How To Test Your Linux Firewall
This article shows how you can test your Linux firewall with a tool called FTester (Firewall Tester). With FTester you can check your firewall's filtering policies. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). Furthermore, FTester also provides Intrusion Detection System (IDS) capabilities.
This has more akin to Tomahawk (mentioned above). People are just trying to flex their muscle by proving they know about one-or-two tools.
I use quite a few tools in my job including Tomahawk, Spike, THC-AMAP, Etherape, dsniff, TCP traceroute, aircrack/airsnort/airereplay/kismet (for wireless), ettercap, ethereal, fping, nemesis, driftnet, vomit, john the ripper, hydra, nikto, ngrep, ntop, arpwatch, dsniff, fragroute, nmap, nessus, nessus inline, cheops, metasploit (rarely), honeyd, firewalk, lids, tripwire, aide, stunnel, tcpdump/tcpreplay, bile, paketto, ISS scanner, eEye Retina, nCircle 360, SkyBox and more.
A direct comparison with nmap isn't really fair as nmap will not analyse the output or munge the packet properly to simulate a multi-network origin. If you've got an Enterprise firewall with 15,000 rules, going through the output of nmap is very difficult, plus you'll have to make the nmaps look like you're coming from multiple different locations. nmap is great as a single tool from a much larger toolbox.
This looks interesting, but a similar open source tool called Tomahawk (which is mainly used for testing IDS/IPS systems) has been around for a while - http://tomahawk.sourceforge.net/ - I have to admit a vested interest, I used to work for the company that started the original Tomahawk project. With the Tomahawk you can take pcaps using TCPDUMP/Ethereal and then reply them through a device and you can even amplify (capture 10 Mbps worth of traffic, but play out 1 Gbps worth of traffic) and munge source/destination packets.
The Tomahawk is designed for a different purpose than this tool, but if you're interested in this have a look at it. Like I said, this is another tool for the toolbox. Those that rely on one tool are only seeing/testing a very limited aspect of the network/host.
This has more akin to Tomahawk (mentioned above). People are just trying to flex their muscle by proving they know about one-or-two tools.
I use quite a few tools in my job including Tomahawk, Spike, THC-AMAP, Etherape, dsniff, TCP traceroute, aircrack/airsnort/airereplay/kismet (for wireless), ettercap, ethereal, fping, nemesis, driftnet, vomit, john the ripper, hydra, nikto, ngrep, ntop, arpwatch, dsniff, fragroute, nmap, nessus, nessus inline, cheops, metasploit (rarely), honeyd, firewalk, lids, tripwire, aide, stunnel, tcpdump/tcpreplay, bile, paketto, ISS scanner, eEye Retina, nCircle 360, SkyBox and more.
A direct comparison with nmap isn't really fair as nmap will not analyse the output or munge the packet properly to simulate a multi-network origin. If you've got an Enterprise firewall with 15,000 rules, going through the output of nmap is very difficult, plus you'll have to make the nmaps look like you're coming from multiple different locations. nmap is great as a single tool from a much larger toolbox.
This looks interesting, but a similar open source tool called Tomahawk (which is mainly used for testing IDS/IPS systems) has been around for a while - http://tomahawk.sourceforge.net/ - I have to admit a vested interest, I used to work for the company that started the original Tomahawk project. With the Tomahawk you can take pcaps using TCPDUMP/Ethereal and then reply them through a device and you can even amplify (capture 10 Mbps worth of traffic, but play out 1 Gbps worth of traffic) and munge source/destination packets.
The Tomahawk is designed for a different purpose than this tool, but if you're interested in this have a look at it. Like I said, this is another tool for the toolbox. Those that rely on one tool are only seeing/testing a very limited aspect of the network/host.
<< Home