GRC Leaktest

Discussion in 'ESET Smart Security' started by Handries, Feb 20, 2008.

Thread Status:
Not open for further replies.
  1. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Just now I downloaded the latest version of Gibson Research Corporation's "Leaktest" from http://www.grc.com/lt/leaktest.htm. This is a free firewall leakage tester.
    Afterwards I used it to test the firewall of ESS 630, but unfortunately it did not pass the test, as it was able to penetrate the firewall :'(. There must be a way to block this test utility, but I was unable to.
    Has anyone else tried this?
    Previously I used ZoneAlarm Pro and this firewall passed this test perfectly.

    GRC also offers another test on it's web site: ShieldsUP! which is the Internet's quickest, most popular, reliable and trusted, free Internet security checkup and information service. And now in its Port Authority Edition, it's also the most powerful and complete. This test can be found on: http://www.grc.com/intro.htm that way you can check any of your Windows File Sharing and Internet port vulnerabilities.
    When I used this test on my common ports ESS 630 passed with flying colour, which was quite reassuring to me.:)
     
    Last edited: Feb 21, 2008
  2. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Fortunately I found the solution myself as I put the firewall in "Interactive Mode" and that way I was able to block this Leaktest, so my faith in ESS has been restored.;)
     
  3. stratoc

    stratoc Guest

    windows firewall (default inbound only) behind a bt homehub past both tests fully. i havnt used a software firewall for 2 years just nod and spyware blaster.
     
  4. stratoc

    stratoc Guest

    'passed both tests'
     
  5. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Handries, in the Shields Up [Common Ports] Test -- did you Pass the Ping Test?

    In that test and the "1st 1056 Service Ports" I FAILED the Ping test but Passed the other components (ESS Automatic).

    Anyone: Is that really an issue as the author states and is Interactive rule(s) the Only way to pass if it is an issue?
     
    Last edited: Feb 22, 2008
  6. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    ESS 642 on automatic mode passed the Shields Up test with all ports on stealth, but when I swiched to interactive mode port 135 is open, however it passed the Leaktest in that mode.
    So how can I prevent it from passing the firewall's outbound protection in automatic mode?
     
    Last edited: Feb 24, 2008
  7. bluesprite

    bluesprite Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    71

    Depending on your network configuration, the ping test might be beyond the abilities of any firewall. If your modem is configured to reply to ping requests instead of forwarding them to your computer (that is done by some ISP's for easier troubleshooting), then there is no way to block the ping requests. It does not pose any security threat in itself, the potential danger comes from the fact that a hacker would know that there is a machine running on that IP address and might make further attempts to infiltrate it. Other than that, there is no need to worry.


    I think the automatic mode allows all outbound connections and is pretty much the same as Windows firewall mode of operation. You can't control outbound connections. As for port 135, check if C:\WINDOWS\system32\locator.exe is allowed inbound connections.
     
    Last edited: Feb 24, 2008
  8. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Thanks very much for this information. To be safe, guess that I'll better leave the firewall in the automatic mode.
    As I mentioned before my previous firewall was ZoneAlarm Pro, and that one could be manually configured to block both inbound and outbound connections.
    Tried to open: C:\WINDOWS\system32\locator.exe and all I got is a blank DOS type screen. My operating system is Windows XP Pro by the way.
     
    Last edited: Feb 25, 2008
  9. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Handries/Bluesprite: Acknowledging that my Firewall expertise is -3 of 10, it appears Handies had Stealth all over his Ports tests as I did but because there is no Outbound block in Automatic, the Ping test failed. At least it occurred to me that we are connected to the darn site at the time of the test, which makes its point seem partly silly - from what I know. Only proves we have no Outbound control, Not that we are Easily Found & Ping'd.

    So, with all our Ports passing Stealth tests then - if I understand Bluesprite- it would take blind luck for a hacker to Ping us Automatic guys. Thanks for this post and help!
     
  10. viruscraft

    viruscraft Registered Member

    Joined:
    Sep 22, 2007
    Posts:
    114
    In a manner,leak test is useless.
    That because a FW passed most leak test means it will generate a lot of dialog boxes which ask user to select the operation(such as allow or block a application) in daily use and that interrupts the user's work a lot.

    For most users "automatic mode" is fine even if it would fail in leak test.
     
  11. bluesprite

    bluesprite Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    71

    ESET firewall can be configured to block in- and outbound connections when in Interactive mode.

    Why have you tried to open the locator.exe? What I meant was to check if your firewall rules include that file, because if it's allowed incoming connections, it's the reason for your port 135 being open.



    Your logic is incorrect there, ping test fails if a computer (or a network card) is allowed incoming ICMP Echo requests, which is related to inbound control not outbound.

    In a manner of speaking, it would take a hacker blind luck, but hackers don't look for computers by pinging random IP addresses manually. It takes a port scanner to ping multiple IP ranges automatically and quite fast at that, and if the ports are stealthed, it makes it look as if the IP either isn't assigned at the moment, or the computer with that IP isn't running (or it is, but a firewall protects it). After the port scan is complete, the IP's that have replied to ping can be targets of further attack attempts. My suggestion as to why he failed the ping test is because I have the type of configuration that I mentioned and I get the same results. My modem replies to the ping since it's the first to get it, before my computer does, and therefore, before ESET has the chance to block it.

    Of course, a hacker has probably very little interest in trying to hack into your computer, as they usually target corporate networks and web servers. Your home PC is more likely to become a target of a worm or a virus attack, which isn't related to the ping issue.
     
  12. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
     
  13. bluesprite

    bluesprite Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    71
    You don't need to, it was just a possible reason for your open port, but if it's not there, no need to mess with it. It's not a problem that you executed the file though. :)
     
  14. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    Thanks for this suggestion, I will follow your advice.:)
     
  15. godzulu

    godzulu Registered Member

    Joined:
    Oct 24, 2004
    Posts:
    3
    Does anyone know how to stealth my ports? XP Pro SP2 - clean install - all ports show up as closed on shields up test
     
  16. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hello,
    Be sure you are well sit down before going here...
    o_O
    Well ! I'm a NOD32 antivirus user and I am very satisfied by EAV. But, at this moment I think that ESS needs to be enhanced... This is the first security suite from Eset, so we have to let product to be more mature... Note that I never said that your PC was not secured if you installed ESS ! I suppose default configuration is for unexperienced users and safe configuration to optimize 3rd party software compatibility, without annoying people with tones of alert popers... Experienced users will prefer independant and more advanced configurable firewall (OA, Outpost, Zap etc...).

    For people who go to most popular and safest internet sites and behind a switch, you will never have any problem... ESS is great :thumb:

    But if you decide to enter dark undergrounds hackers and crackers web sites (as well as IRC channels) you should take a shoot (disk image) of your PC... Your life timer should not exceed 15 minutes ;-)
     
  17. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    I'm completely OK with that !
     
  18. Steel

    Steel Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    219
    Great, but all others, non englisch speaking, have to use the Issues Version.
     
Thread Status:
Not open for further replies.