testing a firewall

[xatar]

Hi all,

I have a quick question. I'm testing a firewall at the moment and I have two test laptops, one on the inside and one on the outside of the firewall.

What I want to do is run a tool on the inside system which essentially runs a service on all ports so that when I scan it from the outside, something like nmap will tell me how many ports respond as open or filtered based upon the firewall rule base.

Does that make sense? I need a tool to run on backtrack which will respond as open for any scan attempts. Any difference from 65535 TCP or UDP ports open is affected by the en route firewall.

thanks,
xatar.

[streaker69]

Hi all,

I have a quick question. I'm testing a firewall at the moment and I have two test laptops, one on the inside and one on the outside of the firewall.

What I want to do is run a tool on the inside system which essentially runs a service on all ports so that when I scan it from the outside, something like nmap will tell me how many ports respond as open or filtered based upon the firewall rule base.

Does that make sense? I need a tool to run on backtrack which will respond as open for any scan attempts. Any difference from 65535 TCP or UDP ports open is affected by the en route firewall.

thanks,
xatar.

You actually want to open 65,535 ports on your machine on the inside?

[SBerry]

What would be the purpose of that? Surely turning off the firewall, mapping the machine then turning the firewall back on is enough to test that the firewall is working correctly!

[Andy90]

Why do you need a machine on the inside to tell you what ports are open?

Surely a firewall would stop anything getting through? ie a firewall lol

From the way I understand it just nmap on the laptop outside the firewall will give you the results.

what is your firewall? in-router type? or a smoothwall type?

[xatar]

the point of this test is to 100% verify what ports the firewall allows through, not to tell if it blocks some and lets some through. remember that this isn't hacking where you are trying to find one entry point, i need to find them all and quickly.

what i am doing at the moment is scanninig all 65535 tcp and udp ports from the outside through the firewall to my laptop and sniffing (tcpdump) all packets that get through the firewall.

This works fine, but the output from tcpdump is not as easily readable as the output from nmap/unicornscan etc. I can grep the tcpdump output, but it still requires too much effort on my part.

So, what I want is a tool to run on my laptop (backtrack) that runs a service on all 65535 ports purely to test the rule base of the firewall.

heard of anything like that?

cheers,

[drpepperONE]

Hi xatar use the following script.

It used the nc (Netcat network utility)

Code:

#!/bin/bash
######################################################################
# test_all_con.sh
#
######################################################################
#Simple netcat listen mode script
#The script will launch a simple tcp socket on every port range chosen
#Change the -lt value to your need
#By drpepperONE
######################################################################




COUNTER=1

        while [  $COUNTER -lt 65536 ]; do

                        echo Listening on port $COUNTER
                         /usr/bin/nc -l -p $COUNTER &
                        let COUNTER=COUNTER+1
done



echo "#############################################"
echo -e "To kill all netcat daemon launch:\n"
echo -e "pkill -f \/usr\/bin\/nc \n"
echo "#############################################"

Save it in file test_all_con.sh and set the permission to 755.

If you dont have nc util get it from slapt-get:

slapt-get --install nc-1.10-i386-1

[imported_wyze]

Hi xatar use the following script.

It used the nc (Netcat network utility)

Code:

#!/bin/bash
######################################################################
# test_all_con.sh
#
######################################################################
#Simple netcat listen mode script
#The script will launch a simple tcp socket on every port range chosen
#Change the -lt value to your need
#By drpepperONE
######################################################################




COUNTER=1

        while [  $COUNTER -lt 65536 ]; do

                        echo Listening on port $COUNTER
                         /usr/bin/nc -l -p $COUNTER &
                        let COUNTER=COUNTER+1
done



echo "#############################################"
echo -e "To kill all netcat daemon launch:\n"
echo -e "pkill -f \/usr\/bin\/nc \n"
echo "#############################################"

Save it in file test_all_con.sh and set the permission to 755.

If you dont have nc util get it from slapt-get:

I have a feeling that if this script was ran on a system and was scanned with no firewall in between, ugly things would happen

[streaker69]

I have a feeling that if this script was ran on a system and was scanned with no firewall in between, ugly things would happen

I have a feeling it's a pretty good way to DoS yourself, especially on a machine that's hurting for memory.

[imported_wyze]

I have a feeling it's a pretty good way to DoS yourself, especially on a machine that's hurting for memory.

Hehehe... the last few days I've felt like a machine that's been DoS'd..... and I am hurting for memory

[drpepperONE]

According to the following request:

So, what I want is a tool to run on my laptop (backtrack) that runs a service on all 65535 ports purely to test the rule base of the firewall.

heard of anything like that?

cheers,

this script is only for testing on purpose!!

The nc daemon take little memory & cpu usage but obviously spwaned for 65535 it will take some consistent memory usage.

Bye.