View previous topic :: View next topic |
Author |
Message |
Saturn Tux's lil' helper
Joined: 31 May 2002 Posts: 83
|
Posted: Sat Aug 17, 2002 8:31 pm Post subject: How can I know if my firewall is working correctly? |
|
|
Hi,
I have installed a small firewall named "pmfirewall". It was easy to install but is there a way to test if it does its job well?
Thanks for your help. |
|
Back to top |
|
|
bluz n00b
Joined: 18 Aug 2002 Posts: 61 Location: Canada
|
Posted: Sun Aug 18, 2002 1:08 am Post subject: how to test firewall |
|
|
There are a few ways to test the firewall..
One of the best is to get a copy of NMAP (emerge nmap) and fire some tests at your firewalled computer from another host. If you can't do that, there are a lot of sites on the internet that will run tests for you to check for open ports.. most of them are pretty superficial, but it's a start.
BlUz |
|
Back to top |
|
|
steblublu n00b
Joined: 12 Jul 2002 Posts: 49 Location: montreal, canada
|
Posted: Sun Aug 18, 2002 6:22 am Post subject: |
|
|
steve gibson runs a web site grc.com that has a usefull app for quick probe. it will test your ports to see if they respond. It is fast, and seems similar to nmap.
You might also want to test outgoing traffic.
as Bluz mentioned above, you can use NMAP. This app is usefull because it can probe ports using different methods, including stealth fin methods (read the man page).
The problem with NMAP is that it will often give false positives (report that a port is open, when it is not, gibson's as well). To be sure you get an accurate map of your ports, you may want to open another terminal window and do a TCPDUMP - this will help eliminate any false positives
steb
.
Last edited by steblublu on Sun Aug 18, 2002 7:50 am; edited 2 times in total |
|
Back to top |
|
|
dizzy n00b
Joined: 04 Aug 2002 Posts: 50 Location: Melb.OZ.Terra.Sol
|
Posted: Sun Aug 18, 2002 7:09 am Post subject: |
|
|
To get a balanced view of Steve Gibson's site you might also want to visit this page http://grcsucks.com/ .
I don't always agree with the above view but it's nice to see things from both sides and decide for yourself. |
|
Back to top |
|
|
steblublu n00b
Joined: 12 Jul 2002 Posts: 49 Location: montreal, canada
|
Posted: Sun Aug 18, 2002 7:55 am Post subject: |
|
|
dizzy wrote: | To get a balanced view of Steve Gibson's site you might also want to visit this page http://grcsucks.com/ .
I don't always agree with the above view but it's nice to see things from both sides and decide for yourself. |
i had heard he was a bit fishy. but i found the port probe usefull to see if my ports responded or not. I wouldnt expect it to find any vulnerabilities. symantec used to offer an online vulnerability checker for that...
thanks for the grcsucks link, it was an interesting read. i never bothered reading any of the grc pages, but i think i'll head back over and check it out |
|
Back to top |
|
|
bluz n00b
Joined: 18 Aug 2002 Posts: 61 Location: Canada
|
Posted: Sun Aug 18, 2002 12:26 pm Post subject: grc.com |
|
|
I don't to start a huge argument, but i just ran grc.com's probe's on my own firewall, since it's been a while since i've tested it.
The site didn't find any of my open ports (ssh,ftp amongst other popular ports). So i definately wouldn't trust this site.. grab a copy of nmap and run multiple tests from it... you'l get a MUCH more accurate picture.
BlUz |
|
Back to top |
|
|
eivinn Apprentice
Joined: 10 Jul 2002 Posts: 219 Location: Norway
|
Posted: Sun Aug 18, 2002 3:47 pm Post subject: |
|
|
What commands do I have to add to nmap for it to test my computer for servers?
I have run just plain nmap localhost and it returns lots of sockets I didn't know should be open at all. |
|
Back to top |
|
|
tgnb Apprentice
Joined: 16 Apr 2002 Posts: 208 Location: New York, NY
|
Posted: Sun Aug 18, 2002 4:13 pm Post subject: nmap |
|
|
afaik
nmap -v localhost
returns the open ports of your system
This means it shows ports that are opened by whatever services you have running prior to being filtered by the firewall.
nmap -v yourmachinesexternalIP
returns the ports that are open to the world
This shows the ports that are open to the Internet. It is of course still recommended to shut down any other extra services you have running unless you need them. But with Gentoo this really isnt an issue anyway since only services are running that you installed.
-v is for verbose - it tells you a little bit more while scanning |
|
Back to top |
|
|
Chickpea l33t
Joined: 03 Jun 2002 Posts: 846 Location: Vancouver WA
|
Posted: Sun Aug 18, 2002 8:47 pm Post subject: |
|
|
Another site to test your firewall is http://scan.sygate.com This company makes a firewall so they also try to get you to look at the products but they have several tests that they scan for and I have been pretty pleased. I have used the test both on my Windows machine and the Gentoo machine.
Try it out. you'll like it.
Cat |
|
Back to top |
|
|
|