View Full Version : lns fails leak tests
February 3rd, 2003, 06:42 PM
i'm using enhancedrulesset. lns passes all stelth tests. so fine.
lns should pass all 5 leak tests from pc flank.
I tried these tests:
leaktest - passed
firehole - failed
tooleaky - failed
outbound - not testet
yalta - passed
i didn't make any changes in the rules set. Why does lns fail the tests?
my system is w2k sp3. no other firewall is installed.
February 4th, 2003, 02:51 PM
The ruleset is for Internet Filtering (stealth/scan tests).
The leaktest applications only involve the Application filtering.
What is the Internet browser you are using ?
It is known that with some browsers, if an instance is already started, Look 'n' Stop may fails the Firehole test.
However the Tooleaky test is supposed to work in any case.
What are the application you have allowed ? Could you join a screencopy of your Application Filtering page (in advanced mode to see the status of applications starting other ones).
February 4th, 2003, 04:03 PM
My Internet Browser is Mozilla 1.3a.
The application, i allowed: mozilla of course, IE 6.0 sp1, Trillian 1.0b, The Proxomitron, PTBSync, services.exe, LNS, Setiathome, Setidriver, Setispy.
However the Tooleaky test failed.
And sorry, can't join a screencopy. I have one, but don't see an attach button at the bottom to send the attachment.
February 4th, 2003, 04:19 PM
You can post attachments only as a registered member.
February 5th, 2003, 04:47 PM
now i'm regeistered und can send the screencopy of my application filtering
Hers you are.
February 6th, 2003, 04:26 PM
Everything seems correct (even if I have some diffulties to see the application names).
Perhaps there is something special with Mozilla, that prevents Look 'n' Stop from detecting Tooleaky.
I will try it as soon as I have some time.
February 7th, 2003, 07:38 AM
i will try to get a better screencopy.
February 8th, 2003, 08:06 AM
Ok, thanks it's better ;)
Did you add manually Tooleaky to the list ?
Otherwise I suppose Look 'n' Stop finally detected it ?
If you suppress the line with Tooleaky and you start again Tooleaky, what happens exactly ?
February 8th, 2003, 05:54 PM
No, i did not add manually tooleaky to the list.
LNS has detected tooleaky.
LNS asked me to permit or to deny tooleaky. I decided to deny and not to be asked again. Then a window from toolekay appeared with a report, that the message was send and the firewall was passed and that it means, that the firewall has failed and so on.
I want to remain, that firehole failed too. There was no recognition from LNS. Just a window from firehole, that the message was send.
February 8th, 2003, 06:01 PM
By the way, i did the tests several times, always with the same results.
And each time i droped the line with tooleaky.
I wanted to try the outbound test too, but i didn't find the 2 needed files from the mentioned homepage. I only find the packet.dll,
but seemed to be, that outbound missed the second file, i can't find. What a pitty :(
February 9th, 2003, 10:17 AM
I think there is a cache issue there.
I reproduced the same problem after having allowed one time Tooleaky to connect (just to verify the test was Ok). After that any other attempts are stated successful (for Tooleaky) even if Look 'n' Stop is configured to block Tooleaky. And even if I'm disconnected from internet, and even if I reboot the computer.
My understanding is that IE (Tooleaky uses IE, even if you installed another browser) will retrieve the page info in the "Temporary Internet Files" folder.
For your information Tooleaky use the following URL:
if being not connected to Internet IE still succeeds to get the title of the page for this URL (by looking in the cache), then the Tooleaky test is not reliable at all.
Because this is what will happen after Look 'n' Stop block Tooleaky+IE, IE will look to the cache to retrieve the info.
So I have to clear the Temporary Internet Files to have back Tooleaky failing the test with Look 'n' Stop.
Note that since you are using Mozilla as the default browser, and assuming Mozilla doesn't use the same cache as IE, there is no chance to have the IE cache purged, and so the GRC page will be permanent in the cache (this is not the case for users having IE as a default browser).
For Firehole, yes I already mentionned that Look 'n' Stop may fail the test if there is already an instance of a browser running.
For Outbound, my understanding is that the test is only for Win9x/Me.
February 14th, 2003, 10:21 AM
Thanks for your explanations.
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums