Penetration Testing mailing list archives

Re: Firewall Load Testing

From: "Kurt Seifried" <bt () seifried org>
Date: Tue, 10 Dec 2002 10:37:48 -0800

My apologies if this isn't the right forum for this question;  I'm
running into great difficulty finding the right tool for this job short
of writing my own.  All of the other lists I've tried have come up
blank.

Basically, I'm looking to test a firewall's capabilities.  At the very
least, I'd like to have endpoint-to-endpoint creation and analyzation of
thousands of concurrent, possibly varying in protocol type, connections
through the firewall.  At the very most, I'd like something to pen/load
test the firewall in order to determine maximum states, connections (vpn
and otherwise), etc.

Is anyone familiar with a good toolkit or collection of *nix utilities
that will do what I'm looking for?

TIA,
J.


There are hardware/software solutions to generate stupid (yes, that's a
technical term) amounts of traffic, but they tend to be pricey (but OTOH
they make for nice re-creatable tests). For 10/100 base interface firewalls
however a few unix systems on either end doing things like synfloods or
running Dan Kaminsky's new tools to scan networks (and create enormous
numbers of SYN packets) are freely available. Things like nmap on high
settings or several dozen (hundred) concurrent copies of Nessus going can
also generate significant loads. You can use tcpreplay to take captured
tcpdump streams and replay them, this can also be used to create large
amounts of arbitrarily wierd and hostile network traffic. In the OpenBSD
(and most BSD systems) ports tree, net and security directories there are
tons of tools to create these conditions.


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Firewall Load Testing Jason Dixon (Dec 10)
- Re: Firewall Load Testing Kurt Seifried (Dec 10)
- Re: Firewall Load Testing Gene (Dec 10)
- <Possible follow-ups>
- RE: Firewall Load Testing Brass, Phil (ISS Atlanta) (Dec 10)
  - Re: Firewall Load Testing Andrea Barisani (Dec 11)