From: Klahn, Paul (Paul.Klahn@fishnetsecurity.com)
Date: Wed Sep 10 2003 - 15:36:26 EDT
Leif-
FireMon may be exactly what you are looking for, it's a revision
control solution for Check Point, Nokia (IPSO), and Cisco devices.
Specifically, FireMon's Policy Test feature allow you the ability to
specify a source IP, Destination IP and service (protocol and port) and
return what rule will process the tested traffic. This provides the
functionality you desire, without the need for traffic generation and
log analysis. We use this tool in our assessment practice and find it
useful.
Check out www.firemon.com
Paul Klahn
> -----Original Message-----
> From: Leif Sawyer [mailto:lsawyer@gci.com]
> Sent: Wednesday, September 10, 2003 12:04 PM
> To: pen-test@securityfocus.com
> Subject: FW1 External Ruleset validation tools?
>
>
> Hello,
>
> I'm looking for a way to audit my firewall ruleset, in
> a very specific manner.
>
>
> I've gotten reports of packets traversing our firewall
> that should not be allowed by any of the rules currently implemented.
>
> What is the easiest way to find out what rule line the supposed packet
> could be traversing, without logging on every single rule? This is
> interesting because it is a random occurance, with no way to know
> when it will happen. And I dislike the idea of full logging until
> I see the violation again -- I just don't have the diskspace, for one.
>
> Something like an external program that would allow a crafted packet
> to be 'virtually' sent through the ruleset would be perfect.
>
> Does such a tool exist? Preferably supporting Checkpoint FW-1 NG
>
> Thanks
>
> Leif Sawyer
> --
>
> "It's pronounced Layf...you know, like Leif Garret? Don't you watch
> 'I Love the 70's'? What kind of retro lover are you, anyway?"
>
>
The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material.
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system.
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT