Hosting Provided By

Re: Firewall Load Testing

From: Kurt Seifried <bt(at)seifried.org>
Date: Tue Dec 10 2002 - 13:37:48 EST

> My apologies if this isn't the right forum for this question; I'm

There are hardware/software solutions to generate stupid (yes, that's a technical term) amounts of traffic, but they tend to be pricey (but OTOH they make for nice re-creatable tests). For 10/100 base interface firewalls however a few unix systems on either end doing things like synfloods or running Dan Kaminsky's new tools to scan networks (and create enormous numbers of SYN packets) are freely available. Things like nmap on high settings or several dozen (hundred) concurrent copies of Nessus going can also generate significant loads. You can use tcpreplay to take captured tcpdump streams and replay them, this can also be used to create large amounts of arbitrarily wierd and hostile network traffic. In the OpenBSD (and most BSD systems) ports tree, net and security directories there are tons of tools to create these conditions.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Tue Dec 10 16:15:25 2002

This message: [ Message body ]
Next message: Wolf, Glenn: "RE: remote MAC address discovery?"
Previous message: Tina Bird: "remote MAC address discovery?"
In reply to Jason Dixon: "Firewall Load Testing"
Next in thread: Gene: "Re: Firewall Load Testing"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT