RE: FW1 External Ruleset validation tools?

From: Matt Foster (matt.foster@blade-software.com)
Date: Fri Sep 12 2003 - 05:19:51 EDT


Hi Leif,

Not sure if you have already seen Firewall Informer from Blade,
www.blade-software.com, it is an application which enables you to transmit any
traffic between two network cards allowing you to statefully and
bi-directionally test a firewall to prove with 100% accuracy what is allowed and
blocked in both directions. You can spoof source and destination ip and port
information as well as their being a number of other management controls.

The application allows you to build Protocol Scan files quickly and easily, you
can define if a check should succeed, fail or don't know, this allows you to
rapidly identify errors in policy configuration.

Let me know if you would like to have a chat further regarding the product or
would like to see a demo?

Regards
Matt

_____________________________________
Matt Foster
Blade-Software Inc.
www.blade-software.com
Security Compliance Management Solutions
______________________________________

-----Original Message-----
From: Leif Sawyer [mailto:lsawyer@gci.com]
Sent: 10 September 2003 18:04
To: pen-test@securityfocus.com
Subject: FW1 External Ruleset validation tools?

Hello,

I'm looking for a way to audit my firewall ruleset, in
a very specific manner.

I've gotten reports of packets traversing our firewall
that should not be allowed by any of the rules currently implemented.

What is the easiest way to find out what rule line the supposed packet
could be traversing, without logging on every single rule? This is
interesting because it is a random occurance, with no way to know
when it will happen. And I dislike the idea of full logging until
I see the violation again -- I just don't have the diskspace, for one.

Something like an external program that would allow a crafted packet
to be 'virtually' sent through the ruleset would be perfect.

Does such a tool exist? Preferably supporting Checkpoint FW-1 NG

Thanks

Leif Sawyer

--
"It's pronounced Layf...you know, like Leif Garret? Don't you watch
 'I Love the 70's'? What kind of retro lover are you, anyway?"
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT