Firewall Testing, Regardless Of Leaktests

Iv'e but doing some Firewall testing recently, most of the big names,and some of the not so well known names, and have come up with this conclusion: Regardless of whether or not your firewall passes or fails some, or most, or in some cases ALL Leaktests Its rather irrelevant if your Firewall passes the following:

Stealth Test:
With the help of the Stealth test you can determine if your computer is visible to the others on the Internet. You can also use this test to determine if your firewall is successful in making ports of your system stealthed
and hiden from intruders.

Browser Test:
This test will check if your browser reveals any of your personal information. This might be the sites you have visited, the region you live in, who your Internet Service Provider is, etc. The test will recommend specific settings of your browser for you to change.

Trojans Test:
This test will scan your system for most dangerous and widespread Trojan horses. If a Trojan is found on your computer the test recommends actions to take.

The test will probe the ports used by the Trojans and if a port is "open" then your computer is infected


Advanced Port Scanner:
The Advanced Port Scanner will test your system for open ports that can be used in attacks on your computer.

You can select which scanning technique will be used during the test from the following:

TCP connect scanning (standard)
TCP SYN scanning .


Exploits Test:
This test will detect how vulnerable your computer is to exploits attacks. This test can be also used to test firewalls and routers for stability and reactions to unexpected packets. Most of the exploits are in fact denial-of-service attacks and if your system is unable to pass this examination following actions can take place:

Some attacks may cause you computer to crash (so-called "blue screen of death") or reboot. So all unsaved data in open applications at the time of the attack may be lost.
The attacks can also consume large amounts of network bandwidth.
You computer may start operating very slowly as the attacks may consume most or all of the operating system's CPU resources.
Some attacks can break your Internet connection.

If your firewall confirms that you have passed these tests, then the Leaktest is rather trivial, as no data is being transmitted by your computer, regardless of the leaktest reporting such.

You can test your computer here at www.pcflank.com or www.grc.com

 

This is a good selling point for firewalls,.. but if the PC is fully stealthed or not does not help with protection. A point to make, is that the PC can only be 100% stealthed if you are not on line,.. as as soon as you connect out it is possible to be seen (if you know where to look, and crackers do)

This is not correct, just because a port may be open does not indicate that the user is infected.

Most TCP scan are "half open" scans. These send a TCP SYN packet to see is a reply TCP SYN ACK is sent back, if one is, then the port is open,... but the scanner does not send back the ACK

DOS attacks are normally directed at the TCP/IP stack, some examples:-

 

Hey,

Stealth Test is useless, because every network point/note will respond, even if they don't exists..

I.e. if an IP isn't available, because the device/pc isn't connected, then you will get an answer from the network node, that there is no nothing at this IP.

But if you are using an software firewall which "stealthes" your ports and someone asking to connect to your IP on one of these ports, they will get nothing, no response. (Because the software firewall simply ignores, discards this requests..)

And that will show the geeks, that there is an PC with an software firewall online..

So stealthing is useless

best regards,

iNsuRRecTiON

 

I'm not too fussed if i can be seen online or not, as long as no one can get in i'm happy.

 

Yes,.. a correct response would be "Destination unreachable"

 

Hey,

yes, and with software firewalls, which stealth your ports, you get no response at all, maybe timeout..

best regards,

iNsuRRecTiON

 

How do these attacks affect Router Firewalls?

 

These will not directly affect the router, as these are just fragmented packets, most routers will simply pass these through (if part of a current stream,... or they are going through an open (forwarded) port. Some routers with SPI will intercept/block certain types, but this depends on the router SPI filters.

 

If you use a firewall that require a rule to allow a program acts like a server, this test will not work.