Re: Pentesting tools for Linux IP Tables

[xelerated <xelerated () gmail com>]

To me it sounds like he is wanting to do a "compliance" test. There
are apps out there
that will take in various vendors firewall rules and test them against
various compliance requirements.

That being said, I think thats the biggest problem. So many folks are
far to concerned with compliance
and security be damned.

I understand the desire to be compliant (win bids on new business and
to LOOK good)
but there really needs to be more of a pull back to security and then
fill in the compliance gaps.

Its only going to change if all of us security professionals can make
a true effort, together, to
put out awareness. Its vendors that push a fair amount of these "requirements"
through the various governments and standards organizations, and
another good portion are
just knee jerk reaction.

It makes sence to me, but i dont know it as fact, but I think that all
of these requirements were put
into place because noone put ANYTHING into security. So all of these
audits are to verify companys
are putting effort into their security programs. But its evolved from
trying to make sure there was security,
to people putting bandaids on problems and always approaching their
security issues from the angle of
"what would an auditor say" "what would an auditor ask" the list goes on.

Peace!
Chris



On Tue, Mar 18, 2008 at 11:36 PM, Marcin Wielgoszewski
<marcinw86 () gmail com> wrote:
> Set up listeners on both sides of the firewall and use hping2 and
> hping3 to generate packets and see what gets through and what doesn't.
>
> On Tue, Mar 18, 2008 at 7:21 AM, Vedantam sekhar <sekhar56us () yahoo com> wrote:
> > Hi Group,
> >
> >  Are there any tools available to conduct the
> >  Pentesting the strength of the Linux IP table
> >  configuration file. What i have in my hand is the IP
> >  table config file.
> >
> >  I am looking for a tool like RAT which takes the
> >  router config file as the input and details the
> >  configuration mistakes.
> >
> >  Thanks guys....
> >
> >  S
> >
> >
> >       ____________________________________________________________________________________
> >  Never miss a thing.  Make Yahoo your home page.
> >  http://www.yahoo.com/r/hs
> >
> >  ------------------------------------------------------------------------
> >  This list is sponsored by: Cenzic
> >
> >  Need to secure your web apps NOW?
> >  Cenzic finds more, "real" vulnerabilities fast.
> >  Click to try it, buy it or download a solution FREE today!
> >
> >  http://www.cenzic.com/downloads
> >  ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------



-- 


Chris Griffin
OPST, CISSP, CNDA

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------