On Don, 2003-02-06 at 09:41, Javier Fernández-Sanguino Peña wrote: > On Wed, Feb 05, 2003 at 11:56:42AM -0500, [EMAIL PROTECTED] wrote: > > On Wed, Feb 05, 2003 at 11:14:50AM -0500, merk0020 wrote: > > > Hello I am about to make the Proxy/Firewall on your > > > www.aboutdebian.com web site. I was wondering how to go about testing > > > it when finished. I have multiple computers and various internet > > > connections. > > > (...) > > > > Run an nmap scan over the test box and make sure it is consistent with > > your firewall config. > > > Note that nmap (or nessus for that matter) will only determine the > security of the proxy/firewall itself (if pointed at it) and not of the > computers _behind_ it. > You have to also port scan the boxes behind to determine if they > are properly protected by the firewall. > > A nice document on firewall testing would be CERT's: > http://www.cert.org/security-improvement/practices/p060.html > or Eugene Schultz's > www.cerias.purdue.edu/homes/firewall/references/fwtest.doc > > Also you could use a tool to test you firewall rules from inside/out such > as "Firewall Tester" http://www.infis.univ.trieste.it/~lcars/ftester/. > Is anyone aware of similar ones? (packaged in Debian?) i found that question interesting enough to dig a bit: $apt-cache search packet|grep IP (edited) isic - Test the integrity of an IP Stack with semi-random packets nemesis - TCP/IP Packet Injection Suite rain - packet builder for testing IP protocols implementations. sendip - A commandline tool to allow sending arbitrary IP packets. stone - TCP/IP packet repeater in the application layer
other injectors can surely be found at packetstorm or similiar sites. searching freshmeat (traffic/firewall + test): http://freshmeat.net/projects/packit/ http://freshmeat.net/projects/trafficgenerator/ http://freshmeat.net/projects/apsr/ furthermore the somewhat related (and imho most interesting) http://freshmeat.net/projects/fragroute/ sf doesn't add anything new, a glance at google just shows alot of noise (LeakTest, ZoneAlarm, BlackICE) thinking about it, this might be interesting, too: http://www.doxpara.com/read.php/code/paketto.html regards, tok > > Regards > > Javi
