Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: Kjell Wooding <kwooding () codetalker com>
Date: Thu, 25 Jun 1998 13:51:36 -0600
I would like to see some extensive security testing against firewalls, similar to one that SNI made against IDSs. Is there something similar available on the net? [or at least close, just not "we used ISS against FW-1" tests...]
I would love to see (or do) some myself. I put a few of the major NT firewalls through some of this sort of testing when evaluating them for a client. Many of them turned up oddities that should be further investigated. (Cyberguard, for instance, happily passes all fragments #2 and up through the firewall, both ways, unlogged. Sure. Filtering is done on #0 (#1 is dropped), but statefullness should enter into the equation somewhere). Many of them had trouble (or a complete inability) to filter ICMP (ie. Guardian - allow ping = allow all ICMP). Early versions of Firewall/Plus had a nasty statefulness bug (now fixed, though not in the DOS version). Those kinds of behaviors worry me. A nice, scripted testbench would be a great start. -kj -- Kjell Wooding <kwooding () codetalker com> Codetalker Communications, Inc. For the latest Infosec News, see http://www.codetalker.com/
Current thread:
- RE: Proxy 2.0 secure? Stout, Bill (Jun 23)
- RE: Proxy 2.0 secure? Aleph One (Jun 24)
- <Possible follow-ups>
- RE: Proxy 2.0 secure? Grigorof, Adrian (Jun 24)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 24)
- Re: Proxy 2.0 secure? tqbf (Jun 25)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 25)
- Re: Proxy 2.0 secure? Mark Horn [ Net Ops ] (Jun 25)
- RE: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- RE: Proxy 2.0 secure? ark (Jun 25)
- RE: Proxy 2.0 secure? Stout, Bill (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 26)