lns fails leak tests

Discussion in 'LnS English Forum' started by kerberus, Feb 3, 2003.

Thread Status:
Not open for further replies.
  1. kerberus

    kerberus Guest

    hallo, everyone
    i'm using enhancedrulesset. lns passes all stelth tests. so fine.
    lns should pass all 5 leak tests from pc flank.
    I tried these tests:
    leaktest - passed
    firehole - failed
    tooleaky - failed
    outbound - not testet
    yalta - passed
    i didn't make any changes in the rules set. Why does lns fail the tests?
    my system is w2k sp3. no other firewall is installed.
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    The ruleset is for Internet Filtering (stealth/scan tests).
    The leaktest applications only involve the Application filtering.

    What is the Internet browser you are using ?

    It is known that with some browsers, if an instance is already started, Look 'n' Stop may fails the Firehole test.

    However the Tooleaky test is supposed to work in any case.

    What are the application you have allowed ? Could you join a screencopy of your Application Filtering page (in advanced mode to see the status of applications starting other ones).

    Thanks,

    Frederic.
     
  3. kerberus

    kerberus Guest

    Hi, Frederic,
    My Internet Browser is Mozilla 1.3a.
    The application, i allowed: mozilla of course, IE 6.0 sp1, Trillian 1.0b, The Proxomitron, PTBSync, services.exe, LNS, Setiathome, Setidriver, Setispy.
    However the Tooleaky test failed.

    And sorry, can't join a screencopy. I have one, but don't see an attach button at the bottom to send the attachment.

    thanks,
    kerberus
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi kerberus,

    You can post attachments only as a registered member.

    Regards,

    Pieter
     
  5. kerberus

    kerberus Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    5
    Hi, Frederic,
    now i'm regeistered und can send the screencopy of my application filtering
    page.
    Hers you are.
     

    Attached Files:

  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok, thanks.

    Everything seems correct (even if I have some diffulties to see the application names).
    Perhaps there is something special with Mozilla, that prevents Look 'n' Stop from detecting Tooleaky.
    I will try it as soon as I have some time.

    Frederic.
     
  7. kerberus

    kerberus Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    5
    Hi, Frederic,
    i will try to get a better screencopy.
     

    Attached Files:

  8. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok, thanks it's better ;)

    Did you add manually Tooleaky to the list ?

    Otherwise I suppose Look 'n' Stop finally detected it ?

    If you suppress the line with Tooleaky and you start again Tooleaky, what happens exactly ?

    Thanks,

    Frederic.
     
  9. kerberus

    kerberus Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    5
    No, i did not add manually tooleaky to the list.
    LNS has detected tooleaky.
    LNS asked me to permit or to deny tooleaky. I decided to deny and not to be asked again. Then a window from toolekay appeared with a report, that the message was send and the firewall was passed and that it means, that the firewall has failed and so on.

    I want to remain, that firehole failed too. There was no recognition from LNS. Just a window from firehole, that the message was send.

    Thanks Kerberus
     
  10. kerberus

    kerberus Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    5
    By the way, i did the tests several times, always with the same results.
    And each time i droped the line with tooleaky.

    I wanted to try the outbound test too, but i didn't find the 2 needed files from the mentioned homepage. I only find the packet.dll,
    but seemed to be, that outbound missed the second file, i can't find. What a pitty :(
     
  11. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    I think there is a cache issue there.

    I reproduced the same problem after having allowed one time Tooleaky to connect (just to verify the test was Ok). After that any other attempts are stated successful (for Tooleaky) even if Look 'n' Stop is configured to block Tooleaky. And even if I'm disconnected from internet, and even if I reboot the computer.

    My understanding is that IE (Tooleaky uses IE, even if you installed another browser) will retrieve the page info in the "Temporary Internet Files" folder.
    For your information Tooleaky use the following URL:
    http://grc.com/lt/leaktest.htm?PersonalInfoGoesHere
    if being not connected to Internet IE still succeeds to get the title of the page for this URL (by looking in the cache), then the Tooleaky test is not reliable at all.
    Because this is what will happen after Look 'n' Stop block Tooleaky+IE, IE will look to the cache to retrieve the info.

    So I have to clear the Temporary Internet Files to have back Tooleaky failing the test with Look 'n' Stop.

    Note that since you are using Mozilla as the default browser, and assuming Mozilla doesn't use the same cache as IE, there is no chance to have the IE cache purged, and so the GRC page will be permanent in the cache (this is not the case for users having IE as a default browser).

    For Firehole, yes I already mentionned that Look 'n' Stop may fail the test if there is already an instance of a browser running.

    For Outbound, my understanding is that the test is only for Win9x/Me.

    Regards,

    Frederic
     
  12. kerberus

    kerberus Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    5
    @Frederic

    Thanks for your explanations.

    Regards
    Kerberus
     
Thread Status:
Not open for further replies.