To test your firewall there are a few software tools and a few online services to help you.
I suggest the following tools (of course you need two computers to run the test):
- Nessus is probably the best open source security scanner available.
Nessus not only checks the firewall of a host, but also scans for known application vulnerabilities.
I highly recommend Nessus for periodic (weekly, monthly, etc) scans.
For RedHat systems you can find pre-build RPMs at FreshRPMs.
- Nmap ("Network Mapper") is an open source utility for network exploration or security auditing.
RedHat (and possibly other) systems have Nmap pre-installed.
There are a number of sites that offer firewall testing services to everyone:
- BroadBand Reports port scanner.
- Security Space, a commercial service with a free scan.
These people are using something like Nessus (if not Nessus itself).
- Shields UP!! NanoProbe Technology Internet Security Testing for... Windows Users.
(note: well, it says for Windows, but it is a port scanner with a limited range of ports to be scanned...)
- SyGate Online Services (S.O.S.) Very nice site to quickly check the security
of your system. They have a stealth scanner that tries to break the firewall with a few nice ways (this can show
you the difference between FireHOL and a hand made stateless firewall).
Other testers on the net:
- Smurf Amplifier Registry (SAR) The SAR is a tool for Internet administrators being attacked by or implicated in smurf attacks, or those who wish to take precautions.
Other useful links:
$Id: fwtest.html,v 1.10 2004/10/31 23:43:25 ktsaou Exp $
FireHOL, a firewall for humans...
© Copyright 2004
Costa Tsaousis <email@example.com>