The Firewall Tester is a tool designed for testing firewalls' filtering policies. It includes an Intrusion Detection System testing feature, along with a packet generator tool and a sniffer. Unlike common firewall testing tools or packet generators, ftester is capable of generating network traffic that will look like real connections to the firewall or IDS system tested, which allows users to test stateful inspection firewalls (like netfilter or ipfilter) and IDS (like snort).
|Tags||Networking Firewalls Security|
|Operating Systems||OS Independent|
Release Notes: A marker feature was added for running multiple ftest/ftestd instances. Lookup of configuration directives is now anchored properly. The IP ID field logging bug which occurred when max value is reached was fixed.
Release Notes: Support for CIDR notation was added. Extended ranges and CIDR notation is now supported by all modes. New configuration syntax 'flags:' were added. Pseudo fragment reassembly was added in ftestd. README.redhat was added. Minor code rewriting and cleanup was done.
Release Notes: This release fixes 'use strict' problems with Perl 5.8.0, adds a README file, and includes minor documentation changes.
Release Notes: A fragmentation option for TCP and UDP packets (-g flag) was added. A segmentation option for TCP splitting (-p flag) was added. Fragmentation related evasion methods were added. The connection spoofing syntax now supports an extended form.
Release Notes: An IDS testing option was added. The ability to read snort rule definition files was added. A sequence number error in the connection spoofing code was fixed. The connection spoofing sequence numbers were randomized. An option for resetting spoofed connections was added. An option for gracefully terminating spoofed connections was added. An option for using IDS evasion techniques was added. An interface specification option was added to ftestd. The code was cleaned up with respect to indentation and style.