The test at grc came up as stealth but did recieve a ping reply

Im just trying look'n'stop out right now.which i dont think it is any better than sygate pro,but an interesting program.

GRC Port Authority Report created on UTC: 2003-05-21 at 23:59:27
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Hey Q-ball

Heh when you explore things you should allow yourself some time to learn of it’s capabilities before making drastic assumptions on something.

You using EnhancedRulesSet.rls correct?
Try Disabling it’s Default ICMP rule which named “ICMP : Ping other (Rsp)”, then do a re-scan. :)

Yes it does seem to be a configuration problem... just ran the same test as you... using v2.04p2 with Enhanced Rules and TCP SPI on...

GRC Port Authority Report created on UTC: 2003-05-22 at 01:30:50

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Hi guys,

well, there are some other rules as well, which you should activate. Did you activate those rules as well? ;)

http://www.wilderssecurity.com/showthread.php?t=8696

Best regards,

Patrice

Your right--maybe i jumped the gun a little---i will test some more

GRC Port Authority Report created on UTC: 2003-05-25 at 01:14:48
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.


I dont know what to do ??---Ive blocked all icmp and i still get a ping reply

Now outpost v2 did the same thing--i choose to use it in stealth mode and did the grc test--it too had a ping reply

Blackice did the same thing also---all stealth but had ping reply

The only firewall so far that tested to be all stealth with no ping reply was sygate pro.

Ive got several computers with different firewalls on them ------

I really like lns ,but if i cant figure out how to stop it from sending a ping reply,then there will be no need for me to purchase it.


"Im up for more suggestions guys" thx

Hey

Disable "all" the ICMP rules found in the rule-set and retry...

btw some Details would be nice, What Windows Version you using? What version of Look 'n' Stop you using? Are you behind a Router? Is the Machine Connecting to the Internet through another Computer?

Hello ph

I did disable all ICMP rules and it still came up

GRC Port Authority Report created on UTC: 2003-05-25 at 01:50:26
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Im using xp pro
Im using the latest lns 204p2
No im not behind a router while testing
No--im not connecting ti internet through another computer.

Im not really use to rule based firewalls yet--sygate spoiled me. Everything with lns is laid out pretty simple,so i dont think ive did anything wrong.

By the way ph ive been to your web site and think it to be pretty cool--keep up the good work.

Hey Q-ball

This is quite abnormal; apparently this appears to be a problem.
And whatever it is clearly indicating not only for Look ‘n’ Stop; give me a bit of time and I’ll see what I can find out…

-{ Quote: " By the way ph ive been to your web site and think it to be pretty cool--keep up the good work. -{ Quote: "
Thanks Q-ball, I’ll try my best… :)
" }-" }-

Q-ball

Did you say you made a rule to block ALL Inbounds/Outbounds of ICMP’s ? ???

No i didnt.

I just used the rule to stop forbidden packets of ICMP that came with stock LNS

I will admit --this is a learning curve for me----ive built my own computers for years now,but some of the rules i see on your site are beyond me how to activate them right now.

I quess ill slowly get the hang of it.

Hey Q-ball

There is a mistake in the Phant0m``s Rule-set $v1.0, scroll through the rule-set and find “UDP : Block Broadcast” rule and set it with a BLOCK Flag. Don’t forget to save Changes…

DO NOT Enable ANY RULES, Disabled RULES EXISTS ONLY FOR THOSE WHO HAS NEED FOR THEM, THEY WILL NOT ENHANCE YOUR PROTECTION ANY FURTHER.

Did you follow the page steps and properly configure your DNS rules and BOOTP / DHCP rules?

Are you on Dialup or?

And have you tried running the grc test to see if your problem still exists?

Hey Phant0m``

Im on adsl.

Did you follow the page steps and properly configure your DNS rules and BOOTP / DHCP rules?

No i have not yet.Just got out of a medal of honor game.I saw that on your site ,ill configure that later today and let you know


Thx for your help.


The more i mess with LNS ,the more i like it.

I also have tiny 4.5 on one of my computers --talk about a learning curve--the sandbox is awesome, but it does take some time to learn.

Hey Phant0m``

I did configure my DNS rules and BOOT/DHCP rules from your web site.Im also using your 52 ruleset zipfile from your web site.

I quess it is all configured right---it seems to be---but i just ran the grc test and it failed the ping rely again.

At this point i can just laugh at it, because i just dont know what else to do.

Hey Q-ball

Alright now I’m absolutely sure there is a Leak anomaly here occurring specifically on your Machine, are you sure when running Sygate Personal Firewall you get Stealth PING results?

You had mentioned that only Sygate Personal Firewall was capable of stealthing the PING test....

Do you have more then one Software Firewall installed on that Machine?

Hey Phant0m``

I only run 1 firewall at a time.Now i also system safty monitor too.

But thats about it.

Yes ,when i ran sygate pro i was totally stealth with no ping reply.

Ive put alot of work into learning LNS and configuring it.Much more than i put into most firewalls.

Hey Q-ball

I’ve sent Frederic and E-mail notifying him of this abnormal anomaly, hope to see him sometime this morning….

Regards,
Phant0m``

When you used Sygate Personal Firewall and you was Stealthed, was this before or after the grc Scanner updates?

https://nanoprobe.grc.com/x/ne.dll?bh0bkyd2


I went to the new 1 there.I didnt really care for the old 1.

Tell me ph--in your rule set--what is ETH-1?

The ping reply seems to be the only prob i can see right now.LNS passes everything i through at it but the ping relpy.

Is there another site i can go to and test to see if i get a ping reply


Also like i said before --outpost v-2 and blackice 3.6 also had a ping reply..-i didnt really play around with outpost that much so dont take it the wrong way.

I know of pcflank and blackcode--but there scans do not tell me about the ping reply.


regards

Hey Q-ball

Yes the Look ‘n’ Stop Firewall normally passes totally for all except you so it seems.

ETH-1 is a rule to Allow Ethernet packets between my Local Computers; I don’t recommend using that rule, unless you absolutely “know” it’s necessary.

If you go-to my website and into FAQs / Miscellaneous / Online Port Scans, you should find some sites

Your probe of 0.0.0.0/24 yielded the following results:

Network: 0.0.0.0, Netmask: 255.255.255.0, Broadcast: 0.0.0.255, Responded: Yes (broadcast=0, network=1), Duplicates: 0

CONCLUSION: The network responded, but returned no dups. OK network.


id: 1000030
created: 1998-05-07 01:34:24 CET
updated: 1998-05-07 01:34:24 CET
network: 0.0.0.0/24
net-descr: not-analyzed
last-probed: 2003-05-26 08:32:40 CET
responding: Yes
duplicates: 0 (highest seen, resets to 0 when 0 seen)
fixed: never
home-as: not-analyzed
as-descr: not-analyzed

http://www.powertech.no/smurf/

Thats the results from this site.

Yep 1stly you didn't put an IP Address into the Field... :)

Hello again Phant0m``

I did a true complete format and reinstalled LNS trying out the enhanced ruleset and Phant0m`s-May22.rls

It still had a ping reply .Everything else was stealth.

:(

Q-ball ---scratching his head --is all this really worth it? lol--[ i think so]


I do believe with Phant0m`s awesome ruleset my comp is pretty well protected but would be hackers on net will come across my ping reply and want to check things out.


Sense ive grown fond of LNS i can only hope that we can find out what is going on.

I will wait and see .

Regards

Hey Q-ball

As I said before the Default rule-set should have stealthed you but it didn’t, my Rule-set was absolutely suppose to Stealth you as ICMP Inbounds/Outgoings are ALL blocked by Default…

So basically what i'm saying if a Leak actually occuring nothing done in the rule-set can help you with, and i do believe it's either false alarms or it's getting a PING from another Machine... Otherwise i would say for some reason any Software Firewall you Install leaks for abnormal reasons....

I still cant see Sygate Personal Firewall stealthing you under these abnormal circumstances...

Regards,

Hey Q-ball

That rule-set has been improved, download the recent copy from my web-site... More Info can be found at http://www.wilderssecurity.com/showthread.php?t=9584;start=15

Well i just got adsl here 2 wks ago.Had cox cable broadband before that. IT seem to lose sych with the net too much--so i changed to adsl.

2wks ago when i had cable ,i also had sygate pro on my computer that did pass all the test with no ping reply.

I just installed sygate pro on my comp again to test ,and it was stealth but had ping reply.

So this made me look at other factors.I called bellsouth about my modem and they as of yet have not been much help.

http://www.westell.com/pages/index.jsp

I have the wirespeed 2100

I have a westell adsl modem that seems to have a firewall built in,but bellsouth did not seem to know anything about that.

Bellsouth claims that there advanced tech support will call me later and try to help.

The ping reply may be coming from my modem---not the software firewall.


What do you think?

Alright the modem is replying then....
You need to Disable the Modem from replying....

That's why i asked if you was behind a Router ;)

I didnt consider my modem being a router.Bellsouth didnt even know that it had a firewall built in.


I d/l the manual for the modem and it does have configuration for low-med-high security settings.----But bellsouth could not tell me how to get to those settings.There was no software or manual included with modem.


I called westell and im on hold right now.

:)

GRC Port Authority Report created on UTC: 2003-05-27 at 23:37:18
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


It passes now----if i had known about my modem earlier i could have saved some needed brain cells ;D

Also Phant0m``

Thx for you info on changing LNS to boot up before other apps.It took a little working with but it works great now



regards

You are very welcomed Q-ball :)