Iv'e but doing some Firewall testing recently, most of the big names,and some of the not so well known names, and have come up with this conclusion: Regardless of whether or not your firewall passes or fails some, or most, or in some cases ALL Leaktests Its rather irrelevant if your Firewall passes the following:

Stealth Test:
With the help of the Stealth test you can determine if your computer is visible to the others on the Internet. You can also use this test to determine if your firewall is successful in making ports of your system stealthed
and hiden from intruders.

Browser Test:
This test will check if your browser reveals any of your personal information. This might be the sites you have visited, the region you live in, who your Internet Service Provider is, etc. The test will recommend specific settings of your browser for you to change.

Trojans Test:
This test will scan your system for most dangerous and widespread Trojan horses. If a Trojan is found on your computer the test recommends actions to take.

The test will probe the ports used by the Trojans and if a port is "open" then your computer is infected


Advanced Port Scanner:
The Advanced Port Scanner will test your system for open ports that can be used in attacks on your computer.

You can select which scanning technique will be used during the test from the following:

TCP connect scanning (standard)
TCP SYN scanning .


Exploits Test:
This test will detect how vulnerable your computer is to exploits attacks. This test can be also used to test firewalls and routers for stability and reactions to unexpected packets. Most of the exploits are in fact denial-of-service attacks and if your system is unable to pass this examination following actions can take place:

Some attacks may cause you computer to crash (so-called "blue screen of death") or reboot. So all unsaved data in open applications at the time of the attack may be lost.
The attacks can also consume large amounts of network bandwidth.
You computer may start operating very slowly as the attacks may consume most or all of the operating system's CPU resources.
Some attacks can break your Internet connection.

If your firewall confirms that you have passed these tests, then the Leaktest is rather trivial, as no data is being transmitted by your computer, regardless of the leaktest reporting such.

You can test your computer here at www.pcflank.com or www.grc.com

-{ Quote: "Stealth Test:
With the help of the Stealth test you can determine if your computer is visible to the others on the Internet. You can also use this test to determine if your firewall is successful in making ports of your system stealthed
and hiden from intruders." }-This is a good selling point for firewalls,.. but if the PC is fully stealthed or not does not help with protection. A point to make, is that the PC can only be 100% stealthed if you are not on line,.. as as soon as you connect out it is possible to be seen (if you know where to look, and crackers do)
-{ Quote: "In theory, stealth mode hides all the ports on your computer from being visible to others on the internet. Some think this makes then less vulnerable to a malicious attack and consider it the "holy grail" of firewall configurations.
A good hacker can spot this behavior - may actually consider it a challenge to try to break in as he/she wonders whats there.
Sometimes, staying in plain sight makes you less attractive as a target.
Achieving "stealth" mode with some network configurations (such as Microsoft internet connection sharing or ICS) can be very difficult. Stealth mode can make it difficult for the networked computers to "see" and interact with the gateway computer.

Computers dont stay "stealthed". The moment you do something that accesses the internet from your end, youre "unstealthed" because data is coming out. Any hacker with a packet sniffer who knows where to look can tell that somethings there" }-



-{ Quote: "Trojans Test:
This test will scan your system for most dangerous and widespread Trojan horses. If a Trojan is found on your computer the test recommends actions to take.

The test will probe the ports used by the Trojans and if a port is "open" then your computer is infected" }-This is not correct, just because a port may be open does not indicate that the user is infected.


-{ Quote: "Advanced Port Scanner:
The Advanced Port Scanner will test your system for open ports that can be used in attacks on your computer.

You can select which scanning technique will be used during the test from the following:

TCP connect scanning (standard)
TCP SYN scanning ." }-Most TCP scan are "half open" scans. These send a TCP SYN packet to see is a reply TCP SYN ACK is sent back, if one is, then the port is open,... but the scanner does not send back the ACK


-{ Quote: "Exploits Test:
This test will detect how vulnerable your computer is to exploits attacks. This test can be also used to test firewalls and routers for stability and reactions to unexpected packets. Most of the exploits are in fact denial-of-service attacks and if your system is unable to pass this examination following actions can take place:

Some attacks may cause you computer to crash (so-called "blue screen of death") or reboot. So all unsaved data in open applications at the time of the attack may be lost.
The attacks can also consume large amounts of network bandwidth.
You computer may start operating very slowly as the attacks may consume most or all of the operating system's CPU resources.
Some attacks can break your Internet connection." }-DOS attacks are normally directed at the TCP/IP stack, some examples:-
-{ Quote: " * The "Teardrop Attack"
This type of denial of service attack exploits the way that the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments. The fragment packet identifies an offset to the beginning of the first packet that enables the entire packet to be reassembled by the receiving system. In the teardrop attack, the attacker's IP puts a confusing offset value in the second or later fragment. If the receiving operating system does not have a plan for this situation, it can cause the system to crash.

* The "Ping of Death"
The maximum legal ping data size is 65507 bytes (which yeilds 65535 with ip header and ICMP echo request) or less if certain options are present. The Ping o' Death sends a ping of 65510 bytes. Naturally, any ping that large will be fragmented in transit. When the packet is reassembled, it exceeds 64K in length which broke most TCP/IP stacks resulting in internal buffer overflows.

* The “Bonk” and “Boink” attacks reverse the “Teardrop” attack in that they set a fragment offset larger than the packet size. These exploits affect Windows machines. “Bonk” attacks only port 53 on these machines, which isn’t always open. “Boink” was released in order to send the attack packets to a range of ports, in order to make the attack more usable.

* The “NewTear” attack affects Windows machines as well. It is simply a modified version of “Teardrop” which changes padding length and increases the UDP header length field to twice the size of the packet.


* The "Rose Attack" The attack is very simple, which involves only two fragmented packets being sent to the victim machine. The first packet, which is of the size of 32 bytes, is the initial offset zero fragment. The second, also of the size of 32 bytes, is set to an offset of 64800 bytes into the datagram. When the two packets are sent out, the victim machine�s CPU cannot process fragmented packets until the queue for the fragments times out, thus causing DOS attack" }-

-{ Quote: "

Stealth Test:
With the help of the Stealth test you can determine if your computer is visible to the others on the Internet. You can also use this test to determine if your firewall is successful in making ports of your system stealthed
and hiden from intruders.

" }-

Hey,

Stealth Test is useless, because every network point/note will respond, even if they don't exists..

I.e. if an IP isn't available, because the device/pc isn't connected, then you will get an answer from the network node, that there is no nothing at this IP.

But if you are using an software firewall which "stealthes" your ports and someone asking to connect to your IP on one of these ports, they will get nothing, no response. (Because the software firewall simply ignores, discards this requests..)

And that will show the geeks, that there is an PC with an software firewall online..

So stealthing is useless ;D 8) :P

best regards,

iNsuRRecTiON

I'm not too fussed if i can be seen online or not, as long as no one can get in i'm happy.

-{ Quote: "I.e. if an IP isn't available, because the device/pc isn't connected, then you will get an answer from the network node, that there is no nothing at this IP." }-Yes,.. a correct response would be "Destination unreachable"

Hey,

yes, and with software firewalls, which stealth your ports, you get no response at all, maybe timeout..

best regards,

iNsuRRecTiON

-{ Quote: "DOS attacks are normally directed at the TCP/IP stack, some examples:-
* The "Teardrop Attack"

* The "Ping of Death"

* The “Bonk” and “Boink”

* The “NewTear”

* The "Rose Attack" " }-

How do these attacks affect Router Firewalls?

-{ Quote: "How do these attacks affect Router Firewalls?" }-These will not directly affect the router, as these are just fragmented packets, most routers will simply pass these through (if part of a current stream,... or they are going through an open (forwarded) port. Some routers with SPI will intercept/block certain types, but this depends on the router SPI filters.

-{ Quote: "Trojans Test:
This test will scan your system for most dangerous and widespread Trojan horses. If a Trojan is found on your computer the test recommends actions to take.

The test will probe the ports used by the Trojans and if a port is "open" then your computer is infected" }-
If you use a firewall that require a rule to allow a program acts like a server, this test will not work.