From: Peter Wood (peterw@firstbase.co.uk)
Date: Wed Sep 10 2003 - 16:40:58 EDT
Hi
We use Blade Software's Firewall Informer product - it does just what you
want I reckon.
http://www.blade-software.com/FWInformer.htm
regards
Pete
At 09:04 10/09/2003 -0800, Leif Sawyer wrote:
>Hello,
>
>I'm looking for a way to audit my firewall ruleset, in
>a very specific manner.
>
>
>I've gotten reports of packets traversing our firewall
>that should not be allowed by any of the rules currently implemented.
>
>What is the easiest way to find out what rule line the supposed packet
>could be traversing, without logging on every single rule? This is
>interesting because it is a random occurance, with no way to know
>when it will happen. And I dislike the idea of full logging until
>I see the violation again -- I just don't have the diskspace, for one.
>
>Something like an external program that would allow a crafted packet
>to be 'virtually' sent through the ruleset would be perfect.
>
>Does such a tool exist? Preferably supporting Checkpoint FW-1 NG
>
>Thanks
>
>Leif Sawyer
>--
>
>"It's pronounced Layf...you know, like Leif Garret? Don't you watch
> 'I Love the 70's'? What kind of retro lover are you, anyway?"
>
>
>
>
----------------------------------------------------------
Peter Wood
Chief of Operations
First Base Technologies
+44 (0)1273 454525
www.fbtechies.co.uk
www.white-hats.co.uk
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT