Hello,

    I'm looking for a way to audit my firewall ruleset, in
    a very specific manner.

    I've gotten reports of packets traversing our firewall
    that should not be allowed by any of the rules currently implemented.

    What is the easiest way to find out what rule line the supposed packet
    could be traversing, without logging on every single rule? This is
    interesting because it is a random occurance, with no way to know
    when it will happen. And I dislike the idea of full logging until
    I see the violation again -- I just don't have the diskspace, for one.

    Something like an external program that would allow a crafted packet
    to be 'virtually' sent through the ruleset would be perfect.

    Does such a tool exist? Preferably supporting Checkpoint FW-1 NG

    Thanks

    Leif Sawyer 

    --
"It's pronounced Layf...you know, like Leif Garret? Don't you watch
 'I Love the 70's'? What kind of retro lover are you, anyway?"

  • Next message: Ian Lyte: "NAT.EXE Exceptions"