howto scan for security holes / test my firewall

[Qubax]

i got my fwbuilder emerged and running, compiled my script.
fwbuilder was not hard, so i want to know how good the script for th e firewall is

does somebody know a light program that tells my where a still have a security hole (don't want nessus - seems to be quit a big download and i just want to test my firewall)

thx

[delta407]

[Qubax]

yes i want to test my firewall from outside

i looked around and found [url]scan.sygate.com[/url] that scans nearly all thinks i know
can somebody just try out one the scans and tell me if they tell the truth

i made all scans, it seems that if forgotten to block UDP (what ever that is, but as linuxer i'll find out about it) - have a look at fwbuilder

fwbuilder seems to be good - easy to use and seems to secure

[Chickpea]

scan.sygate.com is the site I almost alway recommend. I have used this to test my system on several occasions and it seems okay. I generally run the test with and without the firewall running to compare results. I also use another site -https://grc.com/x/ne.dll?bh0bkyd2

Good luck.

C

[splooge]

scan.sygate.com doesn't work for me, page won't even load. I don't think it likes my tight firewall settings.

The other site can't find anything even responding on my system.

What's really scary is when i had apache up for a few days messing around with it, I checked out my web logs and there was at least 100 entries of the Nimda or Code Red virus scanning my web server (../../cmd.exe). It's simply amazing how many windows users don't know they're infected to heck and back.

[Xor]

my 2c: take a notebook with nessus to one of your frinds and let it run... next try nmap with it's variuos options (Protocol Scan, OS Finderprint, Stealth Scan, Fin Scan etc)... oh... and one peace of advice, don't come up with the idea to disable all of icmp (filter it, but don't disable it...)

you may also want to try the linux-kernel patches included in gentoo (don't know if gentoo-kernel has but gentoo-crypto-kernel has) like OpenWall and GRSecurity - really nifty features... but if you're used to use a mouse don't touch it

cheers
xor

[Qubax]

has somebody an idea of how to block with fwbuilder? my fw should block everything that is incoming and let everything through that wants out, but it seems not to do this,cause scan.sygate.com tells me that udp is not blocked (ok, its closed, but i want it blocked)

kann somebody give my a hint of how to do that with fwbuilder

grc.com/x/ne.dll?bh0bkyd2 tells me that fw is working fine (could not detect me or any port), so with how much can i be confident?

[Qubax]

a more detailed question
shouldn't

[Craigo]

Check out this site below:

http://iptables-tutorial.haringstad.com/

I had my own firewall in ipchains and that guide + other help from peeps online really sorted out the switch to iptables. Take a look today!

-/Craigo/-

[davoid]

you might want to get ahold of netcat (nc) it's a great tool, IMHO
_________________
At first they laugh at you, then they ignore you then they fight you and then you win. --Gandhi

[splooge]

I use the iptables firewall script from here:

http://projectfiles.com/firewall/

Under the 'advanced' configuration section, set 'RFC_1122_COMPLIANT' to NO, this will disable everything incoming including icmp.

I also use the traffic shaper from here:

http://lartc.org/wondershaper/

[Qubax]

http://projectfiles.com/firewall/ works great
easy to config +
all scans i found were completly blocked

thx to splooge

but now a newbie question: how kann i make it start while booting? just make a link to default runlevel? or doing something with rc-update?