Very Computer

Hi,

I would like to test my firewall remotely. Anyone know of an URL with a
server of somesort that will test the firewall and probe the ports. I've
used Shields Up from GRC, Steve Gibson's Spinrite site to test the firewall
and probe ports but this is a Windows based server test.

I would like a Linux based scan & probe for this firewall. I've searched
Deja.com but could not get any references.

Any help would be appreciated!

--
Regards and God Speed,

Gary

Gary W. Sandvik

The magic is in the magician not the wand!

www.hackerwhacker.com.

-Tom
--
Tom Eastep               \    Opinions expressed here

Shoreline, Washington USA  \    those of my employer

[snip]

Quote:>www.hackerwhacker.com.

Hacker Wacker is a good site.
Hacker Wacker's tests are more through than Shields Up. You can set it to do
tests on your hpptd and sendmail set up as well.

He does have some good links to some security documents. I have found the
site very useful.

--
email address munged:
  Take out the -damn_spam- and the .invalid

Yes, well, sort of.  If you happen to have a M$ box sitting behind
a masq'd firewall, you can use it to request the test and you don't
need identd.  Hacker Wacker checks the browser (AFAIK) to determine
your system type and if you are on M$ then it dosen't check the
identd (obvously), but does start the test against the ip that
is presented.  I do this because I WILL NOT run identd on my firewall
because it is only a firewall box and nothing runs on it but
masq/firewall and occasionally port fowarding.  In any case, a very
nice test.

Best

Cokey

--
------------------------------------------------------------------
Cokey de Percin, DBA            Email:

Quote:> Hi,

> I would like to test my firewall remotely. Anyone know of an URL with a
> server of somesort that will test the firewall and probe the ports. I've
> used Shields Up from GRC, Steve Gibson's Spinrite site to test the firewall
> and probe ports but this is a Windows based server test.

Yeah. The regulars around here are probably sick of me, but once
again, http://www.veryComputer.com/ is EXACTLY what you are looking for
and more probably.

We are Linux based but what Operating System a machine is based on is
no criterium for what network scanning it is capable of performing. We
also do Windows95/98/NT even better. (Windows does not implement
certain security items which allow us to rapidly UDP scan it. Linux
UDP scans can take hours because Linux detects rapid scans and stops
replying to the scanning machine).

HackerWhacker performs the equivalent of grc's 10 port scan (our Demo
Scan) in under a second for some machines and maybe 10 seconds for
slow machines.

Our real scan is a 2000+ port barrage with CGI and SMTP tests
also.

Wally

--
http://www.veryComputer.com/, Is your computer secure? Find out RIGHT
NOW, FREE.
Security sites that have changed in the last 6 hours: http://www.veryComputer.com/
http://www.veryComputer.com/*crime/ http://www.veryComputer.com/
http://www.veryComputer.com/

The identd requirement keeps a non-root user from scanning a
machine. We assume a non-root user is not the OWNER of the machine. It
also prevents scanning a proxy (when Unix boxes are involved).

HackerWhacker is a pretty severe scan and we've gotten frantic calls
from proxy admins in the middle of the night about our "attack" so
we've had to do anything we can to minimize this occurrance.

Quote:

> Yes, well, sort of.  If you happen to have a M$ box sitting behind
> a masq'd firewall, you can use it to request the test and you don't
> need identd.  Hacker Wacker checks the browser (AFAIK) to determine
> your system type and if you are on M$ then it dosen't check the
> identd (obvously), but does start the test against the ip that
> is presented.  I do this because I WILL NOT run identd on my firewall
> because it is only a firewall box and nothing runs on it but
> masq/firewall and occasionally port fowarding.  In any case, a very
> nice test.

Yes. This is exactly true. There are ways around the identd issue and
in a few days we won't demand it anymore. You can enable identd for
just a few seconds when the test starts and disable it immediately
right after the test starts.

Wally
--
http://www.veryComputer.com/, Is your computer secure? Find out RIGHT
NOW, FREE.
Security sites that have changed in the last 6 hours: http://www.veryComputer.com/
http://www.veryComputer.com/*crime/ http://www.veryComputer.com/
http://www.veryComputer.com/

Hi,

Wally, thanks for the great site. I've used it a few times now to test my
firewall setup. I've noticed that when I initiate from a win/98 based
machine I get different results as to when I use a win/95 based unit. Both
on your site and GRCs' site. I do not have a Linux setup with a browser at
this time but will have one at a later date. My major concern was to close
the network to the outside. Seems as though I've got it fairly secure at
this point.

I'm thinking about a fire on fire setup at this time. Just some
experimenting here.

I've noticed that you scale the response time for the port scan. What is the
logic behind this?

--
Regards and God Speed,

Gary

Gary W. Sandvik

The magic is in the magician not the wand!

http://www.veryComputer.com/
ty&Uhcat=Internet&b=tipzone&Utiptype=

Quote:> Hi,

> Wally, thanks for the great site. I've used it a few times now to test my
> firewall setup. I've noticed that when I initiate from a win/98 based
> machine I get different results as to when I use a win/95 based unit. Both
> on your site and GRCs' site. I do not have a Linux setup with a browser at
> this time but will have one at a later date. My major concern was to close
> the network to the outside. Seems as though I've got it fairly secure at
> this point.

> I'm thinking about a fire on fire setup at this time. Just some
> experimenting here.

> I've noticed that you scale the response time for the port scan. What is the
> logic behind this?

> --

A proper IP implementation senses scans and then limits sending "icmp
destination unreacheables" to a very low number. We use a great
program called "nmap" which understands this and slows down the scan
to compensate. If a program doesn't do this, it will get false
readings.

Windows does not implement that feature so it can be scanned at full
speed.

Wally

--
http://www.veryComputer.com/, Is your computer secure? Find out RIGHT
NOW, FREE.
Security sites that have changed in the last 6 hours: http://www.veryComputer.com/
http://www.veryComputer.com/*crime/ http://www.veryComputer.com/