Re: Firewall Testing

Tim Fletcher (tim@night-shade.demon.co.uk)
Wed, 10 Mar 1999 10:46:16 +0000 (GMT)


> I am using Linux firewall kernel 2.0.36 with a pentuim 166 MMX with
> 64M ram. I would like to stress test the firewall. Any sugestion on
> how to stress test the firewall?

Have a look at port scanners, they send packets to lots of ports very fast
nmap is very good one, see www.insecure.org/nmap. If it is a masqing
firewall, try opening lots of connections via something like quakespy.

> Is ping flooding on the firewall from another linux machine will
> stress the firewall?

Just the network / tcp/ip stack.

> When i ping flood the firewall, then i use another machine to ping the
> same interface. Will the result of the second ping time reveal
> wheather the firewall can handle stress or not?

Nope just the relitive performance of the network, the NICs, and the ip
stack.

> In linux, when i type uptime, it give 3 figure. According the man
> pages, the 3 figure is the load average of the machine for the past 1
> , 5 and 15 minutes. But what unit that use. For exmaple, if the figure
> show 0.02 0.45 o.67. What does it mean?

It is a combination of cpu, io, mem, network usage a load of 1 means that
you have maxed one area (eg running rc5 maxes cpu). A load of 0.02 is very
low a load of >3 is high.

Tim Fletcher .~.
/V\ L I N U X
tjdf@st-andrews.ac.uk // \\ >Don't fear the penguin<
tim@night-shade.demon.co.uk /( )\
^^-^^

Software, n.:
Formal evening attire for female computer analysts.

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu