new leaktest : WallBreaker

Discussion in 'other firewalls' started by gkweb, Jun 17, 2003.

Thread Status:
Not open for further replies.
  1. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    True,
    but I still need to find a way to protect against that and or being able to stop malicious codes that could do that type of thing ;)
     
  2. gkweb

    gkweb Guest

    I confirm that phant0m said, on my comp, with explorer.exe blocked it prevent the leaktest to do his job and to see if the firewall will see and catch it or not.

    it's weird that WB still go trought even with explorer.exe blocked :eek:

    do you connect trought a proxy ?

    regards,

    gkweb.
     
  3. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Doing what Phant0m``suggested in removing all the explorer.exe blocked in my list, when I launch Wallbreaker.exe LnS doesn't even pop up telling me that Explorer.exe is attempting to connect to the internet, wich I find weird in it's self.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Hey FluxGFX

    I’m clueless for the moment, if you exited out of all 3rd party processes except for Look ‘n’ Stop and then executed that Wallbreaker on Windows XP Pro with Service Pack 1 installed and all the SP2 hotfixes with Look ‘n’ Stop v2.04p2 using most recent Application Filtering driver (LNSFW1.SYS), and Explorer.exe being set with the Deny Flag for Connecting rights….
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Hey FluxGFX

    Can you confirm that Application Filtering Layer is fully functional?
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I have LnS v2.04p2 but was thinking that it might be LNSFW1.SYS that's not right ?
     
  7. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Sure here's a test where Media Player is trying to access the web.
     

    Attached Files:

  8. gkweb

    gkweb Guest

  9. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Done will reboot BRB
     
  10. Douglas

    Douglas Guest

    Exactly the same here, running Win98SE.
    LooknStop blocked it.

    Regards,
    Douglas

    edit: I apologize. I only read the 1st page, not realizing there were 2 more pages, with this blocking issue addressed.
     
  11. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    After installing the new driver, rebooting and cleaning internet cache and all that.

    Tried wallbreaker with no results ;(
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Hey FluxGFX

    Go-to http://etree.org/md5com.html and Download MD5sum.exe: http://etree.org/cgi-bin/counter.cgi/software/md5sum.exe into C:\ drive and access Command Prompt and type; CD ..
    Then type; md5sum.exe %SYSTEMROOT%\SYSTEM32\drivers\LNSFW1.sys

    Assuming you renamed current Application Filtering Driver from LNSFW1.sys to _?_ make modifications the filename and Enter it then paste the results…
     
  13. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    C:\WINDOWS\system32\drivers>md5sum lnsfw1.sys
    eb936729238004c016a4c77fc316907e *lnsfw1.sys

    C:\WINDOWS\system32\drivers>
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Hey FluxGFX

    Yea you have the most recent Application Filtering Driver release...
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Once again you using Windows XP Pro with Service Pack 1 Installed, you using Look ‘n’ Stop v2.04p2 with most recent Application Filtering driver and Windows Explorer (Explorer.exe) are configured with the Deny Flag for Connecting rights. Everything for 3rd party Processes except for Look ‘n’ Stop has been Terminated, no running instances of Internet Explorer and you execute the Wallbreaker and Look ‘n’ Stop still doesn’t give you protection capabilities?

    So when you execute Wallbreaker Internet Explorer becomes Executed and you get a page loading of http://perso.wanadoo.fr/*

    :/
     
  16. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    You got that right
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    LOL then I don’t have the foggiest idea what’s wrong…
    Have you tried cleaning the Application Filtering List totally and then quickly executing Wallbreaker? o_O
     
  18. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    LOL yes and now it says Internet Explorer.exe is attempting to connect to the internet if I say yes then I get the page on wanadoo.fr saying that wallbreaker got true ( apparently it doesnt see explorer.exe )
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    You using WindowBlinds?
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    ahhhhhh yea now i believe whats going on...
     
  21. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    No I don't use windows blind
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    You haven’t enabled the ActivatedSoon Flag yet have you?

    Apply http://www.Phant0m-looknstop.com/phant0m/ActivatedSoonEnable.reg then re-boot.

    To undo ActivatedSoon Flag, apply http://www.phant0m-looknstop.com/phant0m/ActivatedSoonDisable.reg
     
  23. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Explain me how I did not enable this ? cause I don't remember something like that or is it done by default....
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    Hey FluxGFX

    ActivatedSoon Flag is a hidden Feature in Look ‘n’ Stop, only way to Enable it is if you done it manually… ;)
     
  25. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Ok but now it does ask about explorer.exe but if I block it Internet Explorer can't access the net now ;) LOL
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.