Re: Proxy 2.0 secure?

[Kjell Wooding <kwooding () codetalker com>]

> Ok, I'll bite.  What would YOU describe as "real firewall testing", given
> that you had to test a number of independent, but NT-based firewall
> products, and provide advice on their performance?

(okay. you were addressing Thomas, but I'll take a stab in here anyway).

I would like to see a scripted test suite that threw the following kinds of
packets
at a firewall (and a sniffer on the back end to see what came through)

* Standard TCP port scans (Normal, Stealth, Frag, etc)
* UDP Scans
* Scans from well-known ports (80, 53, etc)
* Stetefulness violations (set up a "permissible" packet stream, then
attempt to inject packets from other hosts, desynchronize the packet
stream, RST and FIN attacks - very similar to the aforementioned IDS
attacks. if the Firewall's concept of state is different than the end host...)
* Invalid (port 0) packets
* Fragmented. (Standard, out of order, pathological, FragID 1, a la SNI's
IDS testing)
* Bizarre TCP (and IP) options
* Invalid packets (a la Ping of Death)
* All flavors of ICMP (including invalid/unassigned types and codes)
* Proxy tests (there was a thread on the list earlier about throwing
arbitrary data at a proxy to see if it was passed).

-kj

--
Kjell Wooding <kwooding () codetalker com>
Codetalker Communications, Inc.

For the latest Infosec News, see http://www.codetalker.com/