Firewall Tester 0.7

From: Andrea Barisani (lcars@infis.univ.trieste.it)
Date: Thu May 30 2002 - 10:08:52 EDT

• Next message: Philippe De ARAUJO: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Previous message: David Litchfield: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Next in thread: Andrea Barisani: "Firewall Tester 0.9"
• Reply: Andrea Barisani: "Firewall Tester 0.9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi to all!

I've just released version 0.7 of my Firewall Tester, you can find it at:

http://www.infis.univ.trieste.it/~lcars/ftester
http://ftester.sourceforge.net

Main new features in this version are:

* fragmentation option for injected packets for both firewall and IDS testing modes
  with the possibility to specify fragments number/size

* fragmentation related evasion techniques

* is now possible to specify TCP segments number or size when in evasion mode

* extended syntax now works also for connection spoofing mode

See the Changelog for details.

Description:

The Firewall Tester consists of two perl scripts, the client part (ftest)
and the listening sniffer (ftestd). The client injects custom marked packets,
while the sniffer listens for them.
An IDS (Intrusion Detection System) testing feature is also available and
snort rule definition file can parsed instead of the standard configuration
syntax, ftest can also use common IDS evasion techniques.
Stateful inspection firewall and IDS can be tested with the 'connection spoofing' option
wich generate valid spoofed connections.

Now since the old release announcement has stimulated a discussion regarding the use of
this kind of tools I think that a disclaimer is necessary:

--------
The IDS testing option that injects packets reading snort configuration files is designed
to test the IDS engine and NOT it's efficiency in detecting real world attacks, the
detection of an attacks involve multiple events and often human intervention to do proper
correlation. The Firewall Tester can only be useful to verify thinks like the IDS placement,
stateful inspection, fragmention handling, overall speed and so on. Keep this in mind when
using this tool.
--------

Any code contribution/improvement is very welcome ;)

Thanks to all.

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer .*.
Department of Physics - University of Trieste /V\
lcars@infis.univ.trieste.it - PGP Key 0x8E21FE82 (/ \)
---------------------------------------------------- ( )
"How would you know I'm mad?" said Alice. ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Philippe De ARAUJO: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Previous message: David Litchfield: "Re: Scanners and unpublished vulnerabilities - Full Disclosure"
• Next in thread: Andrea Barisani: "Firewall Tester 0.9"
• Reply: Andrea Barisani: "Firewall Tester 0.9"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:21 EDT