Testing Firewall ??

Testing Firewall ??

Post by Gary W. Sandvi » Sat, 11 Dec 1999 04:00:00



Hi,

I would like to test my firewall remotely. Anyone know of an URL with a
server of somesort that will test the firewall and probe the ports. I've
used Shields Up from GRC, Steve Gibson's Spinrite site to test the firewall
and probe ports but this is a Windows based server test.

I would like a Linux based scan & probe for this firewall. I've searched
Deja.com but could not get any references.

Any help would be appreciated!

--
Regards and God Speed,

Gary

Gary W. Sandvik


The magic is in the magician not the wand!

 
 
 

Testing Firewall ??

Post by Tom Easte » Sat, 11 Dec 1999 04:00:00



> Hi,

> I would like to test my firewall remotely. Anyone know of an URL with a
> server of somesort that will test the firewall and probe the ports. I've
> used Shields Up from GRC, Steve Gibson's Spinrite site to test the firewall
> and probe ports but this is a Windows based server test.

> I would like a Linux based scan & probe for this firewall. I've searched
> Deja.com but could not get any references.

> Any help would be appreciated!

www.hackerwhacker.com.

-Tom
--
Tom Eastep               \    Opinions expressed here

Shoreline, Washington USA  \    those of my employer


 
 
 

Testing Firewall ??

Post by Grant Warkent » Sat, 11 Dec 1999 04:00:00




>> Hi,

>> I would like to test my firewall remotely. Anyone know of an URL with a

[snip]

Quote:>www.hackerwhacker.com.

Hacker Wacker is a good site.
Hacker Wacker's tests are more through than Shields Up. You can set it to do
tests on your hpptd and sendmail set up as well.

He does have some good links to some security documents. I have found the
site very useful.

--
email address munged:
  Take out the -damn_spam- and the .invalid

 
 
 

Testing Firewall ??

Post by Cokey de Perci » Sun, 12 Dec 1999 04:00:00





> hackerwhacker works great, however, there are couple of things you
> need to do to get it running. First, you need to have identd running on
> port 113. Second, you need to run your browser as root.

> They put in some security measures to keep you from scanning random
> addresses. This means that identd must return root for the http
> connection.

Yes, well, sort of.  If you happen to have a M$ box sitting behind
a masq'd firewall, you can use it to request the test and you don't
need identd.  Hacker Wacker checks the browser (AFAIK) to determine
your system type and if you are on M$ then it dosen't check the
identd (obvously), but does start the test against the ip that
is presented.  I do this because I WILL NOT run identd on my firewall
because it is only a firewall box and nothing runs on it but
masq/firewall and occasionally port fowarding.  In any case, a very
nice test.

Best

Cokey

--
------------------------------------------------------------------
Cokey de Percin, DBA            Email:


 
 
 

Testing Firewall ??

Post by Wally Whacke » Mon, 13 Dec 1999 04:00:00



Quote:> Hi,

> I would like to test my firewall remotely. Anyone know of an URL with a
> server of somesort that will test the firewall and probe the ports. I've
> used Shields Up from GRC, Steve Gibson's Spinrite site to test the firewall
> and probe ports but this is a Windows based server test.

Yeah. The regulars around here are probably sick of me, but once
again, http://www.veryComputer.com/ is EXACTLY what you are looking for
and more probably.

We are Linux based but what Operating System a machine is based on is
no criterium for what network scanning it is capable of performing. We
also do Windows95/98/NT even better. (Windows does not implement
certain security items which allow us to rapidly UDP scan it. Linux
UDP scans can take hours because Linux detects rapid scans and stops
replying to the scanning machine).

HackerWhacker performs the equivalent of grc's 10 port scan (our Demo
Scan) in under a second for some machines and maybe 10 seconds for
slow machines.

Our real scan is a 2000+ port barrage with CGI and SMTP tests
also.

Wally

--
http://www.veryComputer.com/, Is your computer secure? Find out RIGHT
NOW, FREE.
Security sites that have changed in the last 6 hours: http://www.veryComputer.com/
http://www.veryComputer.com/*crime/ http://www.veryComputer.com/
http://www.veryComputer.com/

 
 
 

Testing Firewall ??

Post by Wally Whacke » Mon, 13 Dec 1999 04:00:00






> > hackerwhacker works great, however, there are couple of things you
> > need to do to get it running. First, you need to have identd running on
> > port 113. Second, you need to run your browser as root.

> > They put in some security measures to keep you from scanning random
> > addresses. This means that identd must return root for the http
> > connection.

The identd requirement keeps a non-root user from scanning a
machine. We assume a non-root user is not the OWNER of the machine. It
also prevents scanning a proxy (when Unix boxes are involved).

HackerWhacker is a pretty severe scan and we've gotten frantic calls
from proxy admins in the middle of the night about our "attack" so
we've had to do anything we can to minimize this occurrance.

Quote:

> Yes, well, sort of.  If you happen to have a M$ box sitting behind
> a masq'd firewall, you can use it to request the test and you don't
> need identd.  Hacker Wacker checks the browser (AFAIK) to determine
> your system type and if you are on M$ then it dosen't check the
> identd (obvously), but does start the test against the ip that
> is presented.  I do this because I WILL NOT run identd on my firewall
> because it is only a firewall box and nothing runs on it but
> masq/firewall and occasionally port fowarding.  In any case, a very
> nice test.

Yes. This is exactly true. There are ways around the identd issue and
in a few days we won't demand it anymore. You can enable identd for
just a few seconds when the test starts and disable it immediately
right after the test starts.

Wally
--
http://www.veryComputer.com/, Is your computer secure? Find out RIGHT
NOW, FREE.
Security sites that have changed in the last 6 hours: http://www.veryComputer.com/
http://www.veryComputer.com/*crime/ http://www.veryComputer.com/
http://www.veryComputer.com/

 
 
 

Testing Firewall ??

Post by Gary W. Sandvi » Mon, 13 Dec 1999 04:00:00


Hi,

Wally, thanks for the great site. I've used it a few times now to test my
firewall setup. I've noticed that when I initiate from a win/98 based
machine I get different results as to when I use a win/95 based unit. Both
on your site and GRCs' site. I do not have a Linux setup with a browser at
this time but will have one at a later date. My major concern was to close
the network to the outside. Seems as though I've got it fairly secure at
this point.

I'm thinking about a fire on fire setup at this time. Just some
experimenting here.

I've noticed that you scale the response time for the port scan. What is the
logic behind this?

--
Regards and God Speed,

Gary

Gary W. Sandvik


The magic is in the magician not the wand!



> > Hi,

> > I would like to test my firewall remotely. Anyone know of an URL with a
> > server of somesort that will test the firewall and probe the ports. I've
> > used Shields Up from GRC, Steve Gibson's Spinrite site to test the
firewall
> > and probe ports but this is a Windows based server test.

> Yeah. The regulars around here are probably sick of me, but once
> again, http://www.veryComputer.com/ is EXACTLY what you are looking for
> and more probably.

> We are Linux based but what Operating System a machine is based on is
> no criterium for what network scanning it is capable of performing. We
> also do Windows95/98/NT even better. (Windows does not implement
> certain security items which allow us to rapidly UDP scan it. Linux
> UDP scans can take hours because Linux detects rapid scans and stops
> replying to the scanning machine).

> HackerWhacker performs the equivalent of grc's 10 port scan (our Demo
> Scan) in under a second for some machines and maybe 10 seconds for
> slow machines.

> Our real scan is a 2000+ port barrage with CGI and SMTP tests
> also.

> Wally

> --
> http://www.veryComputer.com/, Is your computer secure? Find out RIGHT
> NOW, FREE.
> Security sites that have changed in the last 6 hours: http://www.veryComputer.com/
> http://www.veryComputer.com/*crime/ http://www.veryComputer.com/

http://www.veryComputer.com/
ty&Uhcat=Internet&b=tipzone&Utiptype=
 
 
 

Testing Firewall ??

Post by Wally Whacke » Mon, 13 Dec 1999 04:00:00



Quote:> Hi,

> Wally, thanks for the great site. I've used it a few times now to test my
> firewall setup. I've noticed that when I initiate from a win/98 based
> machine I get different results as to when I use a win/95 based unit. Both
> on your site and GRCs' site. I do not have a Linux setup with a browser at
> this time but will have one at a later date. My major concern was to close
> the network to the outside. Seems as though I've got it fairly secure at
> this point.

> I'm thinking about a fire on fire setup at this time. Just some
> experimenting here.

> I've noticed that you scale the response time for the port scan. What is the
> logic behind this?

> --

A proper IP implementation senses scans and then limits sending "icmp
destination unreacheables" to a very low number. We use a great
program called "nmap" which understands this and slows down the scan
to compensate. If a program doesn't do this, it will get false
readings.

Windows does not implement that feature so it can be scanned at full
speed.

Wally

--
http://www.veryComputer.com/, Is your computer secure? Find out RIGHT
NOW, FREE.
Security sites that have changed in the last 6 hours: http://www.veryComputer.com/
http://www.veryComputer.com/*crime/ http://www.veryComputer.com/

 
 
 

1. test firewall - test ftp server remotely

I have found:
http://grc.com
to probe my ports
https://www.safeweb.com/
to open my web server from an external address

But I cant find anything to check my ftp server remotely.

thanks
bob

--
--------------
        The phenomenon of UFO doesn't say anything about
    the presence of intelligence in space.
        It just shows how rare it is here on the earth.
                                    A.C.Clarke




web:   http://people.ne.mediaone.net/rsdavis
       http://rsdavis.ne.mediaone.net
n42 58.476 w70 55.454

2. VNC vs X performance (was: remote clients to X servers)

3. "PC Flank" Browser Test firewall checker

4. Weird (EZboot?) message

5. Beta test, firewall ftp software

6. new series looking at inexp. intranet platforms (particularly Linux)

7. testing firewall

8. Bad blocks on IDE drive

9. simple spoof to test firewall?

10. Looking for tool to test firewalls from another PC

11. Shutdown "lo" To Test Firewall

12. test test test test test test test

13. test test test test