Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Firewall rulebase automation - Grey Box assessment
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Thu, 26 Jun 2008 06:17:26 -0400

On Thu, 2008-06-26 at 08:28 +0400, Naveed Ahmed wrote:

Hello All
There is another great tool at http://www.niiconsulting.com/products/Firesec.html

This will help you to housekeep rule bases as well as analyse them

IMHO the problem with all of these tools is that they assume the rule
base is an accurate description of what is permitted to pass on the
wire. Anyone who has done wire level testing knows this is very rarely
the case (think CP or Juniper permitted ACK session establishment to
simplify active-active, Cisco poor handling of ICMP errors, multiple
firewalls with poor sequence number or checksum validation, etc. etc.).

Tools like FTester or Dr. Morena will give you a much more accurate
view. More info at:

http://dev.inversepath.com/trac/ftester
http://www.securiteam.com/tools/5MP0P1F40Y.html

Or even better, snag copies of nmap, hping & Scrappy and customize your
testing. You may be pretty surprised at what you are leaking through.

HTH,
Chris



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault