--===============2071459595==
Content-Type: multipart/alternative; boundary="0-1333417786-1155885962=:24224"
Content-Transfer-Encoding: 8bit

--0-1333417786-1155885962=:24224
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

There are couple of tools which test if a firewalling is leaking any packets. You could try fleaktest and firewalk to bypass firewalls.

Good luck
Durga Prasad.

"Marcus J. Ranum" wrote: Strabla Ruggero wrote:
>What I need is someone that could tell me which type of tests you do on
>your firewalls and that you like too see automated


You've chosen a fairly interesting problem. What do you intend to
measure about a firewall? It turns out that pretty much the only
aspect of firewalls that the industry has figured out how to measure
is performance - most notably thoughput and total concurrent
streams. Of course, since a firewall is a _security_ device one
would want to measure something about its security but it turns
out that security is a rather elusive property.

Testing a firewall with crafted packets will measure - something - but
it may measure very wrong. After all, unless your packets are crafted
to be indistinguishable from live application traffic, I'd argue that a
firewall was not very good from a security standpoint if it let any of
the packets through. Indeed, if all you're measuring is performance,
the same applies - firewalls that do layer-7 processing (How can
you call something that doesn't do layer-7 processing a "firewall"?
But that's another question) will have different performance properties
depending on the application mix and the layer-7 data going through,
let alone whether the data is correct or not.

There's a paper or two that might help you. One (search for
"Ranum Kostic Molitor") is quite ancient, but the problem remains
the same. Email me privately if you want a copy; I can see
if I can find it. Another is a paper I did back in the NFR days
on how to cheat on IDS benchmarks. It's highly relevant.
http://www.mail-archive.com/firewall.../msg22759.html
is a repeat thread of this topic from 2002. See also:
http://www.snort.org/docs/Benchmarking-IDS-NFR.pdf

Good luck; you've bitten off a huge problem. There have been
any number of attempts at testing firewalls (and IDS) poorly;
I've yet to see a test that's worth a pinch of sand.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards



---------------------------------
Here's a new way to find what you're looking for - Yahoo! Answers
Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW
--0-1333417786-1155885962=:24224
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

There are couple of tools which test if a firewalling is leaking any packets. You could try fleaktest and firewalk to bypass firewalls.

Good luck
Durga Prasad.

"Marcus J. Ranum" <mjr@ranum.com> wrote:
Strabla Ruggero wrote:
>What I need is someone that could tell me which type of tests you do on
>your firewalls and that you like too see automated

You've chosen a fairly interesting problem. What do you intend to
measure about a firewall? It turns out that pretty much the only
aspect of firewalls that the industry has figured out how to measure
is performance - most notably thoughput and total concurrent
streams. Of course, since a firewall is a _security_ device one
would want to measure something about its security but it turns
out that security is a rather elusive
property.

Testing a firewall with crafted packets will measure - something - but
it may measure very wrong. After all, unless your packets are crafted
to be indistinguishable from live application traffic, I'd argue that a
firewall was not very good from a security standpoint if it let any of
the packets through. Indeed, if all you're measuring is performance,
the same applies - firewalls that do layer-7 processing (How can
you call something that doesn't do layer-7 processing a "firewall"?
But that's another question) will have different performance properties
depending on the application mix and the layer-7 data going through,
let alone whether the data is correct or not.

There's a paper or two that might help you. One (search for
"Ranum Kostic Molitor") is quite ancient, but the problem remains
the same. Email me privately if you want a copy; I can see
if I can find it. Another is a paper I did back in the NFR days
on
how to cheat on IDS benchmarks. It's highly relevant.
http://www.mail-archive.com/firewalls@lists.gnac.net/msg22759.html
is a repeat thread of this topic from 2002. See also:
http://www.snort.org/docs/Benchmarking-IDS-NFR.pdf

Good luck; you've bitten off a huge problem. There have been
any number of attempts at testing firewalls (and IDS) poorly;
I've yet to see a test that's worth a pinch of sand.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards







Here's a new way to find what you're looking for - Yahoo! Answers

Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW
--0-1333417786-1155885962=:24224--

--===============2071459595==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============2071459595==--