Not totally stealthed??

The test at grc came up as stealth but did recieve a ping reply

Im just trying look'n'stop out right now.which i dont think it is any better than sygate pro,but an interesting program.

 

GRC Port Authority Report created on UTC: 2003-05-21 at 23:59:27
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

 

Hey Q-ball

Heh when you explore things you should allow yourself some time to learn of it’s capabilities before making drastic assumptions on something.

You using EnhancedRulesSet.rls correct?
Try Disabling it’s Default ICMP rule which named “ICMP : Ping other (Rsp)”, then do a re-scan.

 

Yes it does seem to be a configuration problem... just ran the same test as you... using v2.04p2 with Enhanced Rules and TCP SPI on...

GRC Port Authority Report created on UTC: 2003-05-22 at 01:30:50

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

 

Hi guys,

well, there are some other rules as well, which you should activate. Did you activate those rules as well?

http://www.wilderssecurity.com/showthread.php?t=8696

Best regards,

Patrice

 

Your right--maybe i jumped the gun a little---i will test some more

 

GRC Port Authority Report created on UTC: 2003-05-25 at 01:14:48
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.


I dont know what to do ??---Ive blocked all icmp and i still get a ping reply

Now outpost v2 did the same thing--i choose to use it in stealth mode and did the grc test--it too had a ping reply

Blackice did the same thing also---all stealth but had ping reply

The only firewall so far that tested to be all stealth with no ping reply was sygate pro.

Ive got several computers with different firewalls on them ------

I really like lns ,but if i cant figure out how to stop it from sending a ping reply,then there will be no need for me to purchase it.


"Im up for more suggestions guys" thx

 

Hey

Disable "all" the ICMP rules found in the rule-set and retry...

 

btw some Details would be nice, What Windows Version you using? What version of Look 'n' Stop you using? Are you behind a Router? Is the Machine Connecting to the Internet through another Computer?

 

Hello ph

I did disable all ICMP rules and it still came up

GRC Port Authority Report created on UTC: 2003-05-25 at 01:50:26
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Im using xp pro
Im using the latest lns 204p2
No im not behind a router while testing
No--im not connecting ti internet through another computer.

Im not really use to rule based firewalls yet--sygate spoiled me. Everything with lns is laid out pretty simple,so i dont think ive did anything wrong.

By the way ph ive been to your web site and think it to be pretty cool--keep up the good work.

 

Hey Q-ball

This is quite abnormal; apparently this appears to be a problem.
And whatever it is clearly indicating not only for Look ‘n’ Stop; give me a bit of time and I’ll see what I can find out…

 

Q-ball

Did you say you made a rule to block ALL Inbounds/Outbounds of ICMP’s ?

 

No i didnt.

I just used the rule to stop forbidden packets of ICMP that came with stock LNS

I will admit --this is a learning curve for me----ive built my own computers for years now,but some of the rules i see on your site are beyond me how to activate them right now.

I quess ill slowly get the hang of it.

 

Hey Q-ball

There is a mistake in the Phant0m``s Rule-set $v1.0, scroll through the rule-set and find “UDP : Block Broadcast” rule and set it with a BLOCK Flag. Don’t forget to save Changes…

DO NOT Enable ANY RULES, Disabled RULES EXISTS ONLY FOR THOSE WHO HAS NEED FOR THEM, THEY WILL NOT ENHANCE YOUR PROTECTION ANY FURTHER.

Did you follow the page steps and properly configure your DNS rules and BOOTP / DHCP rules?

Are you on Dialup or?

And have you tried running the grc test to see if your problem still exists?

 

Hey Phant0m``

Im on adsl.

Did you follow the page steps and properly configure your DNS rules and BOOTP / DHCP rules?

No i have not yet.Just got out of a medal of honor game.I saw that on your site ,ill configure that later today and let you know


Thx for your help.


The more i mess with LNS ,the more i like it.

I also have tiny 4.5 on one of my computers --talk about a learning curve--the sandbox is awesome, but it does take some time to learn.

 

Hey Phant0m``

I did configure my DNS rules and BOOT/DHCP rules from your web site.Im also using your 52 ruleset zipfile from your web site.

I quess it is all configured right---it seems to be---but i just ran the grc test and it failed the ping rely again.

At this point i can just laugh at it, because i just dont know what else to do.

 

Hey Q-ball

Alright now I’m absolutely sure there is a Leak anomaly here occurring specifically on your Machine, are you sure when running Sygate Personal Firewall you get Stealth PING results?

You had mentioned that only Sygate Personal Firewall was capable of stealthing the PING test....

 

Do you have more then one Software Firewall installed on that Machine?

 

Hey Phant0m``

I only run 1 firewall at a time.Now i also system safty monitor too.

But thats about it.

Yes ,when i ran sygate pro i was totally stealth with no ping reply.

Ive put alot of work into learning LNS and configuring it.Much more than i put into most firewalls.

 

Hey Q-ball

I’ve sent Frederic and E-mail notifying him of this abnormal anomaly, hope to see him sometime this morning….

Regards,
Phant0m``

 

When you used Sygate Personal Firewall and you was Stealthed, was this before or after the grc Scanner updates?

 

https://nanoprobe.grc.com/x/ne.dll?bh0bkyd2


I went to the new 1 there.I didnt really care for the old 1.

Tell me ph--in your rule set--what is ETH-1?

The ping reply seems to be the only prob i can see right now.LNS passes everything i through at it but the ping relpy.

Is there another site i can go to and test to see if i get a ping reply


Also like i said before --outpost v-2 and blackice 3.6 also had a ping reply..-i didnt really play around with outpost that much so dont take it the wrong way.

I know of pcflank and blackcode--but there scans do not tell me about the ping reply.


regards

 

Hey Q-ball

Yes the Look ‘n’ Stop Firewall normally passes totally for all except you so it seems.

ETH-1 is a rule to Allow Ethernet packets between my Local Computers; I don’t recommend using that rule, unless you absolutely “know” it’s necessary.

If you go-to my website and into FAQs / Miscellaneous / Online Port Scans, you should find some sites

 

Your probe of 0.0.0.0/24 yielded the following results:

Network: 0.0.0.0, Netmask: 255.255.255.0, Broadcast: 0.0.0.255, Responded: Yes (broadcast=0, network=1), Duplicates: 0

CONCLUSION: The network responded, but returned no dups. OK network.


id: 1000030
created: 1998-05-07 01:34:24 CET
updated: 1998-05-07 01:34:24 CET
network: 0.0.0.0/24
net-descr: not-analyzed
last-probed: 2003-05-26 08:32:40 CET
responding: Yes
duplicates: 0 (highest seen, resets to 0 when 0 seen)
fixed: never
home-as: not-analyzed
as-descr: not-analyzed

http://www.powertech.no/smurf/

Thats the results from this site.

 

Yep 1stly you didn't put an IP Address into the Field...