Egressor 1.0 review
DownloadMITRE has released a freeware tool that allows a company to check the configuration of their Internet point-of-presence router
|
|
MITRE has released a freeware tool that allows a company to check the configuration of their Internet point-of-presence router. Egressor will help companies determine whether their routers are configured to the Help Defeat Denial of Service Attacks guidelines. This configuration of egress filtering reduces the chance that their computers can unwittingly contribute to a distributed denial of service attack.
The tool has two parts; a generator and a receiver. The test generator (or "client") is being provided as C source code and the test receiver (or "server") is a PERL script. Both are currently known to work on LINUX, and the server also works on Solaris.
This egress filtering diagnosis tool is provided as a public service subject to the terms of the License Agreement. This tool is merely an aid; security remains the responsibility of the user.
This tool is intended to assist information security specialists in conducting a vulnerability analysis of their network by identifying potential weaknesses in their network configuration; however, the use of this tool can not guarantee adequate information security or that a network has adequate egress filtering.
This tool should not be used on an information system without the specific authorization of the person responsible for the information security of that system. This tool is not intended to serve, and should not be considered, as a substitute for qualified information security specialists or an information security program tailored to your information system. You should consult with a qualified information security specialist to properly interpret the results of this vulnerability analysis and before taking any corrective action.
Briefly, the client generates a stream of packets, some of which are spoofed. The server listens for test packets, and determines if spoofed packets were received as part of the test. The server then generates a report of the results, indicating whether spoofed packets were received or not. Figure 1 shows the two scenarios that the tool can find including the html versions of the reports. There is also a "daemon" option which causes the server to run indefinitely.
Installation:
Ensure you have a gcc compiler, and GNU make.
Ensure you have LIBNET installed.
Change directories to where you wish to install the egressor directory
Untar egressor.tar:
tar -xvfz egressor.tar.gz
Edit makefile to refer to the location of libnet
Build the package:
make
Egressor 1.0 search tags