Test de filtrage réalisé avec nmap :

Avec les règles standard :

***TCP***

# nmap 3.75 scan initiated Thu Jan 27 10:50:39 2005 as: nmap -sS -P0 -T5 -oN looknstop.txt 192.168.0.2
Interesting ports on 192.168.0.2:
(The 1243 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
113/tcp closed auth
1024/tcp closed kdm
1025/tcp closed NFS-or-IIS
(...)
4899/tcp closed radmin
4987/tcp closed maybeveritas
4998/tcp closed maybeveritas
5000/tcp closed UPnP
MAC Address: 00:0C:XX:XX:XX:XX (Asustek Computer)

# Nmap run completed at Thu Jan 27 10:50:48 2005 -- 1 IP address (1 host up) scanned in 9.594 seconds

***UDP***

# nmap 3.75 scan initiated Thu Jan 27 10:57:56 2005 as: nmap -sU -P0 -T5 -oN looknstopudp.txt 192.168.0.2
Interesting ports on 192.168.0.2:
(The 1245 ports scanned but not shown below are in state: open|filtered)
PORT STATE SERVICE
4/udp closed unknown
5/udp closed rje
11/udp closed systat
23/udp closed telnet
31/udp closed msg-auth
34/udp closed unknown
42/udp closed nameserver
(...)
4827/udp closed squid-htcp
5011/udp closed telelpathattack
5193/udp closed aol-3
5500/udp closed securid
6111/udp closed spc
6144/udp closed statsci1-lm
6969/udp closed acmsoda
7006/udp closed afs3-errors
7100/udp closed font-service
7651/udp closed cucme-4
9876/udp closed sd
17007/udp closed isode-dua
27015/udp closed halflife
28910/udp closed heretic2
47557/udp closed dbbrowse

# Nmap run completed at Thu Jan 27 11:03:38 2005 -- 1 IP address (1 host up) scanned in 342.682 seconds

Avec les règles évoluées :

***TCP***

# nmap 3.75 scan initiated Thu Jan 27 10:51:55 2005 as: nmap -sS -P0 -T5 -oN looknstopRE.txt 192.168.0.2
All 1663 scanned ports on 192.168.0.2 are: filtered

# Nmap run completed at Thu Jan 27 10:53:27 2005 -- 1 IP address (1 host up) scanned in 92.183 seconds

***UDP***

# nmap 3.75 scan initiated Thu Jan 27 11:04:46 2005 as: nmap -sU -P0 -T5 -oN looknstopudpRE.txt 192.168.0.2
All 1478 scanned ports on 192.168.0.2 are: open|filtered

# Nmap run completed at Thu Jan 27 11:06:07 2005 -- 1 IP address (1 host up) scanned in 82.098 seconds

Ce sont des bons résultats. Pensez à charger le jeu de règles évoluées dès le premier démarrage du firewall.

Le test de substitution est un succés. Le firewall réussit à détecter le changement de signature d'un programme.

Le firewall atteint le meilleur score 19/24 face aux leaktests. C'est un très bon résultat. Leaktests passés avec succés : Leaktest, ToolLeaky, FireHole, Yalta, PCAudit, AWFTester, Thermite, MBtest, Ghost et Surfer.

Le résultat de la résistance des firewalls face aux leaktests a été obtenu grâce à l'aimable autorisation du site FirewallLeakTester.com .

L'utilisation du processeur (Athlon 2200+) pendant les scans est négligeable : < 5% de ses capacités. La consommation du processeur est de 100% lors du scan "Exploit Test" du site PCFlank.

Le firewall n'utilise pas plus de 15 MO de RAM lors de son fonctionnement.