Re: FW1 External Ruleset validation tools?

From: Steve Shah (sshah@planetoid.org)
Date: Thu Sep 11 2003 - 10:32:25 EDT


> > I'm looking for a way to audit my firewall ruleset, in
> > a very specific manner.

Check Freshmeat.net. There is a tool there called pacgen that
will generate arbitrary IP packets. You can use this to
recreate your packet.

First test that the packet is making it through your firewall.
Once you have confirmation of that, enable whatever logging
feature you want. Send the packet again, stop logging, and
then sift through what you have. You'll have much less data to
actually look through and ideally the ruleset being hit/missed
will show up easily.

-Steve

-- 
Steve Shah
sshah@planetoid.org - http://www.planetoid.org/
Beating code into submission, one OS at a time...
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT