# howto scan for security holes /  test my firewall

## Qubax

i got my fwbuilder emerged and running, compiled my script.

fwbuilder was not hard, so i want to know how good the script for th e firewall is

does somebody know a light program that tells my where a still have a security hole (don't want nessus - seems to be quit a big download and i just want to test my firewall)

thx

----------

## delta407

 *Qubax wrote:*   

> 
> 
> does somebody know a light program that tells my where a still have a security hole (don't want nessus - seems to be quit a big download and i just want to test my firewall)

 

You generally want to rest your firewall from outside your firewall -- I would suggest nmap. Tell it to do agressive scans, fingerprinting, etc. and see what you can see. Fix any problems that arise. Lather, rinse, repeat.

Alternatively, you could post your IP address to the forum and we can test it for you.  :Wink: 

----------

## Qubax

yes i want to test my firewall from outside

i looked around and found [url]scan.sygate.com[/url] that scans nearly all thinks i know

can somebody just try out one the scans and tell me if they tell the truth

i made all scans, it seems that if forgotten to block UDP (what ever that is, but as linuxer i'll find out about it) - have a look at fwbuilder

fwbuilder seems to be good - easy to use and seems to secure

----------

## Chickpea

scan.sygate.com is the site I almost alway recommend.  I have used this to test my system on several occasions and it seems okay.  I generally run the test with and without the firewall running to compare results.  I also use another site -https://grc.com/x/ne.dll?bh0bkyd2  

Good luck.

C

----------

## splooge

scan.sygate.com doesn't work for me, page won't even load.  I don't think it likes my tight firewall settings.

The other site can't find anything even responding on my system.

What's really scary is when i had apache up for a few days messing around with it, I checked out my web logs and there was at least 100 entries of the Nimda or Code Red virus scanning my web server (../../cmd.exe).  It's simply amazing how many windows users don't know they're infected to heck and back.

----------

## Xor

my 2c: take a notebook with nessus to one of your frinds and let it run... next try nmap with it's variuos options (Protocol Scan, OS Finderprint, Stealth Scan, Fin Scan etc)... oh... and one peace of advice, don't come up with the idea to disable all of icmp (filter it, but don't disable it...)

you may also want to try the linux-kernel patches included in gentoo (don't know if gentoo-kernel has but gentoo-crypto-kernel has) like OpenWall and GRSecurity - really nifty features... but if you're used to use a mouse don't touch it  :Twisted Evil: 

cheers

xor

----------

## Qubax

has somebody an idea of how to block with fwbuilder? my fw should block everything that is incoming and let everything through that wants out, but it seems not to do this,cause scan.sygate.com tells me that udp is not blocked (ok, its closed, but i want it blocked)

kann somebody give my a hint of how to do that with fwbuilder

grc.com/x/ne.dll?bh0bkyd2 tells me that fw is working fine (could not detect me or any port), so with how much can i be confident?

----------

## Qubax

a more detailed question

shouldn't 

```
iptables -N RULE_2

iptables -A INPUT -j RULE_2 

iptables -A RULE_2 -j LOG  --log-level info --log-prefix "RULE 2 -- REJECT "

iptables -A RULE_2 -j REJECT  --reject-with icmp-host-prohibited 
```

lock up everything from outside, cause this is the part of the script fwbuilder gives me, to reject everything

i also have 

```
iptables -N RULE_1

iptables -A INPUT -p udp -m multiport --destination-port 138,137,139,69 -j RULE_1 

iptables -A RULE_1 -j LOG  --log-level info --log-prefix "RULE 1 -- REJECT "

iptables -A RULE_1 -j REJECT  --reject-with icmp-host-prohibited 

```

 to reject to ports for netbios-dgm/ns/ssn but it seems not to work (sygate says so)

is there something i have to compile into iptables?

----------

## Craigo

Check out this site below:

http://iptables-tutorial.haringstad.com/

I had my own firewall in ipchains and that guide + other help from peeps online really sorted out the switch to iptables. Take a look today!

-/Craigo/-

----------

## davoid

you might want to get ahold of netcat (nc) it's a great tool, IMHO

----------

## splooge

I use the iptables firewall script from here:

http://projectfiles.com/firewall/

Under the 'advanced' configuration section, set 'RFC_1122_COMPLIANT' to NO, this will disable everything incoming including icmp.

I also use the traffic shaper from here:

http://lartc.org/wondershaper/

----------

## Qubax

http://projectfiles.com/firewall/ works great

easy to config +

all scans i found were completly blocked

thx to splooge

but now a newbie question: how kann i make it start while booting? just make a link to default runlevel? or doing something with rc-update?

----------

