Firewall Testing

Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Anyone know of a decent testing tool (or set of tools) to go about testing a firewall. I know about NMAP and backtrack and stuff but I am looking for performance testing and so on.

Comments

  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Find it before they do. | BreakingPoint

    We got to demo one of these a few months back, unfortunately we couldn't budget for one this year. Fantastic piece of kit but not cheap. I brought an ASA5580-40 to it's knees in less than a minute with it :) .
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Ahriakin wrote: »
    Find it before they do. | BreakingPoint

    We got to demo one of these a few months back, unfortunately we couldn't budget for one this year. Fantastic piece of kit but not cheap. I brought an ASA5580-40 to it's knees in less than a minute with it :) .

    Damn dude that's pretty sweet.

    Yea we don't have that much left in the budget so I will have to use the links D sent me (thanks btw). We are migrating from a PIX 515 to a Sonicwall 3500 and I just want to configure this as securely as possible.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Or if you feel like a boss, you could just use: File2Cable
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    dynamik wrote: »
    Or if you feel like a boss, you could just use: File2Cable

    That looks to L33T for my blood.

    Man did you see this?

    hsrp

    HSRP protcol can be used to take over an HSRP standby IP or to force a switchover or to DoS this IP: Usage: ./hsrp -i eth0 -v 1.2.3.4 -d 224.0.0.2 -a cisco -g 1
    -i int the eth0 stuff
    -v ip the standby IP address
    -d dest the destination IP (multicast or directed)
    -a auth the password (default="cisco")
    -g x the standby group
    -S source spoofed source if desired
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    This entire suite is badASS (get it?). Downloading now.
  • tierstentiersten Member Posts: 4,505
    knwminus wrote: »
    Man did you see this?
    If you don't configure HSRP correctly then you deserve to get pwned by that tool.

    The other option would be to plug the firewall in, set up a site behind it with vague mentions of super secret unreleased software or stolen information and then post the site address to something like Slashdot and Digg... I'm not responsible however if your router melts from the traffic.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I guess that could work but...no it won't work at all lol.
Sign In or Register to comment.