RE: Firewall config analysis

["Marc Doudiet" <marc.doudiet () psdsecurite com>]

Hi,

> From which side are you ? Do you want to test the config with access to the
config ? Or from a pen-test approach (black box)? 
For a pen test approach you can try
http://www.packetfactory.net/projects/firewalk/ or http://www.hping.org/
(better)
For the other approach you can try hdiff
(http://www.ginini.com/software/hdiff/) to test de difference between the
policied on and the other.

Hope this help.
Regards.

Marc Doudiet
PSD SECURITE
Information systems security consultant
L.A. IS 27001 - Information Systems Security Officer (HEC-GE)
http://www.psdsecurite.com
Av. de Boisy 42
1004 Lausanne - Switzerland
+41 21 622 0728 - +4179 5893494

-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De
la part de Sachin Ghodkhande
Envoyé : mardi, 27. février 2007 16:18
À : pen-test () securityfocus com
Objet : Firewall config analysis

Hi,

I wonder what tool do you use for firewall config analysis?

I found following open source Perl script to analyze Pix config.
http://www.techzoom.net/down-zoompix-sample.asp


I'm looking for similar Checkpoint and NetScreen config analyzer.

Regards,
Sachin

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------

Attachment: smime.p7s
Description: