PDA

View Full Version : Firewall leak tests



Blacksheep
12-27-2001, 09:16 PM
http://www.pcflank.com/news08**0*.htm

and more

http://www.looknstop.com/En/leaktests.htm

Nulland Void
12-28-2001, 01:19 PM
Nav passed except for the privacy test.

Opera passed all with flying colors, including all the exploits test.
I was using Tiny. Didn't want to try with Sygate as I haven't had time to configure it properly yet.

Thanks for the links, Blacksheep.

Blacksheep
12-28-2001, 09:06 PM
*] Tested TooLeaky and Firehole on MSIE 5.0*, Sygate PF Free:

TooLeaky made not a dent- no packets in or out.

Firehole bored right thru- Here's CommView sniffer reconstructed TCP session (with xs strategically placed to cover my private parts):

Message from user "current user" on computer C*F4Z2 [xxx.xxx.86.*60] at *2/28/0* *7:02:*4
***** I have successfully bypassed the personal firewall! *****

HTTP/*.* 400 Bad Request
Date: Fri, 28 Dec 200* 2*:02:*4 GMT
Server: Apache/*.*.*4
Connection: close
Content-Type: text/html; charset=iso-885*-*

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H*>Bad Request</H*>
Your browser sent a request that this server could not understand.<P>
Request header field is missing colon separator.<P>
<PRE>
***** I have successfully bypassed the personal firewall! *****</PRE>
<P>
</BODY></HTML>

2] Tested TooLeaky and Firehole on MSIE 5.5, Sygate PF Pro 5.0 beta with all Options> Security tab> checkboxes checked:

Tooleaky reports "Success!" True. CommView sniffer and SPF Pro recorded packet traffic between my PC and Tooleaky target grc 207.7*.*2.*** so firewall breached.

Firehole reports "failed to connect Failed to send message" True. SPF Pro popped a flag on IE saying a dll might have been loaded, will I allow connect. I said no. No packet traffic.

Hmmm...
Firehole breached SPF Free but not SPF Pro 5.0 beta.
Tooleaky breached SPF Pro 5.0 beta but not SPF Free.

Conclusion:
IMHO one must use sniffer to know for sure when running these tests. All of these firewall leak tests require code running in one's PC. If rogue code gains entry to one's PC one is probably dead meat anyway if programmer is good.

What to do? Don't get any trojans and hope firewall vendors plug the holes.

Sleep tight.

Nulland Void
12-29-2001, 02:06 AM
http://www.morelerbe.com/cgi-bin/ubb-cgi/ultimatebb.cgi?ubb=get_topic&f=*7&t=000*72

Please note that there are 4 pages.

(After reading this, I suppose that LooknSee is the FW of choice...?)

Blacksheep
12-29-2001, 11:13 AM
Nulland Void:
"http://www.morelerbe.com/cgi-bin/ub...c&f=*7&t=000*72 "

Disturbing! Ignorance is bliss.

"Please note that there are 4 pages.

(After reading this, I suppose that LooknSee is the FW of choice...?) "

Look 'n' Stop http://www.looknstop.com/En/index2.htm is now at the top of my agenda of firewalls to test. Have hopes Sygate will get their act together for SPF to block all firewall leaks including nonstandard packets.

Thanks for post Nulland Void.

Nulland Void
12-30-2001, 01:33 PM
Yeah right, LooknStop. (no wonder I had such a hard time finding it at Google!)

My computer is becoming very depressed and threatens to commit suicide unless I go back to Linux.