Penetration Testing mailing list archives

Re: Firewall Load Testing

From: Andrea Barisani <lcars () infis univ trieste it>
Date: Wed, 11 Dec 2002 09:03:30 +0100

On Tue, Dec 10, 2002 at 01:42:10PM -0500, Brass, Phil (ISS Atlanta) wrote:

One of the problems I have found in this arena is that many hosts
(windows particularly) cannot hold open more than about 5000
simultaneous TCP connections.  I know some unices have similar problems,
though my understanding is that it is possible to frob the BSD kernel at
least to get at least 40,000 simultaneous connections.  That is all very
well and good, but unless there are enough target machines behind the
firewall to handle that many connections, or you get to run your own
listener on another frobbed box on the inside, you aren't going to be
able to hold open that many connections.


Hi,

Many open connections can be simulated with my ftester tool
(http://ftester.sourceforge.net), basically you use two packet injectors (one
sniffing the traffic generated by the other side) and you let the firewall
see a valid handshake and session. In this way you don't have the
simultaneous connections problem since the packets are injected and not
handled by the stack. Of course you need at least two hosts, one on
each side of the firewall. Hope that helps :)

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer         .*. 
Department of Physics       - University of Trieste    /V\
lcars () infis univ trieste it - PGP Key 0x8E21FE82      (/ \)
----------------------------------------------------  (   )
"How would you know I'm mad?" said Alice.             ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Firewall Load Testing Jason Dixon (Dec 10)
- Re: Firewall Load Testing Kurt Seifried (Dec 10)
- Re: Firewall Load Testing Gene (Dec 10)
- <Possible follow-ups>
- RE: Firewall Load Testing Brass, Phil (ISS Atlanta) (Dec 10)
  - Re: Firewall Load Testing Andrea Barisani (Dec 11)