Friday, November 4, 2011

Configure Policy-Based Routing On Check Point Secure Platform

There's no straight-forward way to achieve policy-based routing on Check Point SPLAT (Secure Platform). Since SPLAT is Linux-based and Check Point firewalls relies on operating system routing functions, policy based routing is also archived through iproute2 - a set of utilities used to control network traffic on Linux systems. iproute2 is available with most of the Linux distributions (including SPLAT) with a kernel version above 2.2.

For more information about iproute2, please refer to the links in Additional References section of this article.

When configuring policy-based routing with iproute2 on SPLAT, there are some important point you need to remember.
  1. You need to configure a routing table per policy and it's independent of your normal routing table
  2. Because of that, once a policy is matched only that particular table is looked for routing
  3. Therefore you must manually add all the routing information (including directly connected routes) for each and every table you create
  4. route --save command does not save the policy based route you configure using ip route command.

Monday, July 4, 2011

gnmap2csv - Generate a CSV File from Nmap Scan Results

I created this basic script to generate a small report from nmap scan results. It's just a quick-and-dirty bash script that can generate a CSV file from .gnmap files that are produced by nmap scanner. You can either use this for reporting or just to get a quick view of the hosts, open ports and services. It has been quite useful for me for penetration tests that I do.

The following is a sample file I generated from an nmap scan and I opened the CSV in Microsoft Excel.

Sunday, June 12, 2011

Automating Penetration Tests - Part 2

This is the part 2 of the article, click here to read part 1 of the article.

Modern Approaches to Attack Graphs Generation and Analysis

In the modern approach, attack graphs are generated without the full knowledge about the network – which represents real-world scenarios. Then during the attack phase rest of the information is learned and the attack graph is altered accordingly. A planner or an intelligent mechanism such as neural network is used to analysis the graphs and then to generate attacks.

There are two notable researches papers that discusses on attack planning. Ghosh and Ghosh proposed a new approach to attack planning using a planner [35]. Then Obes et al. have used the same concept and integrated the planner to a penetration testing framework to successfully conduct a penetration test [36].

Friday, June 10, 2011

Automating Penetration Tests - Part 1

This article is written based on the literature survey of my Masters theses on Automating Penetration Tests. The main objective of this research is to look into ways that penetration tests can be automated. However I strongly believe that capabilities of a god penetration tester can not be automated using a computer program. So the intention is to automate systematic steps of penetration tests to save time and effort for the penetration tester.

Basic Automation of Penetration tests

There have been various attempts to simplify penetration tests by automating various steps of the penetration test. The simplest attempt is Autopwn [3] in Metasploit framework [4]. First penteser gathers information about target systems using Nmap or Nessus. This information is imported to a database using database module in Metasploit. Autopwn query the database for open ports and services. Then it loads the exploits in Metasploit that matches these services and launch them against the target systems.

Monday, May 16, 2011

Introduction to Penetration Testing For Non-Technicals

If you are a manager with a different background than IT or if you are a non-technical person wondering whether to conduct a penetration test for your organization, this article might be of help to you.

What's Penetration Testing?
In a penetration test (a. k. a. pentest) penetration testers (a. k. a. pentester) simulate an actual attack on the system being tested to assess the weaknesses of the system(s) and gives recommendations on fixing the vulnerabilities discovered.

Penetration Testing Vs. Ethical Hacking?
Ethical hacking is a buzz word that became popular in information security industry with the introduction of Certified Ethical Hacker exam by EC-Council. Although some argue that penetration testing and ethical hacking are two different things , it's quite hard to identify any difference between the two

Monday, April 18, 2011

Disable DNS Lookup on Cisco Routers and Switches

This article discusses how you can disable DNS lookup on Cisco routers and switches and effect when DNS lookup is enabled.

In privilege EXEC mode, if you type in something other than a Cisco IOS command, the router assumes that you typed a domain name and it tries to resolve what ever you type.

Although this feature is can be useful in some situations, for most of the time, this is a pain, especially if you do not have DNS server configured. The router becomes irresponsive for about 5-6 seconds trying to resolve the name.

The following is an example.
Translating "wrong-command"...domain server (
Translating "wrong-command"...domain server (

% Unknown command or computer name, or unable to find computer