Broadband Tech > Security > Security > Test your Firewall, LSN new leaktest?

Test your Firewall, LSN new leaktest?

Sygate Personal Firewall v4.2 build 872 passes as well.

reply to Vampirefo
i think tiny should be passing.

Maybe you have something configured wrong with it?

»grc.com/lt/scoreboard.htm
[text was edited by author 2001-11-05 10:54:29]

Nope TPF fails, this is not Gibson's test, I have used TPF over a year, and I do know how to configure it. I am trying to figure out why it fails it, though, This is a two part test, One is just like Gibson's test, which TPF, passes, the second part is a new test which TPF fails.

oops..didn't go to your link..sorry..thought it was gibson's test. Does tiny pass gibson's leaktest?

reply to rdwilson
Rd Wilson, Graham from another forum is upset that SPF fails, perhaps you can tell him your setup, he has been using SPF, for a long, time and promotes the firewall. He has sent an e-mail to SPF, about SPF failing the test. If you can help, he would really appreciate it, that's what these kind of test are for, to help each other out. I don't use SPF, so I can't help him out at all.

You can see his post here »www.morelerbe.com/cgi-bin/ubb-cg···t=000138
--
Companies would rather lose you as a customer than fix the problem
Vampirefo

Joke Page

reply to Lex Luthor
Yes TPF, passes Gibson's test with flying colors.

reply to Vampirefo
I tried the Classic leak test with Tiny, I got the Tiny warring message that Yalta was trying to access .... I clicked deny and Yalta said it send the message, I then had tiny make a rule to not allow yalta access and it failed. I dont think Yalta send anything the first time but without a packet sniffer I am at a lose as to how to prove if it did or did not make it out the first time.
--
Bring gifts for Bin Laden

reply to Vampirefo
Yes TPF will pass the Classic leak, but fails the Enhanced Leak Test. And yes I use a packet sniffer, to verify my reports, I am using this one right now, it's easy to use, and it catches the transmissions. »Zx Sniffer 4.01

reply to Vampirefo

reply to Vampirefo
Following this thread with great interest.

Isn't a .vxd a device driver? Would it operate at a lower level than Tiny; therefore, Tiny would not see it?
--
Once I was fuzzster and now I'm just fuzz.

reply to Vampirefo
Somebody help me out... exactly what does testing localhost prove? There's no risk in localhost traffic... maybe I'm not understanding something... I'll run this on an old 95 box, later on. But passing a firewall test through a loopback connection would prove absolutely, precisely nothing, to me, if that's indeed what it's doing. I don't use a firewall to control loopback, here. I use it to control real connections. Anyone able to set me straight, if I'm wrong about something in how it works??? It won't work, of course, with NT, because the NT designers consider VxD's, themselves, a loose security model... I would like to hear comments, on this, but I would really like to have some comments on how it works.

I know that it really throws the MD5 prompts on Tiny... so that Tiny certainly knows it's trying to do something... but it can't, because NT won't let it load the VxD...

I know that the GRC leaktest just tries to smuggle out a packet... if it succeeds, we have a failure for the leaktest. I take an issue, where they say things like "Tiny (or ZAP, etc.) passsed or failed, without explaining the ruleset they used for testing... there's no such thing as a "default" configuration... soooo... assuming that it tries to get out to the "real" outside world... 127.0.0.1 isn't the real outside world, and testing localhost really sent up a red flag with me... hmmm ... any TCP experts tried this and want to offer a detailed rundown of what it tries to do ??? Something just doesn't sound right, I can't say exactly what or why, yet... and I can't put a finger on it...
--
"Arm yourselves, and be ye men of valour, and be in readiness for the conflict; for it is better for us to perish in battle than to look upon the outrage of our nation and our altar." - Sir Winston Churchill

reply to TheGiant

said by rooster69:

---

I tried the Classic leak test with Tiny, I got the Tiny warring message that Yalta was trying to access .... I clicked deny and Yalta said it send the message, I then had tiny make a rule to not allow yalta access and it failed. I dont think Yalta send anything the first time but without a packet sniffer I am at a lose as to how to prove if it did or did not make it out the first time.

---

reply to fuzz
Yes, and no. In that order. A VxD is a virtual device driver. Tiny loads as a real device driver. Tiny loads directly on top of the winsock (at the very bottom of the food chain, just before the TCP stack). The only thing that will ever load lower is a "winsock shim", something like libcap, that implements IPv6 (remember, raw sockets and all that?), or a trojan that actually replaces winsock...

Now, the 9x OS security model, being virtually non-existent to begin with, I sometimes forget that I'm quite sure Tiny, and others, behave significantly differently on a 9x system, and are probably, simply by nature of the OS they ride over, a good deal less secure, in a wholistic sense, on a 9x family than an NT family OS....

By the way, since I can't run it because I'm on a tightly configured NT OS, I can't say more than this, but Tiny caught the app trying to connect the minute I clicked, and it noticed the MD5 didn't match a minute later, when I clicked again... so it DEFINITELY isn't "not being noticed at all," at least here...
--
"Arm yourselves, and be ye men of valour, and be in readiness for the conflict; for it is better for us to perish in battle than to look upon the outrage of our nation and our altar." - Sir Winston Churchill

reply to gwion
Put in an IP address, I use dslreports, and then test it, You can put in any ip address, then it is not local, it connects to the internet.

reply to gwion
I just changed the IP address to Dslreports 209.123.109.175 and got the same results with ZA 2.1.44. No warning from ZA on the Enhanced Test.

reply to Vampirefo
I am running WinME and using Tiny. I set Tiny to stop everything and ran the enhanced test with a WAN IP address and Tiny did not see it at all. I used a packet sniffer to verify that, indeed, it got past Tiny.
--
Once I was fuzzster and now I'm just fuzz.

reply to TheWiseGuy$
Can you post the packet cap data? It would be very interesting. We could see exactly what it's doing to worm around the firewall, that way. Same for any Tiny or ZA logs that may have captured it... let's make a project of this one? Where are those packets going? Anyone interested? Seems worth a few minutes, anyhow...

Where? Where was it going???? Help! Nobody's telling us where it's connecting!! C'mon... we have this high falutin' packet sniffer... we need raw data, not conclusory statements!!! ;) Is it to a remote address or to localhost?

--
"Arm yourselves, and be ye men of valour, and be in readiness for the conflict; for it is better for us to perish in battle than to look upon the outrage of our nation and our altar." - Sir Winston Churchill
[text was edited by author 2001-11-05 12:03:05]

reply to bangaroo
Download the sniffer, I posted and you will the transmission, ie packets being sent.

reply to bangaroo

said by contango:

---

I just changed the IP address to Dslreports 209.123.109.175 and got the same results with ZA 2.1.44. No warning from ZA on the Enhanced Test.

---