Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

firewall testing framework/parameters

From: Siddhartha Jain <losttoy2000 () yahoo co uk>
Date: Wed, 16 Jan 2002 10:28:34 +0000 (GMT)
Hi,

I am in the process of preparing a framework/parameter
list on which a firewall would be tested. Here are
some tests i can think of on which a firewall should
be tested:

1. Sustained TCP connections, thoughput & number. Eg.
FTP

2. Short-lived TCP connections, throughput, number,
connection establishment and tear-down time. Eg.
SMTP/HTTP

3. Sustanied UDP connections (although UDP is
connectionless), throughput & number. Eg. Streaming
video/audio.

4. Short-lived UDP communication, number. Eg. DNS.

5. ICMP RTT at diferent load levels.

6. SYN Flood test

7. Connection establishment time wrt to number of
rules on the firewall.

8. Filtering and fragmentation 
- Reaction of the firewall on receiving a TCP packet
with the RST or ACK flag set.
- IP fragmentation re-assembly test.
- Overlap recognition

9. Are existing checksums for IP, TCP and UDP
verified?

10. A portscan of the firewall IP. Of the servers
behind the firewall.

11. Nessus tests on the firewall IP and the servers
behind the firewall.

12. All the tests repeated with static NAT enabled.

13. All the tests repeated with IPSec.

14. Effect of logging on the these tests.

15. Attempt to reach denied ports behind the firewall
when the firewall is saturated. Or in the other words,
test if the firewall turns blind during a SYN Flood?

Can you think of more tests for stressing/penetrating
the firewall. Also, what methodology should be adopted
to measure the various test results?

Any help would be appreciated.

Regards,

Siddhartha

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: