Fuzz Testing Hardware Firewalls

Overview

This topic describes how to perform three different tests against hardware firewalls using beSTORM

Test 1 - Direct test of the firewall (IPv4)

To test an IPv4 firewall with beSTORM, do the following:

  1. Install beSTORM Client on a computer that is not in use or on a network and assign an IP address to it. This will create the beSTORM server.

  2. Set up the target firewall on another computer that is also not in use or on a network and assign an IP address to it.

  3. On the beSTORM server, go to https://npcap.com/, and then download and install the Npcap network device driver for Windows.

  4. Open Command Prompt on the beSTORM server, and then enter the following command to start the Npcap driver: 

    sc start npcap
    NOTE: If the "[SC} StartService FAILED 1056" error message appears, then the driver is already running.

  5. Using an Ethernet cable, connect the beSTORM server to the IPsec computer. Do not include a switch between the two computers.

  6. Open beSTORM Client.

  7. Select New Project. The beSTORM New Project Wizard opens.

  8. On the Welcome page, do the following:

    1. In the Project Name box, enter a name.

    2. Optionally, select a different file location for your project in the Location Name box.

    3. Leave Please select the wizard set to Simple.

    4. Leave Perform a port scan, and service detection and assist me in choosing the relevant module unchecked.

  9. Select Next.

  10. On the Basic Configuration page, do the following:

    1. In the beSTORM's predefined modules list, select IPv4.

    2. In the Network Device list, select Network Device (Npcap).

  11. Select Next.

  12. On the Module Environment page, do the following:

    1. Destination Address - Double-click on the Value box. In the MAC Address Finder dialog, enter the IP Address of the firewall computer and then select Find. The MAC Address box will refresh and display the MAC address of the firewall computer. Select OK.

    2. Sender IP Address - In the Value box, enter the IP address of the beSTORM server.

    3. Source Address - Double-click on the Value box. In the MAC Address Finder dialog, enter the IP Address of the beSTORM server and then select Find. The MAC Address box will refresh and display the MAC address of the beSTORM server. Select OK.

    4. Destination IP Address - In the Value box, enter the IP address of the firewall computer.

  13. Select Next.

  14. On the Extra Configuration page, ensure the ARP Echo and ICMP Echo checkboxes are selected. Leave all other parameters to their default setting.

  15. Select Next.

  16. On the Complete beSTORM wizard page, select Finish to begin testing, or clear the Auto-start beSTORM scan now checkbox to run the test later.

  17. If an exception occurs once your test begins (that is, an attack was successful), a message will appear in the Exception Information dialog informing you that the remote server is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.

  18. When testing is complete, select Report from the Test Information pane to view a short report of your test. To generate a more comprehensive report of your test, select ReportGenerate Report from the beSTORM Client.

Test 2 - Direct test of the firewall (IPv6)

To test an IPv6 firewall with beSTORM, repeat the steps outlined in Test 1, but select IPv6 in step 10a.

Tests 3 and 4 - Passthrough test of the firewall (IPv4 and IPv6)

To perform a passthrough test of the IPv4 or IPv6 firewall, do the following:

  1. Set up a third computer that is also not in use or on a network and assign an IP address to it.

  2. Change the network connections between the computers so that the firewall computer can route between the beSTORM server and the third computer.

  3. Repeat steps 1-11 outlined in Test 1 for IPv4 or Test 2 for IPv6.

  4. For step 12, on the Module Environment page, update the following:

    1. Destination Address - Double-click on the box in the Value column. In the MAC Address Finder dialog, enter the IP Address of the third computer and then select Find. The MAC Address box will refresh and display the MAC address of the third computer. Select OK.

    2. Target IP Address - In the box in the Value column, enter the IP address of the third computer.

  5. Complete the remaining steps outlined in Test 1 for IPv4 or Test 2 for IPv6.