new leaktest : WallBreaker

Discussion in 'other firewalls' started by gkweb, Jun 17, 2003.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Only block Windows Explorer (Explorer.exe) from Connecting rights, you should not block it’s Launching rights or you’ll see quite a number of Clients not being capable of connecting to the internet… ;)
     
  2. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    When blocking Explorer.exe it stops me from using Internet Explorer because it detects internet explorer has explorer.exe, now running Wallbreaker behind this should be stoped but it is not stoped and LnS sees it has being Internet explorer accesing the net.
     

    Attached Files:

  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    "Cannot find server"

    What's the URL Addy in the location bar of Internet Explorer?
     
  4. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    http://www.clubic.com
     

    Attached Files:

  5. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Right now it sees Internet Explorer has being Explorer.exe and Wallbreaker.exe has being Internet Explorer ...... weird.......
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I deactivated the reg file and now everything is working has it should. Internet explorer is seen has being internet explorer and explorer.exe is seen has it is. remains that the wallbreaker.exe sill gets true even thought explorer.exe is blocked ;)
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Clients are Applications like Internet Explorer, Outlook and so on…
    When you Block Windows Explorer (Explorer.exe) from launching rights you’re Clients won’t get Successful Connections…

    Everything is normal if you can understand the concept behind this…
     
  8. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Ok but now with the activated reg,

    If I block Explorer.exe I have no application able to go Online.... If I unblock then my application can now go back online and it remains that Wallbreaker still goes online.
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    LOL I know! that's is why you don't set Explorer.exe with the Deny Flag for Launching rights, only the Connecting rights...

    Are you using "Advanced Mode"?
     
  10. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Sorry for the confusion it's getting late and I'm getting tired ;)
    Yes I am ;)
     
  11. gkweb

    gkweb Guest

    May be have you DNS client service enabled? in this case WB launches explore but instead of launching directly IE, it launches SVCHOST which after launch IE...
    Try to deny SVCHOST.EXE too.

    regards,

    gkweb.
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    He'll need ActivatedSoon Flag Enabled though....
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    In Addition; Whether or not your DNS Service is Enabled/Disabled it doesn’t have anything to-do with it using Explorer or SVCHOST… ;)
     
  14. gkweb

    gkweb Guest

    may be you have to reboot, i don't know, but few persons reported to me that there firewall warned them that SVCHOST.EXE was launching IE ! And the only diffrence between them and me, is the DNS client service disabled.
    When explorer want to resolve the url, it uses svchost instead of doing it itself.

    May be there is another explanation...

    regards,

    gkweb.

    EDIT : someone said me by mail that it's bypassed SSM o_O
    it's never been the purpose...
    Is someone can give me the link of the last version with last DLL and update ?
     
  15. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Even after doing that it still doest change a thing ;)
     
  16. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I've been looking at it all night and logging the process of it.

    It looks like it's not even going after explorer.exe it directly launches Internet Explorer....
     
  17. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Well time to get back to why... this ain't working ;) I'll do more test on my side and see ;)
     
  18. gkweb

    gkweb Guest

    /\ WallBreaker V2.0 available /\
    -----------------------------------------

    Why an other version so soon ?? Because windows is so much leaking ( i said Windows, poor firewall are running on a really buggy support :'() that i found an other trick.

    Now you can test your firewall with 2 differents tests.

    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/images/wb.jpg


    => http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/leaks/WallBreaker.exe

    Phant0m, you will love it ! :D

    regards,

    gkweb.
     
  19. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    In version 1.00 and 2.00 of Wallbreaker I am now able to block Wallbreaker to access Explorer.exe to launch Internet Explorer ( Finally )
     
  20. gkweb

    gkweb Guest

    good ;)

    and the second test ? it pass trought isn't it ? :D
     
  21. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    gkweb,

    The second test fails, but I'm sure there's a way..... how about we give Phant0m`` sometime to figure something out, but has for the first test congrats Phant0m``
     
  22. gkweb

    gkweb Guest

    What LnS said to you ?
     
  23. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    For the second test LnS didn't even flintch...
     
  24. gkweb

    gkweb Guest

    don't worry ! all firewall that i tested (all on the site) didn't say anything, that is very VERY surprising because WB launches directly IE, but with a little trick of course.
    I think it's more a Windows bug (again) but the second should be more easier to prevent.

    I think that for now SSM is the only way to covered firewall leaks.

    regards,

    gkweb.
     
  25. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Sorry I might be ignorant... SSM ?

    Oh and for the second test I think Phant0m`` figured something out will let him explain.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.