How to Test a Router Firewall
Level of difficulty:
A firewall is employed in blocking malware capable of scanning the computer for security vulnerabilities in order to infiltrate the system using the weak spots. Testing a router firewall allows users to check commonly open ports on the computer. A router’s life is made up of several significant steps which include configuration, securitization, problem solution, modification of rules, and router replacement. In validating the choices of the administrator, network tests are done in each case.
- Free network testing tool
There are a number of methods for testing firewall and routers but all shares the basic idea of transmitting a packet to the side of the router. On the other side, verify the arrival of the packet when it is determined to be allowed and when it is not, verify that nothing was forwarded. When the packets are blocked, verify that nothing was forwarded and the error message ICMP is then sent back to the sender.
Since all network administrators have their own way of setting up devices or solving problems, there is no generic method for testing router firewalls. The key points of low-level methods may be linked together so that a high-level method may be constructed. The key points include the process of sending the packet, verification of the packet’s arrival and the simulation of a testing computer. These three key points allow administrators to test the network.
Network testing tools are available on the Internet free of charge. One such tool is the lcrzoex which may be availed of at the website http://www.laurentconstantin.com/us/lcrzo/. Other network libraries or network tools such as telnet, snoop, ipsend, tcpdump, libpcap and libnet could also be employed. However, the lcrzoex has the capability of incorporating all that is required in testing the router firewall.
Sending a packet depends on the protocols supported by the network. As for IP over ICMP/UDP/TCP and Ethernet, one must first determine the type of packets to be sent. The packet type depends on a number of factors such as whether the said packet is forbidden or allowed, valid or invalid, and whether the router firewall is in its rightful place or a testing platform. Another point to consider is whether the destination and sender computers are made available or simulated. What follows is spoofing at the Ethernet level.
When packets are sent at the IP level, one must set the Ethernet address source to the network board’s MAC address and obtain the router’s Ethernet address by sending the ARP request. However, this method does not allow operations that can be done at the Ethernet level because sometimes, the IP stack takes to rejecting the sent packet.
Packets sent at the level of Ethernet are sent directly across the network without having to go through the local IP stack. The said method is more complex because the Ethernet addresses have to be set by the user. In order to get the computer’s Ethernet addresses, a network testing tool such as the lcrzoex 2 is utilized.
To verify the packet’s arrival on the network, one would have to use a sniffer. However, when the sniffer is located on a crossed LAN, connect the said sniffer to the switch’s dedicated port.
The process of validating a router’s configuration is a tedious task especially when one wants to verify the device’s security. The usage of these tests allows administrators to design an elaborate method for configuring or securing a router firewall.