Vulnerability and Penetration Testing?

I'm in the process of evaluating some software firewalls. I want to test their effectiveness by running some remote vulnerability and penetration tests on my local box. Local box running the test on is running windows XP. The firewall is running on some version of Linux.

The tester software has to be freely downloadable.

Any suggestions?

Thanks!

Ross M. Greenberg

Reply to
Ross M. Greenberg
Loading thread data ...

formatting link
Yours, VB.

Reply to
Volker Birk

Nessus is, alas, a Linux product, and I need something that runs on Windows XP.

Reply to
Ross M. Greenberg

Ross M. Greenberg wrote:

formatting link
Nessus is, alas, a Linux product

You can have it for different operating systems. For Windows, you need cygwin for compiling it.

Yours, VB.

Reply to
Volker Birk

Reply to
Ross M. Greenberg

What exactly did you download? BTW: there is documentation on the homepage. Perhaps, it would be a good idea to read it first.

Yours, VB.

Reply to
Volker Birk

You don't have to down load nessus just to scan you're network from the outside. There is one site unfortunately it is in swedish but the result is in english.

formatting link
just click on the red button and the test will start (it can take a little more than 30min), just remember not to close you're browser during the test.

It is a better test then the ShieldsUP on

formatting link
/Anders

Reply to
Anders

Reply to
Ross M. Greenberg

This seems to be useful for testing my local machine, but I can't see how to put a remote IP or hostname into it before hitting that red button.

Am I miss>> I'm in the process of evaluating some software firewalls. I want to test

Reply to
Ross M. Greenberg

Don't you do the connection through you're firewall..? If so, you will scann both you're local and the firewall machines but if you only want to scan you're local machine you have to connect it directly to the net. /Anders

Reply to
Anders

Actually, the only thing I want to test is the remote machine and its firewall. I want to test it from my local machine(which has its own firewall of course -- have to keep the evil Mr. Hacker out!)

And, again, my testing a machine is running windows XP. The machine, I wish to test his running some kind of Linux. Ross.

Reply to
Ross M. Greenberg

Nessus is a valuable penetration test software, not a portscanner.

formatting link
Yours, VB.

Reply to
Volker Birk

Reply to
Ross M. Greenberg

It's worth less than nothing, so...

Snort is a NIDS, not a penetration tester. So far Nessus is pretty useful, but manual testings with hping(|2|3) are recommended for firewall tests.

Reply to
Sebastian Gottschalk

*may* suffice. *may* suffice.

Damned voice recognition software! It's getting a better, but it sure isn't perfect! Sorry.

Reply to
Ross M. Greenberg

I'm looking for an automated penetration tester: push a button and find out if a firewall is any good or not -- that kind of thing. hping is too subjective, both in choosing the tests and interpreting them.

Reply to
Ross M. Greenberg

The only thing you can find out is that it's not good. Nessus is provides a very broad, but not in-depth testing.

That's its strength. So far I don't know any good toolkit for crafting special packets for firewall penetration except for the most typical test cases. Wanna help building one?

Reply to
Sebastian Gottschalk

You don't have fingers?

Reply to
optikl

Yes, I have fingers. The operative question is whether or not they work? The answer, alas, is no they don't:: you are conversing with a genuine handicapped person. Before my handicap. I was pounding out 130 wpm. Now? On a good day, 20-30 wpm. The voice-recognition software is a pain in the ass to use but is better than my pre-voice-recognition days.

Anything further in this regard, please take to e-mail: no need to further clutter the newsgroup, eh?

Ross

Reply to
Ross M. Greenberg

Just show one single feature, which is worth talking about. I cannot see one.

Nessus is a penetration tester, while Snort is an IDS.

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.