Leak Test

Discussion in 'ESET Smart Security v3 Beta Forum' started by Max Payne, Jul 1, 2007.

Thread Status:
Not open for further replies.
  1. Max Payne

    Max Payne Registered Member

    Joined:
    Jun 28, 2007
    Posts:
    11
    I recently tested the ESS firewall at GRC. It passed the leak test but on the shields up test it was indicated as not being stealthed due to the following:

    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    I have previously tested Zone alarm and have had the same result. Can anyone explain to me whey this has occurred and how I can change the ESS firewall so that it is truly stealthed. Much appreciated.

    So far no probs with this program and I will obtain a copy when it is released. Great work.
     
  2. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    I'd try to make a rule for ICMP protocol which blocks incoming ping requests.
     
  3. Max Payne

    Max Payne Registered Member

    Joined:
    Jun 28, 2007
    Posts:
    11
    Mayth,

    Please excuse my ignorance but how do I "make a rule for ICMP protocol which blocks incoming ping requests"?.

    Could you explaint step by step with ESS, thanks.
     
  4. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    Setup>Personal firewall>Configure rules and zones>New

    Direction: In
    Action: Deny
    Protocol: ICMP

    You can then enable logging so if there is any blocked ping request you'll see it in the firewall log. Optionally, you can allow notifications when "being pinged".

    The computer from which you perform ping attempts shouldn't be in trusted zone.
     
  5. osip

    osip Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    610
    Okey,but if you then have this general ICPM rule applied,is it OK to specifically permit cfos speed´s spd.exe which uses ping through that protocol and allow both directions?
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Are you behind a hardware router or modem with built-in firewall?
     
  7. Max Payne

    Max Payne Registered Member

    Joined:
    Jun 28, 2007
    Posts:
    11
    Lucas1985, yes I am behind a router hard firewall and use an IConnect Access621 router.


    Mayth, tried that rule and created it as a rule. I have re-tested it at 'Shields Up' and had the same response that they were able to ping me. Anything else that I may have missed?. Do I have to modify any other settings in the zone or rules to correct his?.

    Thanks again
     
  8. Najmi

    Najmi Registered Member

    Joined:
    Mar 24, 2007
    Posts:
    36
    hi max its not your machine that replies to the ping request. its your router that does this. you need toi check if there is any rule to block icmp packets in your router. most common day routers have this option.
     
  9. Chappy

    Chappy Registered Member

    Joined:
    May 1, 2007
    Posts:
    69
    I agree, I don't think it's ESS that's responding to this ping request either. I have tested numerous times at GRC.com on default settings and always get a Full Stealth rating. Even tho the GRC test is not a very comprehensive firewall test, it does tell you if common ports respond to pings.
    I would bet that this is from your router too.
     
  10. Max Payne

    Max Payne Registered Member

    Joined:
    Jun 28, 2007
    Posts:
    11
    Thanks for all the replies. I am sure that you are right and that it is my router replying to the ping tests. I assume that is fine and that the actual ESS firewall is still blocking properly.

    Great forum.
     
Thread Status:
Not open for further replies.