what do you think about this?

PC Flank Leaktest Current Results

We have gathered statistics of how each of the major firewalls coped with PCFlank's Leaktest. These results are shown below.
PCFlank's Leaktest vs. the major firewalls, as of May 10, 2006:

Firewall PC Flank Leaktest Result:
Norton Personal Firewall 2006 (v. 9.0.0.73) failed
McAfee Personal Firewall Plus (v. 7.0.152) failed
Kerio Personal Firewall 4 (v. 4.2.3) failed
Zone Alarm Pro 6 (v. 6.1.744.001) failed
Outpost Firewall Pro (v. 3.51.748.6419) failed
Kaspersky Anti-Hacker (v. 1.8.180.0) failed
Windows XP built-in firewall failed
Tiny Desktop Firewall 2005 Pro (v. 6.5.126) passed

There's a thread about it here on the Look n Stop forum also.

http://www.wilderssecurity.com/showthread.php?t=131402

I have stopped visiting this site since well known firewalls seem to be not good enough to pass PC Flank leak test. I added a router instead to my setup as added protection.

Suggest to try shieldsup at www.grc.com to check your firewall or router for open ports.

-{ Quote: "I have stopped visiting this site since well known firewalls seem to be not good enough to pass PC Flank leak test. I added a router instead to my setup as added protection.

Suggest to try shieldsup at www.grc.com to check your firewall or router for open ports." }-

Thanks a lot!

-{ Quote: "what do you think about this?

PC Flank Leaktest Current Results

We have gathered statistics of how each of the major firewalls coped with PCFlank's Leaktest. These results are shown below.
PCFlank's Leaktest vs. the major firewalls, as of May 10, 2006" }-
Well, PC Flank along with GRC are the best firewall test pages.

Since this test is about blocking outbound, it does not really conserns me, because my protection is based on prevention (inbound blocking only), but anyway, it is interesting to see, how useless outbound blocking is. If the PC gets infected, the trojan does not have problem to shutdown security software or it can simply bypass it, like PC Flank Leaktest nicely proofes.

Jetico pass, no problem!

I ran this TEST 5 times & Passed 5 times with ZAF & FIRE FOX . IE is Blocked in ZAF.

-{ Quote: "I ran this TEST 5 times & Passed 5 times with ZAF & FIRE FOX . IE is Blocked in ZAF." }-
Paid versions of ZA will also pass this test if the OSFirewall feature in ZA is switched on and you deny permission when the OSFirewall alerts prompt you. See this thread:
http://forum.zonelabs.org/zonelabs/board/message?board.id=Off-Topic&message.id=9809

You may carefully exam the way it used, a little interesting.
GSS or ZA maybe used for test.
By the way, don't be fool by the word "failed", you can fail even you unplug the network connection. That means, you failed if you don't have a suspend action for the way it used.

-{ Quote: "Well, PC Flank along with GRC are the best firewall test pages.

Since this test is about blocking outbound, it does not really conserns me, because my protection is based on prevention (inbound blocking only), but anyway, it is interesting to see, how useless outbound blocking is. If the PC gets infected, the trojan does not have problem to shutdown security software or it can simply bypass it, like PC Flank Leaktest nicely proofes." }-
Hi TheTOM_SK,

Checkout http://www.firewallleaktester.com if you want to find the best firewall test website. GRC's leaktest1.2 is the most trivial of the tests there.

If you only do inbound blocking, your firewall can still be penetrated, and with no outbound blocking your computer is no longer your own.

Once you begin to think of protection in terms of OS, network, and application levels including the Registry, i.e. multi-layered, rather than simply in terms of inbound protection only, then your security will correspondingly improve as you add layered protection.

-- Tom

-{ Quote: "Checkout http://www.firewallleaktester.com if you want to find the best firewall test website." }-
I know this site, I use their WWDC, they also test outbound blocking mostly.
-{ Quote: "If you only do inbound blocking, your firewall can still be penetrated, and with no outbound blocking your computer is no longer your own." }-
It is not about that I do not use outbound blocking, but I take it as part of my firewall.
As long as there are only trusted programs in PC, there is no need for blocking outbound.

But I guess, that you meant, that if my PC would get infected, some trojan could leak at will. In that case, I am not really worried of getting infected, not because it is almost impossible, but even if I would, there is nothing serious to be stolen. Anyway, thanks for your conserns.

While there may be nothing to leak, surely you would not want your PC to be turned into a spambot without your knowledge say if it is online 24/7 when you are not there in front of the PC.

-- Tom

I see your point, but do not worry my PC is at least safe as well as yours. ;)

I failed the test at first, but then I realized that it was using my local proxy to bypass the firewall and send the text string. Once I went into LnS and stopped the proxy from communicating to the Internet on port 80, the test completely failed, even though it said it passed (i.e. when I went to the page, there was no entry shown for me whatsoever). In other words, the test only succeeded because of the local proxy, which isn't news to me at all. Many other leak tests have taken advantage of local proxies to bypass firewalls and inaccurately procclaim that they have defeated your firewall software, when they have really only exploited one of the functions of a proxy server (i.e. to bypass communication restrictions imposed by corporate firewalls or routers).

And how do I know that it took advantage of my local proxy and not something else? Simple: in the results page, it listed a spoofed IP address, not my real one. ;) Since IP spoofing is one of the things I have enabled via my local proxy, the only way it could have picked up the spoofed IP was if it had sent the packet containing the data I typed through the proxy first. Kind of lame, if you ask me. :P That's another reason I don't give much weight to any of pcflank's tests...they can easily be fooled by IP spoofing and/or proxies.

GRC.com's ShieldsUp test, on the other hand, is NOT fooled by simple spoofing methods. ;)

I found this test to be very interesting. What interest me is PCFlank does not provide detailed information on how this test bypassed a software / hardware firewall, I operate both, including ICF.

What it could be doing is exploiting a buffer overflow, that has not been fix in Windows, giving PCFlank an illegal advantage, that is if they're using this overflow for their own gain and did not explain or report it. OR using a service you had already allowed through your firewall applications. I am probably incorrect about that statement, but they failed to provide detailed information and explain what procedure was taken to bypass your security settings. I find it very odd they do not explain this in detail.

This is just my opinion only but I don't put much stock in PC Flank tests. They pretty much seem to be at odds with the other test sites quite a bit.

In fact, Internet Explorer is required to be open when running this test, which immediately tells me that it's exploiting a Buffer Overflow, during one of my tests I completely shutdown application access the the net, via my firewall, and was still able to get through. I wonder if they even reported such a problem. Please correct me if I am wrong.... but this test is exploiting a buffer overflow.

What worries me, is this company is trying to gain an advantage and do not explain the tests result.

I`m in over my head here a bit :-[ ....however. For quit a while now there has been a little Java script, I believe, based trick going around the net. Have seen it on a ton of websites. It`s usually a little figure holding a sign displaying your PC`s IP. Really caused quit a stir for a while among the security minded surfers. :blink: This would happen regardless of your security set up. Router, firewall, etc. did`t matter. It was explained that it was really a trick and the only one that saw it, the IP, was you. Never took the time to discover how this worked, but could this test be based on the same script?

These are my discoveries while testing with Sygate (someone will appreciate it); like to apologize in advance I wrote this up in 2minutes.
Step#1: Once PCFlankleaktest askes to open IE an application allowance is displayed attempting to send information displayed in #1;
Step#2: The next screen on PCFlankleaktest requests to "Enter the test data" after you enter the data and submitt (next) Sygate prompts again for application allowance, displaying data contained in #2;
Step#3: PCFlankleaktest will now show vague details and ask again to open IE and navigate to the results menu, again Sygate will ask for application allowance (if PCFlankleaktest.exe has not been given exclusive rights) to open IE displaying results from #3.

PCFlankleaktest.exe fails it's own test, if it has been exclusively denied access to the net and/or the inherent use of iexplorer.exe. However, this test will succeed if the application has inherent rights to iexplorer.exe. Concluding, iexplorer.exe should not be given inherent rights to any application, regarless of it's trustworthyness. Most software firewall applications explicitly give you the right to allow/deny/ask (control) your application, which you should never allow mischievous applications to access your programs.



#1: Initial launch of FLank asking to use IE:

Parent Process : E:\PCFlankLeaktest.exe
Parent Version : 1.0.0.0
Parent Description : Leaktest developed by PCFlank.com
Parent Process ID : 0x770 (Heximal) 1904 (Decimal)


File Version : 6.0.2900.2180
File Description : Internet Explorer (iexplore.exe)
File Path : C:\Program Files\Internet Explorer\iexplore.exe
Process ID : 0x8D8 (Heximal) 2264 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : IP_OMITTED
Local Port : 1261
Remote Name : www.google.com
Remote Address : 64.233.167.104
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 80)
Destination: 00-0f-66-0d-e8-35
Source: 00-0d-61-32-cd-16
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x5b47 (Correct)
Source: IP_OMITTED
Destination: 64.233.167.104
Transmission Control Protocol (TCP)
Source port: 1261
Destination port: 80
Sequence number: 1462827921
Acknowledgment number: 0
Header length: 32
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x4c72 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 0F 66 0D E8 35 00 0D : 61 32 CD 16 08 00 45 5C | ..f..5..a2....E\
0010: 00 34 4E 43 40 00 40 06 : 47 5B AC 14 10 64 40 E9 | .4NC@.@.G[...d@.
0020: A7 68 04 ED 00 50 57 30 : FB 91 00 00 00 00 80 02 | .h...PW0........
0030: FF FF 72 4C 00 00 02 04 : 05 B4 01 03 03 03 01 01 | ..rL............
0040: 04 02 6C 65 61 6B 74 65 : 73 74 2F 6C 65 61 6B 31 | ..leaktest/leak1












#2: Sending entered data to test; SG reports Flanks usage to IE:


Parent Process : E:\PCFlankLeaktest.exe
Parent Version : 1.0.0.0
Parent Description : Leaktest developed by PCFlank.com
Parent Process ID : 0x770 (Heximal) 1904 (Decimal)


File Version : 6.0.2900.2180
File Description : Internet Explorer (iexplore.exe)
File Path : C:\Program Files\Internet Explorer\iexplore.exe
Process ID : 0x8D8 (Heximal) 2264 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : IP_OMITTED
Local Port : 1262
Remote Name : www.pcflank.com
Remote Address : 195.131.4.164
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 80)
Destination: 00-0f-66-0d-e8-35
Source: 00-0d-61-32-cd-16
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x7467 (Correct)
Source: IP_OMITTED
Destination: 195.131.4.164
Transmission Control Protocol (TCP)
Source port: 1262
Destination port: 80
Sequence number: 686365195
Acknowledgment number: 0
Header length: 32
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x43a2 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 0F 66 0D E8 35 00 0D : 61 32 CD 16 08 00 45 5C | ..f..5..a2....E\
0010: 00 34 4E 54 40 00 40 06 : 67 74 AC 14 10 64 C3 83 | .4NT@.@.gt...d..
0020: 04 A4 04 EE 00 50 28 E9 : 1A 0B 00 00 00 00 80 02 | .....P(.........
0030: FF FF A2 43 00 00 02 04 : 05 B4 01 03 03 03 01 01 | ...C............
0040: 04 02 45 43 41 43 41 43 : 41 43 41 43 41 43 41 43 | ..ECACACACACACAC






#3: open to view results to test:

Parent Process : E:\PCFlankLeaktest.exe
Parent Version : 1.0.0.0
Parent Description : Leaktest developed by PCFlank.com
Parent Process ID : 0x770 (Heximal) 1904 (Decimal)


File Version : 6.0.2900.2180
File Description : Internet Explorer (iexplore.exe)
File Path : C:\Program Files\Internet Explorer\iexplore.exe
Process ID : 0x8D8 (Heximal) 2264 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : IP_OMITTED
Local Port : 1264
Remote Name : www.pcflank.com
Remote Address : 195.131.4.164
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 80)
Destination: 00-0f-66-0d-e8-35
Source: 00-0d-61-32-cd-16
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x5a67 (Correct)
Source: IP_OMITTED
Destination: 195.131.4.164
Transmission Control Protocol (TCP)
Source port: 1264
Destination port: 80
Sequence number: 545554806
Acknowledgment number: 0
Header length: 32
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x3b43 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 0F 66 0D E8 35 00 0D : 61 32 CD 16 08 00 45 5C | ..f..5..a2....E\
0010: 00 34 4E 6E 40 00 40 06 : 67 5A AC 14 10 64 C3 83 | .4Nn@.@.gZ...d..
0020: 04 A4 04 F0 00 50 20 84 : 81 76 00 00 00 00 80 02 | .....P ..v......
0030: FF FF 43 3B 00 00 02 04 : 05 B4 01 03 03 03 01 01 | ..C;............
0040: 04 02 6C 65 61 6B 74 65 : 73 74 2F 6C 65 61 6B 31 | ..leaktest/leak1






@ThunderZ; The java bypass, so much to say, not threatening or harmful in anyway. You transmitt your IP, browser version and os type every time you or your pc accesses the net, also called metadata. Take Wilders Security for example, the admin could supply us with general statistics on what browser, os types and ipranges are most commonly used to access this site. Sure, it could be harmful to someone who knows how to exploit the data, but rarely the case.

-{ Quote: "@ThunderZ; The java bypass, so much to say, not threatening or harmful in anyway. You transmitt your IP, browser version and os type every time you or your pc accesses the net, also called metadata. Take Wilders Security for example, the admin could supply us with general statistics on what browser, os types and ipranges are most commonly used to access this site." }-


Understood, in part. But if your behind a router then should it not have shown the routers` IP, not the PCs` IP, which as I remember, it was.

Depends, i'd hate to take this thread off to a different subject, but since your asking, it's very much so for software to query both your external CPE IP and your private internal IP.

Most common programs/applets are java, activex, squid, and a few proxies, most proxies use squid and depending on the anonymity your internal IP can be exposed. Java and ActiveX are applets which have the ability to expose your internal network, you can disable java and activex compenents by increasing your security settings in internet properties or completely removing java.

Here's a comprehensive link, regarding your question.
http://www.auditmypc.com/internal-ip.html

-{ Quote: "Depends, i'd hate to take this thread off to a different subject, but since your asking, it's very much so for software to query both your external CPE IP and your private internal IP." }-


Not sure it is a different subject sense it has to do with just how the test functions and is it a true leak or just a FP so to speak.
Checked your link. The first paragraph is the one I find the most interesting. The external IP is correct. The internal is blank.(Added for reference.) This is with Firefox java enabled.

NATTED IP

Your external IP address (68.xxx.xx.xxx) is always exposed to the internet, if it wasn't, you wouldn't be able to visit sites. On the other hand, your internal IP address () should be protected and not be obtainable by websites.

How Jetico stop PCFlankLeaktest.exe

When you run PCFlankLeaktest.exe and enter the test data and press "Next"
Jetico ask access to network "tooleaky.exe" "Hash 0C0A11B1 C032915E B5018338 6FD88C6A 05B47EBE"
Block "tooleaky.exe" and PCFlankLeaktest say "Your firewall has failed the test" Copy-paste the link into your browser and no result on
http://www.pcflank.com/pcflankleaktest_results.htm.
When you click the "open browser" Jetico ask access to network "PCFlankLeaktest.exe" "Hash 3437369E 6B75021F 57DE5527 C33EF7B1 026E52D6" and allow or block access and no result on
http://www.pcflank.com/pcflankleaktest_results.htm
So for first you must test your firewall if pass "tooleaky.exe" and "WallBreaker.exe" from http://www.firewallleaktester.com
If your firewall pass "tooleaky" and "WallBreakertest" then must pass PCFlankLeaktest too!
This depend of your configuration!
If your firewall not pass this-test then change your firewall!
Thats it! Enjoy.