Internet Security Systems, Inc. has developed about 10 techniques for
testing firewall security.
There are many potential firewall misconfigurations. A tool which
attempts to exploit the vulnerabilities and let the administrator know
that their network is compromisable would be quite useful. These
techniques have been incorporated into Internet Scanner 3.0.
We are currently looking for some volunteer sites to test Internet Scanner
on to make the checks more bullet-proof, gather statistics about the
various existing firewalls, and to put together some kind of report
saying most firewalls were either penetratable or not and what techniques
were more successful and should be checked for on everyone's firewalls.
The benefit of being the volunteer is a free security scan of your firewall
with a report if it is vulnerable by any of these techniques. The reports
will be confidental between ISS, Inc and your company.
If you are intestested, please e-mail cklaus @
net a note with the
Your Title and Position.
Phone number so we can contact you.
Fax number to send you a Non-disclosure agreement.
The firewall type
The vendor's name
The ip-address of the firewall.
How many machines behind the firewall and range that we can scan
to attempt to reach them. (The reason we ask this is because many
of these tests depend on if we are able to connect to hosts on the
inside of the firewall. If you only have 1 server behind the firewall
and we aren't scanning the correct range to see if we can connect to that
server, then our tests come back false, even though the firewall may still be
We am looking for a wide variety of firewalls. Also, these tests may not
reflect defects in the firewall itself but that when installing, the
filter rules and options on the firewall were not set to a secure mode.
Christopher William Klaus Voice: (770)441-2531. Fax: (770)441-2431
Internet Security Systems, Inc. "Internet Scanner lets you find
2000 Miller Court West, Norcross, GA 30071 your network security holes
Web: http://iss.net/ Email: cklaus @
net before the hackers do."