[Snort-users] Firewall Tester 0.7

Andrea Barisani lcars at ...96...
Thu May 30 07:12:02 EDT 2002


Hi to all!

I've just released version 0.7 of my Firewall Tester, you can find it at:

http://www.infis.univ.trieste.it/~lcars/ftester
http://ftester.sourceforge.net

Main new features in this version are:

* fragmentation option for injected packets for both firewall and IDS testing modes
  with the possibility to specify fragments number/size

* fragmentation related evasion techniques

* is now possible to specify TCP segments number or size when in evasion mode

* extended syntax now works also for connection spoofing mode

See the Changelog for details.

Description:

The Firewall Tester consists of two perl scripts, the client part (ftest) 
and the listening sniffer (ftestd). The client injects custom marked packets, 
while the sniffer listens for them.  
An IDS (Intrusion Detection System) testing feature is also available and 
snort rule definition file can parsed instead of the standard configuration 
syntax, ftest can also use common IDS evasion techniques. 
Stateful inspection firewall and IDS can be tested with the 'connection spoofing' option 
wich generate valid spoofed connections.

Now since the old release announcement has stimulated a discussion regarding the use of
this kind of tools I think that a disclaimer is necessary:

--------
The IDS testing option that injects packets reading snort configuration files is designed
to test the IDS engine and NOT it's efficiency in detecting real world attacks, the 
detection of an attacks involve multiple events and often human intervention to do proper
correlation. The Firewall Tester can only be useful to verify thinks like the IDS placement,
stateful inspection, fragmention handling, overall speed and so on. Keep this in mind when
using this tool.
--------

Any code contribution/improvement is very welcome ;)

Thanks to all.

Bye

------------------------------------------------------------
INFIS Network Administrator & Security Officer         .*. 
Department of Physics       - University of Trieste    /V\
lcars at ...96... - PGP Key 0x8E21FE82      (/ \)
----------------------------------------------------  (   )
"How would you know I'm mad?" said Alice.             ^^-^^
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------




More information about the Snort-users mailing list