Thanks for all the suggestion guys, 2009/6/10 Albert R. Campa <[email protected]>
> As far as rules, back in the day we used to have a script that would tell > us what hosts/ACLs in the firewalls havent been used for last 30/60 or 90 > days, then you could proceed to remove them. > > Some firewall admins add rules in firewalls because customers request them, > but the customers dont really know what they need, like when they say they > need bidirectional rules, when they might not. > > Also this script would find out what rules get hit most and those rules > could be moved up to the top of the list, to help performance. > > > - deny-all > > __________________________________ > Albert R. Campa > > > On Wed, Jun 10, 2009 at 7:21 AM, Paul Asadoorian <[email protected]>wrote: > >> Chris Bentley wrote: >> > >> > Paul/Ron any idea what type of scans I could run using nmap or nessus. >> > Also this would make a good technical segment for the show. >> >> Great question! See below for answers that are just off the top of my >> head: >> >> 1) nmap -sT -n -T4 -p1-65535 <targets behind the firewall> >> >> That will take some time, but the connect() scan works better for >> firewalls and causes them not to crash/fill up state table. Always scan >> all ports, and you can also mess around with different source ports too. >> >> 2) nmap -sU -n -T4 -p1-65535 <targets behind the firewall> >> >> Don't forget UDP! >> >> 3) Nessus is a vulnerability scanner, but does contain a really sweet >> TCP and UDP port scanner. I'd recommend running it against all ports >> using select plugin families. This way you can also find any >> vulnerabilities in your firewall (making certain that the actual IP >> address of your firewall is included in the targets) and the systems >> behind it. Also, there are several plugins that test "firewall stuff", >> 515 to be exact: >> >> # find . -name '*.nasl' -print0 | xargs -0 grep -i firewall | wc -l >> 515 >> >> :) >> >> Cheers, >> Paul >> >> >> -- >> Paul Asadoorian >> PaulDotCom Enterprises >> Web: http://pauldotcom.com >> Phone: 401.829.9552 >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
