Re: Firewall Load Testing

From: Andrea Barisani (lcars@infis.univ.trieste.it)
Date: Wed Dec 11 2002 - 03:03:30 EST


On Tue, Dec 10, 2002 at 01:42:10PM -0500, Brass, Phil (ISS Atlanta) wrote:
> One of the problems I have found in this arena is that many hosts
> (windows particularly) cannot hold open more than about 5000
> simultaneous TCP connections. I know some unices have similar problems,
> though my understanding is that it is possible to frob the BSD kernel at
> least to get at least 40,000 simultaneous connections. That is all very
> well and good, but unless there are enough target machines behind the
> firewall to handle that many connections, or you get to run your own
> listener on another frobbed box on the inside, you aren't going to be
> able to hold open that many connections.
>

Hi,

Many open connections can be simulated with my ftester tool
(http://ftester.sourceforge.net), basically you use two packet injectors (one
sniffing the traffic generated by the other side) and you let the firewall
see a valid handshake and session. In this way you don't have the
simultaneous connections problem since the packets are injected and not
handled by the stack. Of course you need at least two hosts, one on
each side of the firewall. Hope that helps :)

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer .*.
Department of Physics - University of Trieste /V\
lcars@infis.univ.trieste.it - PGP Key 0x8E21FE82 (/ \)
---------------------------------------------------- ( )
"How would you know I'm mad?" said Alice. ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT