new website : www.firewallleaktester.fr.st

Discussion in 'other firewalls' started by gkweb, Jun 7, 2003.

Thread Status:
Not open for further replies.
  1. _anvil

    _anvil Guest

    That can only happen, if you use the default settings, because the default "allow DNS rule" applies to 'any application' (including Yalta...)

    This glitch in Kerios default config has recently been reported as a security hole on major bug sites... although Kerio (as well as its default rules) is years old... o_O :D
     
  2. gkweb

    gkweb Guest

    oh i see...

    just to see it myself i will do the test :D

    And about look'n'stop, what is your point of view regarding default settings? should update be seen as not default settings ?

    regards,

    gkweb.
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Gkweb

    Is your site not based on accuracy much as possible? I don’t see how Component Updating corresponds with Settings levels… Maybe you should make another chart in Reference to “Default Components” “Updated Components”, and I’m not only in Reference to Look ‘n’ Stop but all the Software Firewalls…
     
  4. gkweb

    gkweb Guest

    lol, you are right phantom :)

    i will change in a few minute this little mistake ;)

    regards,

    gkweb.
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
  6. gkweb

    gkweb Guest

    I have another pb (help me Phant0m!!) i do receive so many different results about the same leaktest, i will become mad :eek:

    I think i will add a third icon on the results page which will mean "too much different results for now, pls wait" ! in addition of the "?" which is not an icon and which means "no result yet".

    What do you think about it ?

    regards,

    gkweb.

    P.S : @Jack, someone said me 10/10 for Outpost : AWFT, so : 5/10? 9/10? 10/10 o_O
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Hey gkweb

    The problem is that people are testing it under different circumstances; I wouldn’t go with that idea of yours it may be quite confusing. Best thing would be to get the results by yourself then you know what’s what, and if you don’t think you are suitable then find ones who are…

    For Look ‘n’ Stop test results currently seems legit, however as for the other Software Firewalls I’m not sure…
     
  8. gkweb

    gkweb Guest

    For i can do all test myself i lack of two things :

    first : need default web browser (can't define it on my comp by normal way... which prevent FireHole to launch)

    second : buy AWFT

    I will thinking about the second, but about the first no one never could help me (all standard way doesn't work).

    This two things solved, i will be able to do all test myself...

    regards,

    gkweb.
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    For some unknown reason i can run AWFT all day long and the Number of executions left is always 10, an i'm not registered user either...
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Phant0m,

    I think the idea behind "default settings" is just to test the firewall, as is, just after the user has installed it, just after having downloaded it from the official current location.
    I think it's a good idea, because many users will use the Firewalls this way. I agree with gkweb that the current patch for Look 'n' Stop is not included in the standard version and even not available directly from our site, so not very easy to know and to install for most of the users.

    So, no problem for me to wait for the version 2.05 of Look 'n' Stop to have a better score for the "default setting" case.

    Perhaps the wording "default settings" needs to be changed in something like "out of the box".

    Regards,

    Frederic.
     
  11. gkweb

    gkweb Guest

    this time, i'm agree with Frederics... i'm feeling like a ball on ping-pong table :D

    Indeed, the term "out of the boxe" is better than "default settings" and this is that i really wanted to say with hard to explain it.

    All firewall will have the same criteria, so it's not so bad for those who disagree, and is better i think regarding results, it's more realistic.

    Thanks for your opinion Frederics.

    I think to apply definitly this idea, with "out of the box" instead of "default settings". In addition, it is easier to test out of the box firewall than firewall unchanged settings but + update.

    right ?

    regards,

    gkweb.
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Hey Frederic

    Yea I know the idea behind it; just it wasn’t designed fully upon Informational Accuracy, as I explained why so…

    Whatever you label it, anything is better then “Default Settings”…

    Regards,
     
  13. gkweb

    gkweb Guest

    Please... I need more results from Win 9x/Millenium...

    if we can help me, thanks.

    regards,

    gkweb.

    P.S : i tested ZA 4 and it has same results than 3.5
     
  14. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi gkweb. There is something here that is starting to bother me.
    When professional testing of products is done, all products are tested on the same machine setup by people qualified to use the products being tested and all testing is done under the same conditions.
    You seem to be gathering information from people from all over the web and these people are going to be biased towards their product of choice.
    I think it is very important for you to stress on your site the fact that this is not an evaluation of products based on acceptable, standard testing methods. The results individuals get is going to be determined by many factors on their own machines and they should know this.
    It would not be fair to any product for someone to go to your site, look at the results and see results that state xyz program fails 4 out of 9 leak tests.
    What you are doing is fine and may provide some useful information to people visiting your site, but they need to know under what conditions your test results have been obtained.
    I hope you understand my concern here and do not take this as criticising your work, but as a suggestion to give people adequate information with which they can make informed decisions.
     
  15. gkweb

    gkweb Guest

    I'm not sure to fully understand that you want to say, but if it is that you are afraid that i read results on my mail box and then i put it on the site without testing it myself or by trusted friends, i don't work like this, it's wrong. I do myself test under same comp, same condition, one firewall installed each time alone, out of the bow results are easy, highest settings takes me more time.

    If it's about how to do leaktest, it's fully explain on the results page.

    In addition, i don't think that "Win 2000/XP" + "highest settings" + "text at bottom about how to do leaktest" could have a lot different factors, this is why results are split, this is why there is an "out of the box" results.

    At the end, i can't point out what is wrong, i takes many hours to find right results, and you say me that they are wrong, not reliable, badly tested or anything else whereas from start, the website was built regarding strong and good results.
    If you are complaining because teh website can't really define the best firewall because it's only take care of outbound filtering, you are right and this is what i say on the welcome page...
    In addition people can test itself his firewall with leaktests downloadable and can discuss about there results on the forum!

    You don't like some results? you thinks they are wrong? ok, send me an email with you OS, firewall settings, all that can lead me to do it myself too (i only works like this by mail) and if it's indeed wrong i will correct it.

    If finally i'm wrong and it's because you think that i can't do professional work, no need to add more.

    gkweb.

    P.S : i edited my post to remove the most flamming part...
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Hey gkweb

    Easy bro, root was only sharing his opinion that Software Firewall Outbound Leak-testing should be done on one specific Machine and/or by those who are qualified to-do these tests then relying on majority of people’s results sent to you via Board & E-mails…

    Regards,
     
  17. gkweb

    gkweb Guest

    So, i supposed not to be qualified for ?

    All required "professional" parameters are together, so again, i can't see what is wrong.
    (the specific machine is mine...)

    And sorry but, it would be a joke if a firewall can only be good on a specific machine and failed on all standard machine lol, it would have Score of 0.

    There is a contradiction also, "whose who are" (supposed) "qualified for" are firewall vendors right ? and do you really think that results from firewall vendors are reliable ? if it would be true, all firewall would pass all leaktest.

    => there is NO tests that i didn't do myself, is it better speaked like that ?
    (i bought AWFT...)

    regards,

    gkweb.
     
  18. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    Take it easy :cool: Nobody is criticizing you work or ability and your site is usefull.

    As you see how AV/AT tests are discussed (and the serious one do have a strong protocol) it would be nice to give the basic data about your config, provider, connection, etc...

    Just take in consideration there are a lot of config : for instance some use pagers , servers, etc... ; some providers needs a kind of keep alive,(some give already a stealth result by filtering on their servers or filter some ports (In and/or Out) like 139, 80, 25, etc... ),
    some users run DHCP, etc...

    It would be wise to perform all the tests by yourself, on all the OSs on your own PC. Other users might have different results with the same settings with another provider for instance.

    I remember, one or two years ago a discussion ( maybe with Phantom ?) about a leaktest on a FW : He passes with flying colours and I failed with the same settings : in fact after consulting his ISP it was filtered by the provider.

    Rgds,
     
  19. gkweb

    gkweb Guest

    ok well, i understand, i will write my spec on the site, meanwhile :

    Windows XP PRO + SP1 + all last update
    Network Card 3Com 3C905C-TX (100Mbps LAN)
    Internet Explorer 6
    |
    Gateway Linux
    ADSL 512/128 Wanadoo (france)
    Alcatel Speedtouch USB Modem
    |
    Internet

    regards,

    gkweb.
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    You must be in Reference to the discussions on Becky’s Look ‘n’ Stop Forum the other year… People was encountering anomaly where they would Leak using my rule-set when being Scanned or Flooded using TCP Flag packets, of course I stated that my rule-set is using specific method used to provide Maximum Security level that the Software Firewall could offer. So Frederic and I spent time over E-mail and ICQ working out a solution within 4days period he released another Look ‘n’ Stop version which supported TCP Flag Controls that I could work with in my rule-set.

    Throughout the period I mentioned Invalid TCP Flag combinations would be filtered by my ISP which would stealth me against these, other users leaked when doing such tests. Whether I used Extra rules like “TCP: NULL, FIN, XMAS..” didn’t make any difference…

    Btw; I never needed to consult my ISP about anything, they don’t know the difference between TCP and UDP Protocols… ;)


     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Adding System Informatics may throw people off, possibly give the wrong idea that there needs to be special conditions order for Application Filtering Layer to function properly... And I don’t believe gkweb favours special conditions in order for Application Filtering Layer to function properly…

    Whether you use

    AMD
    128MB of RAM
    Internet Explorer

    OR

    Pentium
    320MB of Ram
    Opera

    And specific Services Enabled or not and what’s currently running in the Background, Software Firewalls Application Filtering Layer should be fully securing.

    I don’t see anything wrong with what gkweb is already doing, he asks for public results and then he verifies it himself on his local Machine. Preferably his Machine with no major modifications from the Default Win state, like no Service tweaking…

    Thanks to gkweb I’ve been reading “special” conditions where Software Firewall’s Application Filtering Layer may not be passing the tests, and if I have anything to-do with this I would like to keep this on the roll…

    Now I verified the results for Look ‘n’ Stop v2.04p2 are legit under Windows 2K/XP, however gkweb awhile back under certain condition Look ‘n’ Stop would fail TooLeaky when Opera browser is configured as your Default browser…

    I’m not sure whether or not Look ‘n’ Stop’s Application Filtering Layer is still defective in this area, could you test under Win9x[me=Phant0m``]& Win2k/XP using Opera as your Default browser whether or not this still applies? ;)[/me]
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    LOL we might need another chart for “certain conditions” where Application Filtering Layer fails… :D
     
  23. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi gkweb,

    Just for my information :
    You are running a Linux machine as gateway.
    Why don't you use iptable and/or Freesco ?

    Rgds,
     
  24. gkweb

    gkweb Guest

    @Jack
    i do use it... but it can't provide me software filtering.

    I have on it firewall (iptables), IDS (snort), proxy (squid), a good statistical tool (ntop), but all of that can't prevent trojan/spyware which phoning home from my own computer, i need local outbound filtering.

    @Phant0m

    phant0m said:
    This is what i said when i said this :

    gkweb said:
    but it seems that few people wanted to know my specs, so at least it is written here ;)
    maybe someone was afraid that i do my test on Win 95 with Winsock v1.0 :D

    and about Opera, if me i write a new program which when it is started makes failed few firewall on few leaktests, is the cause is my program or firewall? what must be improved/fixed, my code or firewall?? good thinking, don't forgot to sleep ;)

    phant0m said:
    you forget chart by provider, by modem brand ^^


    regards,

    gkweb.
     
  25. GA

    GA Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    35
    I suggest you learn how to use Tiny 4.5 before you post test results. I use it along with Kerio and none of those exploits were successful. If you cinfigure tinys' sandbox properly they won't be able to run.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.