Re: FW1 External Ruleset validation tools?

From: Peter Wood (peterw_at_firstbase.co.uk)
Date: 09/10/03

  • Next message: c0ded: "Re: FW1 External Ruleset validation tools?" 
    Date: Wed, 10 Sep 2003 21:40:58 +0100
To: pen-test@securityfocus.com

    Hi

    We use Blade Software's Firewall Informer product - it does just what you
    want I reckon.

    http://www.blade-software.com/FWInformer.htm

    regards
    Pete

    At 09:04 10/09/2003 -0800, Leif Sawyer wrote:

    >Hello,
    >
    >I'm looking for a way to audit my firewall ruleset, in
    >a very specific manner.
    >
    >
    >I've gotten reports of packets traversing our firewall
    >that should not be allowed by any of the rules currently implemented.
    >
    >What is the easiest way to find out what rule line the supposed packet
    >could be traversing, without logging on every single rule? This is
    >interesting because it is a random occurance, with no way to know
    >when it will happen. And I dislike the idea of full logging until
    >I see the violation again -- I just don't have the diskspace, for one.
    >
    >Something like an external program that would allow a crafted packet
    >to be 'virtually' sent through the ruleset would be perfect.
    >
    >Does such a tool exist? Preferably supporting Checkpoint FW-1 NG
    >
    >Thanks
    >
    >Leif Sawyer
    >--
    >
    >"It's pronounced Layf...you know, like Leif Garret? Don't you watch
    > 'I Love the 70's'? What kind of retro lover are you, anyway?"
    >
    >
    >
    >

    ----------------------------------------------------------
    Peter Wood
    Chief of Operations
    First Base Technologies
    +44 (0)1273 454525
    www.fbtechies.co.uk
    www.white-hats.co.uk

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------

  • Next message: c0ded: "Re: FW1 External Ruleset validation tools?"

    Relevant Pages

    • Re: FW1 External Ruleset validation tools?
      ... First test that the packet is making it through your firewall. ... Once you have confirmation of that, enable whatever logging ... technology powered by the award-winning FoundScan engine. ...
      (Pen-Test)
    • RE: FW1 External Ruleset validation tools?
      ... Not sure if you have already seen Firewall Informer from Blade, ... What is the easiest way to find out what rule line the supposed packet ... reliable vulnerability assessment technology powered by the award-winning FoundScan engine. ...
      (Pen-Test)
    • Re: Kerio PFW 2.14 - Safe?
      ... >> down user interface. ... Then consider the fact that most packet ... If Kerio 'X' says it's stateful it most ... >> way to know for sure would be to stand between the firewall and the ...
      (comp.security.firewalls)
    • Re: Firewall questions -- what is ...?
      ... packet payload inspection. ... IDS is not a firewall and does not necessarily protect you. ... port number for a well known service and the destination port is above 1023, ... Firewalls and IDS are prone to frequent false alarms. ...
      (microsoft.public.security)
    • Re: Max iptables rules?
      ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ...
      (comp.security.firewalls)