The Firewall MYSTERY….

Discussion in 'other firewalls' started by sweater, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I could not get it… and was very confused and puzzled. Tried out Look N’Stop, Kerio 4.1.3 & 4.2 and now Filseclab Firewall but still got same results!!! When I first installed them then re-booted, I scan for stealth tests - Shields Up grc.com and sygate.com I passed on all of the stealth tests and was very happy w the results, but when I restarts my pc and tried the stealth tests again… the results are failed, it didn’t passed on all of the steath tests this 2nd time. Then I tried changing some settings and scans again…but still didn’t pass it is not stealth. :doubt:

    I restarted my pc and didn’t touch anything in it and ‘m pretty that the settings was just the same when it passed on stealth tests scans, but why it always fails on stealth tests after the 2nd or 3rd re-boot? o_O

    I swear there’s only one Firewall running and my Windows Security Center (XP Pro SP2) always indicates what firewall was installed or running. And every time I uninstalls a firewall (or any programs) after the re-boot I always clean the registry w RegScrubXP and JV16 PowerTools registry cleaner and also optimized the registry w NTREGOPT before installing another firewall or any programs. :oops:

    Now, I’m trying out Filseclab and installed also the patch, I changed rule no. 12 Protocol into UDP and hit apply (as Tom Liu said), using General Mode and Medium security level it passed on grc and sygate stealth tests (the system tray icon flashes in red during this 1st scan). But after I restarted (2nd & 3rd re-boot) my pc and scans again… the results shows it failed and this time during the scan the system tray icon aren’t flashing or turned into red, it remained blue. :p

    It happened not only in Filseclab but on all firewalls that I’ve mentioned above. Is there anything I could do so that I can always pass on all stealth tests even after several restarts or re-boots? Or this was just a natural result that can possibly occur or possible consequence if we are connected or using a dial-up internet connection?

    o_O :rolleyes:
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Hi Sweater

    I am not familiar with any of the firewalls you mentioned, but when I had a problem with something holding a port open(failed GRC) I couldn't figure out what was going on, with ZA, but I trialed Outpost, and immediately was able to identify what program was causing the problem. I now use outpost, and problem solved.

    Pete
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Two things:
    Try Sygate firewall and see what happens.
    Block the non-stealthed ports manually (configure advanced rules).
    By the way, are they just non-stealthed (closed) or open?
    Mrk
     
  4. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I agree with Peter Outpost should help you. It is very informative.

    Edit: Not that I say don't try Mrk's. By all means try it.

    Thanks,

    Chris
     
  5. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    When it passed the tests in grc shields up the results were all stealth green (common ports and all ports), and in all sygate test it blocked all ports. In other words, perfectly stealth in grc and sygate. :D

    But after the second re-boot, the results are all failed... in grc some ports are open and many are closed, then at sygate same thing some are open and many are closed. That is - it has failed. :'(

    I'm not really sure if this was natural if one is connected to dial-up internet.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Closed ports is ok.
    What you can do with open ports:
    Go to Advanced rules, and start configuring them. You can set rules to block incoming traffic on open ports.
    Mrk

    P.S. I have a wild idea! Are you scanning your own machine? Do you sit behind university proxy or something? Cause if you do, then you might be scanning their ports and not your own?
    Check your ip address vs. grc and sygate ip that is being scanned.
    Likewise, Sygate should tell you if your ports are being scanned. If you get no message that your ports are being scanned during the test (you can also check the logs), then you're probably scanning some transparent or not so transparent proxy along the way.
     
  7. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Checking my very own IP Address against the results from grc and sygate scans…problem solved at last… the IP Addresses that grc and sygate are scanning for stealth are not all mine, my golly!!! That means all tests that I’ve done on my pc was all useless because I’m behind proxies. The results I got were not for me. Holy mackarell!!! Just imagined, sometimes the results are passed and sometimes failed, and this was also two different IP Addresses that’s not mine. That’s why everytime I visits pcflank.com it didn’t accept scanning my pc. I’m a beginner and didn’t know this IP Address thing… so pls forgive me for my ignorance, at least this was another additional knowledge I got here. :rolleyes: ;)

    Learning this thing, then, that I’m behind proxies, I have to concentrate now more on an outbound protections and all outgoing application control rather than on focusing on inbound attacks. :mad:

    If this was the case… is that mean that I am safer even if the results of stealth tests are failed coz it’s not my own IP Addresses? That hackers probe has no way to detect my pc, that even if I fail in every stealth tests I’m still invisible coz it’s not my IP Address? o_O
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Where is a kiss and thank you for my wild idea??
    Mrk
     
  9. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    o_O Are you a.... :-* he, he, he just kidding. :)

    Anyway, many tnx for that. ;)

    Well, if you can adds more answer for the above additional questions I have then again another tnx. :D
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    More answers for more kisses:
    If you're behind a proxy, that's a good thing. Because, you have another layer of protection in front of you, almost like a router. Proxies can be annoying sometimes, but if that's a transaprent proxy, then you'll most probably never feel anything.
    Your personal computer can still be probed from within the network that is behind the proxy.
    But you shouldn't be worried too much. If you run a good firewall (any of those you tried), you'll not be easily accessible. Still, to avoid any misunderstandings, if you're part of a let's say university network, then you might probably want to disable hidden shares and disable file and printer sharing...
    Mrk
     
  11. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    Many tnx for that... :D

    Cheers...!!! ;)
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    YW sonny.
    Mrk

    P.S. Do you have to have Angel as your avatar? Buffy is much more ... buff
     
Loading...
Thread Status:
Not open for further replies.