[Dshield] testing a firewall

Chris Brenton cbrenton at chrisbrenton.org
Tue Dec 23 23:44:44 GMT 2003


On Tue, 2003-12-23 at 18:26, michael nancarrow wrote:
> Sorry,
> 	I'm afraid I wasn't clear. I am using nmap and superscan to
> 	test the firewall, problem is that without something on the other side
> 	of the firewall guaranteed to respond to everything how can you be sure
> 	the firewall is working correctly.
> 
> 		nmap scanner ----> f/w -----> server 10.1.1.1 exists

I obviously was not clear either because I gave you that, tcpdump or
windump.

For example, let's say you are running nmap from the IP address 1.2.3.4.
On the _other side_ of your firewall, plug in a system and run the
following command (I'm assuming you are a Windows person).

windump -nn -vvv host 1.2.3.4

If windump does not see anything, life is cool. If windump logs packets,
then something is blowing through your firewall. Obviously you have to
download and install windump for this to work, but its a free utility.

HTH,
C





More information about the list mailing list