Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: Re: IDS: Introduction / question on hacker tools

Re: IDS: Introduction / question on hacker tools

Alexander Bochmann (abinfra.de)
Fri, 3 Sep 1999 22:40:10 +0200

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Lisbon: "IDS: Security Improvements and DoS Protection"
Previous message: Staggs, Michael: "IDS: RE: RE: CyberCop Monitor not displaying logged on user?"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

--- Hi,

...on Thu, Sep 02, 1999 at 10:01:50AM +0100, lchiavaccibe-on.it wrote:

> enough and sometimes I am asked by customers to check if a security software > (i.e. a firewall) that has been installed by someone else is secure enough or > there are some flaws in it. > I have taken a look at the FAQ of this list and there are mentions of some > utilities that could be used to test an installation. > Could anyone tell me how to try and test the security of a firewall by using > any of these utilities and where to look for them?

If you don't want to go for a commercial product right away, you might want to look at Nessus (http://www.nessus.org/), which is a security scanner that looks for a bunch of common exploits the hard way (by trying them). Most tests probably won't do any good against a decently configured firewall - except perhaps if there is a vulnerable system reachable through the firewall... Apart from that you will have to compile it yourself on some Unix platform, you should be aware that there are some tests that can crash machines or wreak other havoc...

> I understand that this may sound like an hacker trying to learn how to do his > job but I doubt a real hacker would write to a distribution list for help.

I guess there are better information sources for a "real" hacker (whatever that is) - there is always some kind of underground development going on, and you probably will have to know the right people...

If you have access to the security policy and the firewall itself, you will probably get better (though not as spectacular) results by looking for errors in the policy itself or differences between the actual setup and the intended protection.

Alex.

Next message: Lisbon: "IDS: Security Improvements and DoS Protection"
Previous message: Staggs, Michael: "IDS: RE: RE: CyberCop Monitor not displaying logged on user?"

This archive was generated by hypermail 2.0b3 on Sat Sep 04 1999 - 03:33:05 CDT