[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: firewall test

To: "'dan_mclean@mlc.com.au'" <dan_mclean@mlc.com.au>,misc@openbsd.org
Subject: RE: firewall test
From: John Pavlakis <JPavlakis@fortpoint.com>
Date: Fri, 1 Jun 2001 10:29:20 -0400

unfortunately, the best test requires a test setup. I am fortunate enough to
be able to test out my 'wall at work. The external interface goes to a
regular port, and the internal one goes to a small hub, to which I attach my
laptop. On the external network, I have an obsd box with Nessus and Nmap.
Just run it on the firewall external IP and see what happens. The only thing
that tips off the possiblility of a firewall is that the only packet that
get's through is a SYN flagged TCP packet to port 22. All other non-SYN
scans show all ports closed, which can be viewed as a discrepancy depending
on the knowledge of the attacker. Nessus did not show anything of useful
significance. Try logging stuff and seeing what scans do what patterns. Also
consider logging the packet itself (within reason) and check out
http://project.honeynet.org/ to figure out what tool was used to generate
the packets.

Whatever you do, READ THIS: http://www.obfuscation.org/ipf/ it really helps
lock down the best config.

> -----Original Message-----
> From: dan_mclean@mlc.com.au [mailto:dan_mclean@mlc.com.au]
> Sent: Friday, June 01, 2001 10:17 AM
> To: misc@openbsd.org
> Subject: firewall test
> 
> 
> I have just set up a firewall (I think) and want to test that I have
> blocked some ports properly.
> 
> How can I test it?

Prev by Date: IPFW home page?
Next by Date: Re: firewall test
Prev by thread: Re: firewall test
Next by thread: IPFW home page?
Index(es):
- Date
- Thread