[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: slightly OT - software for testing FW rule sets.

If you just need packet generation, take a look at nemesis and hping2.
Russell Fulton wrote:
> HI Folks,
> 	 Yesterday I changed the software that generates to rule sets for our
> perimeter firewall, and yew, you guessed it, there was one minor
> problem.  The real problem was that affected an important service owned
> by a noisy group so I have spent an hour or so this morning writing long
> explanations.
> We had tested inbound access of the new rule sets in the lab by simply
> hanging a PC on the outside of the bridge with the inside connected to
> the general network and then worked though all the important services
> and made sure they were visible.
> Testing outbound access is more difficult and we did not do this
> extensively and were bitten because we managed to loose the rules that
> allowed one of our proxy servers out.
> Does anyone know of any software that will forge packets (SYNs and UDP
> should be enough) for a list of IPs and ports that I can use for testing
> in future.
> I am sure that I can cobble something together using perl and one of the
> packet assembling kits and I will do so if I need to, but I hate
> reinventing the wheel.
> Anyone think of any problems with this approach?
> Russell