Broadband Tech > Security > Security > Lockdown Online Security Tests

Lockdown Online Security Tests

Nice find!

Since I didn't use a remote proxy for these tests, the first three (HTTP Log Test w/ NS Look Up, HTTP Log Test w/o NS Look up and Environment Test IP Address) only revealed either my IP or my fully qualified name equivalent IP. Obviously, if I don't use a remote proxy, then my IP will be revealed. I don't consider this a bad thing unless I were to access a crackers site.

Now, the Environment Test Operating System - Browser said I failed.. but it showed this for my OS:

The information below is being displayed on EVERY Internet connection that you make!

You DO NOT Appear To Be On A Proxy

This Could Be Bad!

Proxomitron stopped it from seeing my OS, although the test says I failed without ever telling me my OS. Ok...

Now onto the DoS PING TEST:

5 packets transmitted, 0 packets received, 100% packet loss

Stealth Test ...
You DO NOT Appear To Be Stealthed!

This Could Be Bad!

Again, packets transmitted but none received. I am dropping those ping requests, and yet the test says I failed. Ok, guess they want to buy their products!! -- Not.

Environment Test All Remote Environmentals:

You DO NOT Appear To Be Stealthed!

Again same as before, the only information they are grabbing is my IP and name translation for that IP. No biggy there. If I were to use a remote proxy, that even wouldn't show. All the other HTTP stuff is blank. (ahh, proxo)

Traceroute test:

The traceroute timed out at my IP posting numbers well over 400 ms, whereas my Net gateway was in the 20/30 ms range.

Proxy Test:

Same results as the Environment Test All Remote Environmentals. No concern here.

Web Form Test:

Hacker Satire:
---- Connection Notify ----
SoMe LaMeR JuST CLiCKeD oN YouR SuBMiT BuTToN!
GOOD! He is not stealthed or using a proxy!
His REAL IP address is: my ip
His Windows version and Browser is:
Setting timers ... (waiting 15 minutes)
Sending output to new virtual server IP....(they will never know where this is coming from .. SNiCKeR)
Scanning victims IP (my ip) for known trojan ports...
Scanning victims IP (my ip) for exploitable services...
Probing victims computer for known Windows vulnerabilities for ...
Obtaining a list of open file shares on my ip if they exist...
If file shares exist and are open: copy $TROJAN to victims startup folder...
If any part of this crack worked, send me an ICQ page right away!
Sending ICQ page...
Writing all results to my hack log...


I failed this.. why? Because again, I'm not on a remote proxy for this test, so they got my IP. No worries for me. And that's the only info that got, my IP.

FTP Email Address

The error link has to be clicked first, and then the start link. Anyhow, they didn't obtain anything new other than my IP. No problems here.. not a surprise.

NetBIOS MAC Test MAC Via Host or NetBios:

Wow.. nothing detected.

NetBios privacy test login & computer name:

Amazingly.. Nothing detected.

NetBios probe network & shares:

This test is the longest one so far. Once done, it came back blank, empty white page. So as per the test, if nothing is shown, I am "truly stealthed".

Internet Explorer Vulnerability Test:

Right off, they state this:

It is best to have your anti virus detection turned off for this test.

Yah, I don't think so.

Supposedly a file BrowserX.hta gets placed into the C:\WINDOWS\All Users\Start Menu\Programs\StartUp directory. I'm on Win2k, I don't have c:\windows. Searched for the file, and it wasn't found.

Thanks for taking the time to do the tests and post your results Z-X.

Certainly looks like the emphasis is 'Stealth', as the tests seem to focus on the display of the IP address... and the ability to see if you can be pinged, etc...

Guess it may come up useful for those new to the Internet/Security. I will run the tests from my PC when I get home tonight and see what it gives me, just out of interest.

In summary, if you're not concerned about revealing your IP address, then failing the tests is probably no big deal.

If you want you machine to appear Stealth, then these would appear to be some useful little tests.

Thanks again Zhen, for the post.

reply to Murray3
Hello,

Have a look at this before you do anything connected with Lockdown. There are other sources of info on Lockdown as well.

»www.wilders.org/lockdown.htm

TMC

Wow, now my comment earlier rings even truer: Ok, guess they want to buy their products!! -- Not.

reply to Transmaniacon MC
Thanks for the link Tranmaniacon MC.

Hmmm... seems I found a bad/dubious site. Sorry about that folks. I'm glad I asked the question before I proceeded.

Sorry for the pointless thread...

Heh, I'm not so glad I did the test. No biggie. Least we learned about this guy.

reply to Murray3
Don't confuse this Lockdown with Microsoft's IIS Lockdown Tool

Rob.

reply to Murray3
Hi

I had a look at the Lockdown site and ran the tests. I have spent much of the weekend and today tinkering about with various settings. I was able to do so mainly because of you guys at dslr and I think my PC is now very much more secure than, say, a few weeks ago. I've taken a lot of good advice from these pages.

The results I got were similar to Z-X's (I don't use a remote proxy). I don't pretend to understand many of the technicalities regarding my PC (if I can keep it running _ GOOD; if I can do it and be secure EVEN BETTER). I'll try to solve things but equally I'll look for advice too.

What really struck me as subtly as a flying mallet to the skull was the language used in the site. A lot of it was vague - This *could be* this or that. If I have my ports probed at Good Ol' Steve's place then I know what is being done and I know what the results are and there seems to be no pressure to purchase a product. Having run the Lockdown thingies I don't feel that I am any further forward that I was about 30 minutes ago except that I did go to wilders and read through the Lockwood related items. Now THAT was helpful

Regards

Gordon
--
I wish it could be Christmas everyday! Sung by Roy Wood & Wizzard, 1974

reply to Zhen-Xjell

said by Zhen-Xjell:

---

Wow, now my comment earlier rings even truer: Ok, guess they want to buy their products!! -- Not.

---

reply to Murray3
Download nesus and do this yourself. The only thing that stood out was the web form test. Finding a good
security site that does custom tests is the best way. I often times find holes in major sites by finding custom
holes the automated scanners missed. Problem with automated is its either yes or no. A good question is
what if it was scanning for web apps and is using default names. Now some admins rename them and according
to the automated test they are safe. A attacker will notice the change and still manage to get access. Shows you online automated tests are a nice quick preview only to obvious holes.

- zeno@cgisecurity.com

I for one have programs such as nessus, but many people do not know about these tools, or even have the capacity to install them, not to mention run them.

We all know that anything can be broken, but if there is a site that offers scanning, I figure, why not check it out? Just another tool among tools.

reply to Murray3
Great! You get a medal. This isn't a spectacular prover of anything, but it does highlight that there "are" malicious websites, that can be just as dangerous as e-mail scripts. For some reason, we seem to trivialize the risks of surfing websites, sometimes, and it's sort of a hobby horse of mine, to spread the word that active content can be as rich a medium for trojans as e-mail and downloads, but stealthier... and you have an OPEN CONNECTION with the other side that YOU INITIATED!

That said, I disagree with their definition of "stealth," to a degree. It isn't always necessary or even desirable to go through an anonymizing proxy. The two best reasons are (1) you don't trust your own firewalls and NAT and so forth; and, (2) you're headed for a site you really don't trust. Remote proxies are, granted, the only way of hiding your IP and still visiting a suspect site without "coming up for air" from stealth at their server log... it's an indispensible part of the connection... but they slow the connection dramatically, and may be overkill for everyday surfing on a reasonably secure machine, with good overall security habits.

Still, they're good to know about. And so is the awareness that HTTP is decidedly exploitable. IE doesn't default to a very safe active content handling policy, so, know thy browser. To me, that's a far bigger threat than the trivial info in the headers, or knowing the IP... and stealth, to me, refers to being unpingable. Being annonymized, to me, is "stealth plus." Some people get the two mixed up, as it is... I don't like expanding the definition too much.

hehehe... sorta funny, seeing it say "checking your browser for known vulnerabilities... Magilla 3.3.1 ... see? local filter proxies are good for more than killing ads!
--
"Arm yourselves, and be ye men of valour, and be in readiness for the conflict; for it is better for us to perish in battle than to look upon the outrage of our nation and our altar." - Sir Winston Churchill

reply to Murray3
I agree with the above. However, I found the "Browser Vulnerability Test interesing. It says:

"Virus Detection
It is best to have your anti virus detection turned off for this test. This is because it is the browser that is being tested. Your anti virus software may detect the method of infection as a virus and quarantine our test file. If this happens you should download and install your Microsoft critical update and then return to this page and test again.

If the test worked successfully the following file will be installed on your computer BrowserX.hta in the C:\WINDOWS\All Users\Start Menu\Programs\StartUp Directory..."

reply to Zhen-Xjell
Zhen,
Which Proxo rule will strip off the OS and browser info? Mine are coming through. Thanks in advance!

reply to Murray3
Here's a better testing site:

https://grc.com/x/ne.dll?bh0bkyd2
--
2b or not 2b

reply to Transmaniacon MC
I've been tracking this drama for some while now. So glad you inserted the link here. Caviat emptor!
--
"in flagrante delicto"

reply to Murray3
Murray - bcool,

Thanks, glad to have some helpful input. I to have followed this for a while. I have not tired the tests on his web site and they may indeed be useful, but I would just as soon stay away from anything this guy offers.

TMC

reply to Murray3

Pointless thread?

reply to jcr001

Re: Lockdown Online Security Tests