PaulDotCom mailing list archives
Firewall Audit
From: paul at pauldotcom.com (Paul Asadoorian)
Date: Wed, 10 Jun 2009 08:21:56 -0400
Chris Bentley wrote:
Paul/Ron any idea what type of scans I could run using nmap or nessus. Also this would make a good technical segment for the show.
Great question! See below for answers that are just off the top of my head: 1) nmap -sT -n -T4 -p1-65535 <targets behind the firewall> That will take some time, but the connect() scan works better for firewalls and causes them not to crash/fill up state table. Always scan all ports, and you can also mess around with different source ports too. 2) nmap -sU -n -T4 -p1-65535 <targets behind the firewall> Don't forget UDP! 3) Nessus is a vulnerability scanner, but does contain a really sweet TCP and UDP port scanner. I'd recommend running it against all ports using select plugin families. This way you can also find any vulnerabilities in your firewall (making certain that the actual IP address of your firewall is included in the targets) and the systems behind it. Also, there are several plugins that test "firewall stuff", 515 to be exact: # find . -name '*.nasl' -print0 | xargs -0 grep -i firewall | wc -l 515 :) Cheers, Paul -- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552
Current thread:
- Firewall Audit Chris (Jun 09)
- Firewall Audit Jack Daniel (Jun 09)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Florian Sicking (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Tim Mugherini (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Paul Asadoorian (Jun 10)
- Firewall Audit Albert R. Campa (Jun 10)
- Firewall Audit Chris Bentley (Jun 10)
- Firewall Audit Mike Patterson (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Jack Daniel (Jun 09)
- <Possible follow-ups>
- Firewall Audit Patrick Yager (Jun 10)