Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: testing a firewall

  1. #1
    xatar
    Guest

    Default testing a firewall

    Hi all,

    I have a quick question. I'm testing a firewall at the moment and I have two test laptops, one on the inside and one on the outside of the firewall.

    What I want to do is run a tool on the inside system which essentially runs a service on all ports so that when I scan it from the outside, something like nmap will tell me how many ports respond as open or filtered based upon the firewall rule base.

    Does that make sense? I need a tool to run on backtrack which will respond as open for any scan attempts. Any difference from 65535 TCP or UDP ports open is affected by the en route firewall.

    thanks,
    xatar.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by xatar View Post
    Hi all,

    I have a quick question. I'm testing a firewall at the moment and I have two test laptops, one on the inside and one on the outside of the firewall.

    What I want to do is run a tool on the inside system which essentially runs a service on all ports so that when I scan it from the outside, something like nmap will tell me how many ports respond as open or filtered based upon the firewall rule base.

    Does that make sense? I need a tool to run on backtrack which will respond as open for any scan attempts. Any difference from 65535 TCP or UDP ports open is affected by the en route firewall.

    thanks,
    xatar.
    You actually want to open 65,535 ports on your machine on the inside?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    What would be the purpose of that? Surely turning off the firewall, mapping the machine then turning the firewall back on is enough to test that the firewall is working correctly!

  4. #4
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Why do you need a machine on the inside to tell you what ports are open?

    Surely a firewall would stop anything getting through? ie a firewall lol

    From the way I understand it just nmap on the laptop outside the firewall will give you the results.

    what is your firewall? in-router type? or a smoothwall type?
    wtf?

  5. #5
    xatar
    Guest

    Default

    the point of this test is to 100% verify what ports the firewall allows through, not to tell if it blocks some and lets some through. remember that this isn't hacking where you are trying to find one entry point, i need to find them all and quickly.

    what i am doing at the moment is scanninig all 65535 tcp and udp ports from the outside through the firewall to my laptop and sniffing (tcpdump) all packets that get through the firewall.

    This works fine, but the output from tcpdump is not as easily readable as the output from nmap/unicornscan etc. I can grep the tcpdump output, but it still requires too much effort on my part.

    So, what I want is a tool to run on my laptop (backtrack) that runs a service on all 65535 ports purely to test the rule base of the firewall.

    heard of anything like that?

    cheers,

  6. #6
    Junior Member drpepperONE's Avatar
    Join Date
    Nov 2007
    Posts
    51

    Default

    Hi xatar use the following script.

    It used the nc (Netcat network utility)



    Code:
    #!/bin/bash
    ######################################################################
    # test_all_con.sh
    #
    ######################################################################
    #Simple netcat listen mode script
    #The script will launch a simple tcp socket on every port range chosen
    #Change the -lt value to your need
    #By drpepperONE
    ######################################################################
    
    
    
    
    COUNTER=1
    
            while [  $COUNTER -lt 65536 ]; do
    
                            echo Listening on port $COUNTER
                             /usr/bin/nc -l -p $COUNTER &
                            let COUNTER=COUNTER+1
    done
    
    
    
    echo "#############################################"
    echo -e "To kill all netcat daemon launch:\n"
    echo -e "pkill -f \/usr\/bin\/nc \n"
    echo "#############################################"

    Save it in file test_all_con.sh and set the permission to 755.

    If you dont have nc util get it from slapt-get:


    slapt-get --install nc-1.10-i386-1
    Use your Brain, don't be slave!!!!

  7. #7
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by drpepperONE View Post
    Hi xatar use the following script.

    It used the nc (Netcat network utility)



    Code:
    #!/bin/bash
    ######################################################################
    # test_all_con.sh
    #
    ######################################################################
    #Simple netcat listen mode script
    #The script will launch a simple tcp socket on every port range chosen
    #Change the -lt value to your need
    #By drpepperONE
    ######################################################################
    
    
    
    
    COUNTER=1
    
            while [  $COUNTER -lt 65536 ]; do
    
                            echo Listening on port $COUNTER
                             /usr/bin/nc -l -p $COUNTER &
                            let COUNTER=COUNTER+1
    done
    
    
    
    echo "#############################################"
    echo -e "To kill all netcat daemon launch:\n"
    echo -e "pkill -f \/usr\/bin\/nc \n"
    echo "#############################################"

    Save it in file test_all_con.sh and set the permission to 755.

    If you dont have nc util get it from slapt-get:
    I have a feeling that if this script was ran on a system and was scanned with no firewall in between, ugly things would happen
    dd if=/dev/swc666 of=/dev/wyze

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by swc666 View Post
    I have a feeling that if this script was ran on a system and was scanned with no firewall in between, ugly things would happen
    I have a feeling it's a pretty good way to DoS yourself, especially on a machine that's hurting for memory.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by streaker69 View Post
    I have a feeling it's a pretty good way to DoS yourself, especially on a machine that's hurting for memory.
    Hehehe... the last few days I've felt like a machine that's been DoS'd..... and I am hurting for memory
    dd if=/dev/swc666 of=/dev/wyze

  10. #10
    Junior Member drpepperONE's Avatar
    Join Date
    Nov 2007
    Posts
    51

    Default

    According to the following request:

    Quote Originally Posted by xatar View Post
    So, what I want is a tool to run on my laptop (backtrack) that runs a service on all 65535 ports purely to test the rule base of the firewall.

    heard of anything like that?

    cheers,
    this script is only for testing on purpose!!

    The nc daemon take little memory & cpu usage but obviously spwaned for 65535 it will take some consistent memory usage.

    Bye.
    Use your Brain, don't be slave!!!!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •