-
October 22nd, 2002, 11:02 AM
#1
iptables tester...
I just add some a new rules for my iptables....
How Do I check" the weakness" of my IPtables??(I used to ..tested my own windows firewall using "Leak Test").
Do I have to nmap to myself(nmap 127.0.0.1) to scan the loop address?
Cheerss
Not an image or image does not exist!
Not an image or image does not exist!
-
October 22nd, 2002, 12:17 PM
#2
Hiya,
Best thing I can think of is to scan yourself by going to a site like sygate http://scan.sygate.com/ , that site has plenty of options, I usually do the UDP scan but you can try them all, they are free . There would not be any point in doing a Nmap scan of the loopback address as you would be scanning from within the firewall meaning that the firewall never comes into play. Leaktest only tested if the firewall enforced rules with respect to allowing only certain applications to access the internet, it checked whether if you renamed a suspect program, such as a trojan, to something like iexplore.exe, if it would allow it out just because of its name (which it abviously shouldn't do). It didn't actually check the packet rules of the firewall as far as I am aware.
hope this helps
-
October 22nd, 2002, 01:01 PM
#3
I've just edit my iptables and my port sentry.. and I'm looking mmm..somekind..tool or maybe website would be help..to test of that new configuration specialy my port sentry...I've been thinking to scan myself would that be bad idea?
Not an image or image does not exist!
Not an image or image does not exist!
-
October 22nd, 2002, 01:15 PM
#4
Follow the link to sygate that is in my other post, that site will test how the firewall etc handles packets. It would not do any harm if you scanned yourself locally but like I said, you will find it would make no difference whether you have the firewall on or not, because the source and destination ip addresses are both inside the firewall, they are both your machines address. You need to be scanned from an external address to see what effect the firewall is having (hence the link to the site), if you really wanted to do an nmap scan I guess you could route it out through a proxy and back to scan yourself, providing your firewall will allow the traffic out, seems a bit pointless though.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|