Jai Sundar Balasubramaniyam

Firewatch

Name

Firewatch

Release Information

Evaluation Release 1.0 from Bellcore
Download from ftp://ftp.bellcore.com/pub/world/firewatch/

Functionality

Firewall log analyzer

Requirements

SunOS 4.x, Solaris 2.x

Documentation

man pages available. README file is sufficient for installation

Installation Details

Routine. You *must* follow the directions exactly as in the README.
You must type in the entire name of the OS. No defaults or auto-detect for any of the answers.
When interrupted, it does not always remove the install_firewatch script.

Evaluation Notes

Firewall logs must be in ASCII or compressed format. Must be converted from FW-1 format to either of these. Must be converted using

fw log inputfile > outputfile.
fw log export does *not* work
very weak input validation. Accepts invalid input, and then tries to run the script using that. I used dst_port of 1000-1234 and it accepted it and ran the scanner to finally end up with (big surprise) no records.
Rudimentary input and output formatting
occasionally leaves some temporary files in /tmp
accepts any text file as input (again no file format checking)
occasionally dumps core when fed garbage (long lines, binary files and such). Poorly written.
lots of data is generated. An abridged report would be nice.

Security Issues

Firewatch uses relative pathnames in executing subcommands, such as rm (uses rm rather than /bin/rm). This could be a security problem if privileged users run this in the wrong directory. Further, the program will not work properly if rm is not in the path (will not delete files)

Features

Very simple feature set
allows all destination ports, or a very simple combination of them.
Full regular expressions are not supported, only the $ and ^ REs.
Tedious to specify "all low ports only", "all high ports only", and port ranges
Similar problem with source ports, and all other options

Conclusion

Very simple tool. Unless the true version is significantly better, it will not be worth it unless it is free.

This review was written by Jai Sundar Balasubramaniyan `<balasujs@cs.purdue.edu>` during the summer of 1997. The opinions expressed are for purposes of critical review, and do not represent any official recommendation or endorsement by COAST or Purdue University.

Firewatch

This review was written by Jai Sundar Balasubramaniyan <balasujs@cs.purdue.edu> during the summer of 1997. The opinions expressed are for purposes of critical review, and do not represent any official recommendation or endorsement by COAST or Purdue University.

This review was written by Jai Sundar Balasubramaniyan `<balasujs@cs.purdue.edu>` during the summer of 1997. The opinions expressed are for purposes of critical review, and do not represent any official recommendation or endorsement by COAST or Purdue University.