PC fails firewall tests

Discussion in 'other firewalls' started by Albinoni, Dec 5, 2005.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    I did a FW test on my Dad's PC using GRC's Shields Up and also Sygates test and it failed them both quite badly or should I say almost every test.

    My Fathers PC is running Win XP Pro SP2 with the XP FW which has been enabled. Now the other thing is he's also using a D-Link DSL-504G ADSL Modem/Router and even with that it still failed.

    Both the tests were able to ping his ports, as the ports were left open.

    Help would be greatly appreciated.
     
  2. Arup

    Arup Guest

    Whats is most likely happening is that your NAT(router's) address and not your actual address is being scanned and you have block WAN ping disabled in your router, thereby getting ping reply. Go to your router's admin and enable block WAN ping, then do a GRC scan and see what happens, if you are all green, then I suggest you turn off XP SP2 firewall, no need for double filtering.
     
  3. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
    Arup is right, GRC and Sygate's test may be scanning your router, not XP FW.

    Even if you are all green, please do not turn off XP FW.
    A combination of a hardware and software firewall is recommended.
     
  4. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Ok so your referring to the hardware Dlink here not the software FW

    So for this to happen is that good or bad news and does this mean the PC is not protected good enough.
     
  5. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
    Yes.
    Your D-Link router is being scanned, not your computer or software firewall.
     
  6. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    All green meaning all stealthed ?

    Also if I use a hardware FW is there really need for a software one. I always thought that hardware FW's dont block trojans, whereas software ones do.
     
  7. tlu

    tlu Guest

    I agree with that view. There have been cases in the past where router bioses were buggy. That's why you should check on a regular basis if a new version is available.
     
  8. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
  9. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Just a questions here. Lets say assume the Dlink router is the culprit here, than why didnt XP firewall stop the probing as well which resulted to the failure of the leak tests.
     
  10. Arup

    Arup Guest

    The point is that your router's IP was scanned in this case, not your real IP, do this before a scan, type IPCONFIG/ALL and see whats your real IP vis a vis the IP shown at GRC, for outbound protection you can add ZA free and turn the net security down to minimal. What you need to do is go to your router's admin and change the block WAN ping to enable instead of disable which most routers are usually shipped with, also change your router's default admin password from admin:admin to something else as then it would secure your router from getting hacked.
     
  11. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Does anybody here know how to enable block WAN ping on a D-Link DSL-504G
     
  12. Arup

    Arup Guest

  13. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Ok I'm not sure if this sounds correct, but this is what I did:

    1. Went into the DSL-504G config menu
    2. Choose Advanced Tab, then Firewall

    Now in there I have this:

    Protection Policy
    Firewall attack can be configured based on you specific need.

    The Attack Protection and DOS Protection are both Disabled. Should they be Enabled ?

    Below that I've got this:

    Service Filtering
    The following services can be configured based on your specific need

    Here I've got three boxes to tick:

    1. Ping from External Network
    2. Telnet from External Network
    3. FTP from External Network

    In these three boxes the only ones ticked are 2 and 3. 1 is not ticked.

    Now as a trial I did enable both attack and DOS protection plus ticked Ping from External Network and again the GRC Shields Up FW test failed.
     
Loading...
Thread Status:
Not open for further replies.