Packet crafting for firewall and IDS audits (part 2 of 2)
This is the second of a two-part article series that discusses various methods of testing the integrity of your firewall and IDS, using low-level TCP/IP packet crafting tools and techniques. Part one showed several examples that tested a firewall (port 80 TCP, and port 53, UDP) using tools like hping and tcpdump.
We will now continue the discussion with a third test of the firewall, using the same tools as noted above, and then move on to test your IDS signatures and detection ability. Note that the focus here is on a Linux environment, but the process is similar with other Unix-like firewall/IDS environments as well.
By Don Parker at SecurityFocus.
[ Read more ]