lns fails leak tests

hallo, everyone
i'm using enhancedrulesset. lns passes all stelth tests. so fine.
lns should pass all 5 leak tests from pc flank.
I tried these tests:
leaktest - passed
firehole - failed
tooleaky - failed
outbound - not testet
yalta - passed
i didn't make any changes in the rules set. Why does lns fail the tests?
my system is w2k sp3. no other firewall is installed.

 

Hi,

The ruleset is for Internet Filtering (stealth/scan tests).
The leaktest applications only involve the Application filtering.

What is the Internet browser you are using ?

It is known that with some browsers, if an instance is already started, Look 'n' Stop may fails the Firehole test.

However the Tooleaky test is supposed to work in any case.

What are the application you have allowed ? Could you join a screencopy of your Application Filtering page (in advanced mode to see the status of applications starting other ones).

Thanks,

Frederic.

 

Hi, Frederic,
My Internet Browser is Mozilla 1.3a.
The application, i allowed: mozilla of course, IE 6.0 sp1, Trillian 1.0b, The Proxomitron, PTBSync, services.exe, LNS, Setiathome, Setidriver, Setispy.
However the Tooleaky test failed.

And sorry, can't join a screencopy. I have one, but don't see an attach button at the bottom to send the attachment.

thanks,
kerberus

 

Hi kerberus,

You can post attachments only as a registered member.

Regards,

Pieter

 

Hi, Frederic,
now i'm regeistered und can send the screencopy of my application filtering
page.
Hers you are.

 

Ok, thanks.

Everything seems correct (even if I have some diffulties to see the application names).
Perhaps there is something special with Mozilla, that prevents Look 'n' Stop from detecting Tooleaky.
I will try it as soon as I have some time.

Frederic.

 

Hi, Frederic,
i will try to get a better screencopy.

 

Ok, thanks it's better

Did you add manually Tooleaky to the list ?

Otherwise I suppose Look 'n' Stop finally detected it ?

If you suppress the line with Tooleaky and you start again Tooleaky, what happens exactly ?

Thanks,

Frederic.

 

No, i did not add manually tooleaky to the list.
LNS has detected tooleaky.
LNS asked me to permit or to deny tooleaky. I decided to deny and not to be asked again. Then a window from toolekay appeared with a report, that the message was send and the firewall was passed and that it means, that the firewall has failed and so on.

I want to remain, that firehole failed too. There was no recognition from LNS. Just a window from firehole, that the message was send.

Thanks Kerberus

 

By the way, i did the tests several times, always with the same results.
And each time i droped the line with tooleaky.

I wanted to try the outbound test too, but i didn't find the 2 needed files from the mentioned homepage. I only find the packet.dll,
but seemed to be, that outbound missed the second file, i can't find. What a pitty

 

Hi,

I think there is a cache issue there.

I reproduced the same problem after having allowed one time Tooleaky to connect (just to verify the test was Ok). After that any other attempts are stated successful (for Tooleaky) even if Look 'n' Stop is configured to block Tooleaky. And even if I'm disconnected from internet, and even if I reboot the computer.

My understanding is that IE (Tooleaky uses IE, even if you installed another browser) will retrieve the page info in the "Temporary Internet Files" folder.
For your information Tooleaky use the following URL:
http://grc.com/lt/leaktest.htm?PersonalInfoGoesHere
if being not connected to Internet IE still succeeds to get the title of the page for this URL (by looking in the cache), then the Tooleaky test is not reliable at all.
Because this is what will happen after Look 'n' Stop block Tooleaky+IE, IE will look to the cache to retrieve the info.

So I have to clear the Temporary Internet Files to have back Tooleaky failing the test with Look 'n' Stop.

Note that since you are using Mozilla as the default browser, and assuming Mozilla doesn't use the same cache as IE, there is no chance to have the IE cache purged, and so the GRC page will be permanent in the cache (this is not the case for users having IE as a default browser).

For Firehole, yes I already mentionned that Look 'n' Stop may fail the test if there is already an instance of a browser running.

For Outbound, my understanding is that the test is only for Win9x/Me.

Regards,

Frederic

 

@Frederic

Thanks for your explanations.

Regards
Kerberus