Penetration Testing mailing list archives
Re: Firewall Load Testing
From: Andrea Barisani <lcars () infis univ trieste it>
Date: Wed, 11 Dec 2002 09:03:30 +0100
On Tue, Dec 10, 2002 at 01:42:10PM -0500, Brass, Phil (ISS Atlanta) wrote:
One of the problems I have found in this arena is that many hosts (windows particularly) cannot hold open more than about 5000 simultaneous TCP connections. I know some unices have similar problems, though my understanding is that it is possible to frob the BSD kernel at least to get at least 40,000 simultaneous connections. That is all very well and good, but unless there are enough target machines behind the firewall to handle that many connections, or you get to run your own listener on another frobbed box on the inside, you aren't going to be able to hold open that many connections.
Hi, Many open connections can be simulated with my ftester tool (http://ftester.sourceforge.net), basically you use two packet injectors (one sniffing the traffic generated by the other side) and you let the firewall see a valid handshake and session. In this way you don't have the simultaneous connections problem since the packets are injected and not handled by the stack. Of course you need at least two hosts, one on each side of the firewall. Hope that helps :) Bye ------------------------------------------------------------ INFIS Network Administrator & Security Officer .*. Department of Physics - University of Trieste /V\ lcars () infis univ trieste it - PGP Key 0x8E21FE82 (/ \) ---------------------------------------------------- ( ) "How would you know I'm mad?" said Alice. ^^-^^ "You must be,'said the Cat,'or you wouldn't have come here." ------------------------------------------------------------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Firewall Load Testing Jason Dixon (Dec 10)
- Re: Firewall Load Testing Kurt Seifried (Dec 10)
- Re: Firewall Load Testing Gene (Dec 10)
- <Possible follow-ups>
- RE: Firewall Load Testing Brass, Phil (ISS Atlanta) (Dec 10)
- Re: Firewall Load Testing Andrea Barisani (Dec 11)