RE: FW1 External Ruleset validation tools?

From: Rob Shein (shoten@starpower.net)
Date: Thu Sep 11 2003 - 13:05:06 EDT


What can you tell us about the nature of the packets? In Checkpoint, there
are "Implied" rules that govern things like UDP responses and DNS
communications. In many cases, firewall testing tools will not replicate
the real-world interactions that these rules are meant for.

> -----Original Message-----
> From: Leif Sawyer [mailto:lsawyer@gci.com]
> Sent: Wednesday, September 10, 2003 1:04 PM
> To: pen-test@securityfocus.com
> Subject: FW1 External Ruleset validation tools?
>
>
> Hello,
>
> I'm looking for a way to audit my firewall ruleset, in
> a very specific manner.
>
>
> I've gotten reports of packets traversing our firewall
> that should not be allowed by any of the rules currently implemented.
>
> What is the easiest way to find out what rule line the
> supposed packet could be traversing, without logging on every
> single rule? This is interesting because it is a random
> occurance, with no way to know when it will happen. And I
> dislike the idea of full logging until I see the violation
> again -- I just don't have the diskspace, for one.
>
> Something like an external program that would allow a crafted
> packet to be 'virtually' sent through the ruleset would be perfect.
>
> Does such a tool exist? Preferably supporting Checkpoint FW-1 NG
>
> Thanks
>
> Leif Sawyer
> --
>
> "It's pronounced Layf...you know, like Leif Garret? Don't you
> watch 'I Love the 70's'? What kind of retro lover are you, anyway?"
>
>

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT