Penetration testing *snigger*

**da.Guvna** · 18-01-2011, 10:19 PM

Hey guys, anyone here know of a good utility for pen testing my firewall?

I normally use Shields Up!, but I've been left a bit suspicious as to how effective it is after I completely disabled the firewall on my ADSL router and it still came back with a 100% stealth score. I'm guessing the fact that the machine on which I was testing was still a step behind the router (i.e. Shields Up! only knows my WAN IP, whereas my PC obviously has an IP on an internal subnet), but still I'd have thought *some* ports would have been exposed on my machine?

I mean, what's the point in having a firewall on your router otherwise!?

**shbris** · 19-01-2011, 03:45 AM

backtrack is best penetration testing software, but i would be careful how you ask questions like this

**BobF64** · 19-01-2011, 10:48 AM

Originally Posted by da.Guvna

I'm guessing the fact that the machine on which I was testing was still a step behind the router (i.e. Shields Up! only knows my WAN IP, whereas my PC obviously has an IP on an internal subnet), but still I'd have thought *some* ports would have been exposed on my machine?

I mean, what's the point in having a firewall on your router otherwise!?

Well, unless youve deliberately forwarded ports through the router, and youre using NAT, there wont be any exposed ports.

Bare in mind that NAT routers make a connection out, and allow the returning connection back in automatically, otherwise youd have to open a lot of random ports.

As an example, you go to 2 websites, both are port 80, your router allows this out.
The 2 sites send data back on 2 different client ports, say 1025 and 1026, and it handles the mapping for you.

*Note, Im probably wrong somewhere, I often am, but I think the above is correct.

**Zadock** · 19-01-2011, 11:09 AM

Originally Posted by shbris

backtrack is best penetration testing software, but i would be careful how you ask questions like this

Backtrack is a really powerful set of tools and it can be used for, potentially, illegal things as well. But as shbris says it is the best though it may be a little complicated for a simple firewall test? Its not a one click test affair, there are lots of commands you'd need a guide book to use it properly.

I had the wifi encryptiong cracking facility demonstrated to me a couple of years ago, promptly upgraded my wifi encyption afterwards!

**badass** · 19-01-2011, 11:27 AM

Nessus http://www.nessus.org/nessus/intro.php is an extremely good penetration tester however you have to run it on a machine external to your firewall. However if you're using it as a NAT firewall, short of having any port forwarding set up, any pen testing tool will report things as being pretty secure unless there are gaping security flaws in your firewall's code.

**da.Guvna** · 19-01-2011, 01:27 PM

Thanks guys. I was fairly sure that the NAT provided decent protection.
It's one of those things where I'm pretty happy that I've done a good job, but nobody is perfect and I'm prone to forgetting smaller details sometimes

By default, my firewall blocks EVERYTHING on the inbound, so that's fine, but I have a fairly bizarre config internally. I won't go into details, but it's one of those things where I've either been smart, or INCREDIBLY stupid haha.

I'll give Nessus a go at some point. I think you're right in saying that Backtrack is probably beyond my requirements (or time-to-learn budget). This isn't a professional deployment, or protecting any servers, so it's not a big issue.

**Moby-Dick** · 19-01-2011, 05:21 PM

Forget about Shields Up - its a complete waste of time and has been for the last decade

for most home systems as long as you are behind a resonable NAT router and dont have the router open to remote admin with a default password - they you'll have "good enough" security.

personally I'd use the windows firewall as well , it adds very little overhead imo.

**CaptainCrash** · 20-01-2011, 02:34 AM

Originally Posted by Moby-Dick

for most home systems as long as you are behind a resonable NAT router and dont have the router open to remote admin with a default password - they you'll have "good enough" security.

I seem to remember this caused a few red faces at Be*/O2 a couple of years ago, when the password for their router's remote admin account (sensibly stored in plaintext, naturally) was leaked and plastered all over the Internet.

I'll bet there are still quite a few that are vulnerable, as the Be router (at least the horrible Speedtouch 780 that I was originally using) has a habit of periodically losing all its settings and reverting to the original template.

**watercooled** · 20-01-2011, 02:38 AM

That's not something that would be picked up by a penetration test though, you'd need to do some research on the router for stuff like that.

**j.col** · 20-01-2011, 01:43 PM

Originally Posted by Moby-Dick

Forget about Shields Up - its a complete waste of time and has been for the last decade

for most home systems as long as you are behind a resonable NAT router and dont have the router open to remote admin with a default password - they you'll have "good enough" security.

personally I'd use the windows firewall as well , it adds very little overhead imo.

thanks. i was also wondering about this.

i used to use shields up and their leak tester as well

Thread: Penetration testing snigger

LinkBack

Thread Tools