how to test one's firewall?

Are there any sites or utilities out there like the grc shields-up that will test one's fireall setup to see if there any vulnerabilities?
I just wonder if there any point replacing my ZAPro v5.5 is it is otherwise secure?

 

OMG OMG ZAPro v5.5 is way out dated. ZAPro is version 7.0.462.000 now a days. No reason to spend money though when there are 2 top free choices. Online Armor and Comodo. Online Armor is free but limited. Comodo Firewall is a full featured firewall with HIPS. You can see firewall results here.

http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

You can read a Comodo review here.

http://www.pcmag.com/article2/0,2817,2240712,00.asp

And as far as firetesting sites just Google " firewall testing"

 

A few suggestions HERE.

 

Thanks I am aware of that. Also that every version since 5.5 has been causing some agnst amongst users.
My point simply is that I would be interested to test how well this version of the firewall did it's job of protecting my computer and it would be nice to review that objectively.

Otherwise CFP is pencilled in as the replacement.

Nod32 is in Version 3.0.x but I note a higher user base persist in using ver2.7 [ditto CFP 2.4]

 

I gave you a link to show you how ZAP tested. ZAP cost money. Comodo is free.

 

Make a workable HD image or clone your OS to another drive for BU, then go surf the porn sites for a couple of hours. That's real-time testing.

 

Been there done that. I have never gotten any viruses or spyware from surfing porn. Honestly.

 

Hello,

If you have a router and a spare PC, you could use Zenmap to send packets from one PC to the other and check your setup for yourself . Zenmap is a frontend GUI for nmap and it is very easy to use. As for the online tests, I can't help you much there as I don't use them. GRC sends TCP packets with SYN flags to your ports to check for "stealth", and that is all it can do. With nmap you can do much more.

Why would you give a link to leaktest results in a thread that discusses packet filtering (OP did mention GRC tests)? Matousec doesn't test firewalls (packet filters), he actually tests for HIPS efficiency in a combo/suite HIPS/firewall application...

 

If you read Matousec you will see there are several firewalls tested with no HIPS.

 

With leak tests? If so than it's not a fair comparison...

 

A firewall is a packet filtering... what you see now are firewalls combined with proactive protection (HIPS, D+, etc...) against executables aiming at 'tampering' or 'avoiding' their functions.

To test a firewall (and its packet filtering ability) you use certain tools. To test firewall with HIPS you use other tools....

Cheers,
Fax

 

Well Comodo 2.4 did not have HIPS and scored very well. Explain that.

 

Unless you read the fine print.

 

Why "did"? Comodo 2.4 is very much alive and many still use it.

Comodo 2 has just enough HIPS-like features to pass those leak-tests. But true, it does not have a HIPS in a true sense. But let us not take this off topic.

 

You can always test firewalls with System Shutdown Simulator (http://zeroday-software.110mb.com)

Now creating leaktests for sandboxes... hmmm

 

Thanks for this link. I dont feel that good about Comodo now since it failed the HIPS part of the test. I tried Online Armor and it passes.