Re: FW1 External Ruleset validation tools?

• Previous message: Klahn, Paul: "RE: FW1 External Ruleset validation tools?"
• In reply to: Leif Sawyer: "FW1 External Ruleset validation tools?"
• Next in thread: c0ded: "Re: FW1 External Ruleset validation tools?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 10 Sep 2003 21:40:58 +0100
To: pen-test@securityfocus.com

Hi

We use Blade Software's Firewall Informer product - it does just what you
want I reckon.

http://www.blade-software.com/FWInformer.htm

regards
Pete

At 09:04 10/09/2003 -0800, Leif Sawyer wrote:

>Hello,
>
>I'm looking for a way to audit my firewall ruleset, in
>a very specific manner.
>
>
>I've gotten reports of packets traversing our firewall
>that should not be allowed by any of the rules currently implemented.
>
>What is the easiest way to find out what rule line the supposed packet
>could be traversing, without logging on every single rule? This is
>interesting because it is a random occurance, with no way to know
>when it will happen. And I dislike the idea of full logging until
>I see the violation again -- I just don't have the diskspace, for one.
>
>Something like an external program that would allow a crafted packet
>to be 'virtually' sent through the ruleset would be perfect.
>
>Does such a tool exist? Preferably supporting Checkpoint FW-1 NG
>
>Thanks
>
>Leif Sawyer
>--
>
>"It's pronounced Layf...you know, like Leif Garret? Don't you watch
> 'I Love the 70's'? What kind of retro lover are you, anyway?"
>
>
>
>

----------------------------------------------------------
Peter Wood
Chief of Operations
First Base Technologies
+44 (0)1273 454525
www.fbtechies.co.uk
www.white-hats.co.uk

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

• Previous message: Klahn, Paul: "RE: FW1 External Ruleset validation tools?"
• In reply to: Leif Sawyer: "FW1 External Ruleset validation tools?"
• Next in thread: c0ded: "Re: FW1 External Ruleset validation tools?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: FW1 External Ruleset validation tools? ... First test that the packet is making it through your firewall. ... Once you have confirmation of that, enable whatever logging ... technology powered by the award-winning FoundScan engine. ... (Pen-Test) RE: FW1 External Ruleset validation tools? ... Not sure if you have already seen Firewall Informer from Blade, ... What is the easiest way to find out what rule line the supposed packet ... reliable vulnerability assessment technology powered by the award-winning FoundScan engine. ... (Pen-Test) Re: Kerio PFW 2.14 - Safe? ... >> down user interface. ... Then consider the fact that most packet ... If Kerio 'X' says it's stateful it most ... >> way to know for sure would be to stand between the firewall and the ... (comp.security.firewalls) Re: Firewall questions -- what is ...? ... packet payload inspection. ... IDS is not a firewall and does not necessarily protect you. ... port number for a well known service and the destination port is above 1023, ... Firewalls and IDS are prone to frequent false alarms. ... (microsoft.public.security) Re: Max iptables rules? ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ... (comp.security.firewalls)