From: LATRECHE Abdelbaset (abdelbaset.latreche@fr.ubizen.com)
Date: Fri Aug 22 2003 - 05:35:13 EDT
Hi,
Firewalk is a good tool to learn, it sending out TCP or UDP packets with a
TTL value. But in the real world "ICMP_TIME_EXCEEDED " is rarely allowed
hence your Firewalking technique will not help a lot.
Try to build your own testing methodology based on the kind of traffic,
hosts, protocols, routers, ids, firewalls...and off course the breaker or
the sysadmin point of view.
Tools like nmap and hping are very usefull, cross checking with tcpdump
and or snort should help to see what's going on.
Abdelbaset.
>
>Hi,
>
>i have recently tried the Firewalk 5.0 tool on the checkpoint firewall.
>Somehow, there is lack of help in using this tool. the only source of
>documents i have is a whitepaper which does not list out how to actually
use
>this tool.
>has anyone been in contact with this tool, or any effective and successful
>firewall penentration tesing tools?
>
>rdgs
>Crux
>
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT