[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: slightly OT - software for testing FW rule sets.



There's a commercial product called Firewall Informer, made by Blade
Software (http://www.blade-software.com/), and several open source
scripts, one of which is firewall tester
(http://ftester.sourceforge.net/).
> HI Folks,
> 	 Yesterday I changed the software that generates to rule sets for our
> perimeter firewall, and yew, you guessed it, there was one minor
> problem.  The real problem was that affected an important service owned
> by a noisy group so I have spent an hour or so this morning writing long
> explanations.
>
> We had tested inbound access of the new rule sets in the lab by simply
> hanging a PC on the outside of the bridge with the inside connected to
> the general network and then worked though all the important services
> and made sure they were visible.
>
> Testing outbound access is more difficult and we did not do this
> extensively and were bitten because we managed to loose the rules that
> allowed one of our proxy servers out.
>
> Does anyone know of any software that will forge packets (SYNs and UDP
> should be enough) for a list of IPs and ports that I can use for testing
> in future.
>
> I am sure that I can cobble something together using perl and one of the
> packet assembling kits and I will do so if I need to, but I hate
> reinventing the wheel.
>
> Anyone think of any problems with this approach?
>
> Russell