Penetration Testing mailing list archives
RE: Firewall rulebase automation - Grey Box assessment
From: "Peter Parker" <peterparker () fastmail fm>
Date: Fri, 27 Jun 2008 08:20:46 -0700
I agree to Chris. Had an opportunity to test CP-VSX and NetScreen both on high speed networks and to my dismay many things do not function as configured and expected. Specially when the firewalls are under heavy traffic. For true test on whats allowed and whats not -- go on wire, load the box and perform your tests. On Thu, 26 Jun 2008 06:17:26 -0400, "Chris Brenton" <cbrenton () chrisbrenton org> said:
On Thu, 2008-06-26 at 08:28 +0400, Naveed Ahmed wrote:Hello All There is another great tool at http://www.niiconsulting.com/products/Firesec.html This will help you to housekeep rule bases as well as analyse themIMHO the problem with all of these tools is that they assume the rule base is an accurate description of what is permitted to pass on the wire. Anyone who has done wire level testing knows this is very rarely the case (think CP or Juniper permitted ACK session establishment to simplify active-active, Cisco poor handling of ICMP errors, multiple firewalls with poor sequence number or checksum validation, etc. etc.). Tools like FTester or Dr. Morena will give you a much more accurate view. More info at: http://dev.inversepath.com/trac/ftester http://www.securiteam.com/tools/5MP0P1F40Y.html Or even better, snag copies of nmap, hping & Scrappy and customize your testing. You may be pretty surprised at what you are leaking through. HTH, Chris ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
-- peter peterparker () fastmail fm -- http://www.fastmail.fm - Send your email first class ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Firewall rulebase automation - Grey Box assessment arvind doraiswamy (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Clement Dupuis (Jun 25)
- RE: Firewall rulebase automation - Grey Box assessment Naveed Ahmed (Jun 25)
- RE: Firewall rulebase automation - Grey Box assessment Chris Brenton (Jun 26)
- RE: Firewall rulebase automation - Grey Box assessment Peter Parker (Jun 27)
- RE: Firewall rulebase automation - Grey Box assessment Naveed Ahmed (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Clement Dupuis (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Peter Parker (Jun 25)
- Re: Firewall rulebase automation - Grey Box assessment Nikhil Wagholikar (Jun 27)
- Re: Firewall rulebase automation - Grey Box assessment Rick Zhong (Jun 29)
- <Possible follow-ups>
- Re: Firewall rulebase automation - Grey Box assessment arvind doraiswamy (Jun 25)