Hi to all! I've just released version 0.7 of my Firewall Tester, you can find it at: http://www.infis.univ.trieste.it/~lcars/ftester http://ftester.sourceforge.net Main new features in this version are: * fragmentation option for injected packets for both firewall and IDS testing modes with the possibility to specify fragments number/size * fragmentation related evasion techniques * is now possible to specify TCP segments number or size when in evasion mode * extended syntax now works also for connection spoofing mode See the Changelog for details. Description: The Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom marked packets, while the sniffer listens for them. An IDS (Intrusion Detection System) testing feature is also available and snort rule definition file can parsed instead of the standard configuration syntax, ftest can also use common IDS evasion techniques. Stateful inspection firewall and IDS can be tested with the 'connection spoofing' option wich generate valid spoofed connections. Now since the old release announcement has stimulated a discussion regarding the use of this kind of tools I think that a disclaimer is necessary: -------- The IDS testing option that injects packets reading snort configuration files is designed to test the IDS engine and NOT it's efficiency in detecting real world attacks, the detection of an attacks involve multiple events and often human intervention to do proper correlation. The Firewall Tester can only be useful to verify thinks like the IDS placement, stateful inspection, fragmention handling, overall speed and so on. Keep this in mind when using this tool. -------- Any code contribution/improvement is very welcome ;) Thanks to all. Bye ------------------------------------------------------------ INFIS Network Administrator & Security Officer .*. Department of Physics - University of Trieste /V\ lcarsat_private - PGP Key 0x8E21FE82 (/ \) ---------------------------------------------------- ( ) "How would you know I'm mad?" said Alice. ^^-^^ "You must be,'said the Cat,'or you wouldn't have come here." ------------------------------------------------------------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu May 30 2002 - 10:26:48 PDT