Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall ACL determinations

From: Alon Swartz <alonsw () netvision net il>
Date: Tue, 26 Feb 2002 03:18:59 +0200
You could use the tool firewalk or even nmap with the -sA or -sW switches.
-sA is for an ACK Scan.

It could be used to map a rule base by determining whether the FW is
stateful or a SYN Blocking packet filter. Nmap will send an ACK packet
(indicates a successful receipt of a packet) to each port being scanned.
Since there was no established connection, the firewall will reply with a
RST packet if the port is not filtered.

-sW is for a window Scan.
Similar to -sA but uses TCP window size to determine whether ports are
filtered, not filtered or open.

Hope the above helps.
Regards,

Alon Swartz.




-----Original Message-----
From: Kelley John C. J9C548 [mailto:kelleyj () je jfcom mil]
Sent: Friday, February 22, 2002 20:17
To: Pen-Test (E-mail)
Subject: Firewall ACL determinations


All,
        What 'best practice' tools are available for ACL determination?  I
have been tasked to develop a full spectrum vulnerability assessment test
plan and have not found a great deal on ACL determination.  Any info or
links are appreciated.

        Thanks,

        John

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: