Re: FW1 External Ruleset validation tools?
From: Steve Shah (sshah_at_planetoid.org)
Date: 09/11/03
- Previous message: Dimitris Petropoulos: "RE: FW1 External Ruleset validation tools?"
- In reply to: ravi pina: "Re: FW1 External Ruleset validation tools?"
- Next in thread: Klahn, Paul: "RE: FW1 External Ruleset validation tools?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Sep 2003 07:32:25 -0700 To: ravi pina <ravi@cow.org>
> > I'm looking for a way to audit my firewall ruleset, in
> > a very specific manner.
Check Freshmeat.net. There is a tool there called pacgen that
will generate arbitrary IP packets. You can use this to
recreate your packet.
First test that the packet is making it through your firewall.
Once you have confirmation of that, enable whatever logging
feature you want. Send the packet again, stop logging, and
then sift through what you have. You'll have much less data to
actually look through and ideally the ruleset being hit/missed
will show up easily.
-Steve
-- Steve Shah sshah@planetoid.org - http://www.planetoid.org/ Beating code into submission, one OS at a time... --------------------------------------------------------------------------- FREE Trial! New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL and PROFESSIONAL TL software. Fast, reliable vulnerability assessment technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825 ----------------------------------------------------------------------------
- Previous message: Dimitris Petropoulos: "RE: FW1 External Ruleset validation tools?"
- In reply to: ravi pina: "Re: FW1 External Ruleset validation tools?"
- Next in thread: Klahn, Paul: "RE: FW1 External Ruleset validation tools?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
