Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Fails Leak Test?


  • Please log in to reply
25 replies to this topic

#1 FatherTed

FatherTed

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 26 May 2014 - 04:50 PM

Hallo,

 

Have recently changed from 'Private Firewall' to Windows Firewall & just tested it with Steve Gibson's Leak Test & it failed.

 

Have I missed a setting or is WF not as good?

 

Thanks

Ted


Edited by hamluis, 27 May 2014 - 06:57 AM.
Moved from Win 7 to Firewall Software/Hardware - Hamluis.


BC AdBot (Login to Remove)

 


#2 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:08:28 AM

Posted 26 May 2014 - 05:20 PM

Yes its interesting,if you run this test on the Generic Win 7 firewall it will fail,mine does,its a personal choice i think - i could

run Commodo or something and have done in the past but the poipups drive me to distraction when im working so i lock the

system down in other ways.ie sandboxed surfing,plenty of system scanners,check every now and than for outbound trafic etc.

 

 

Steve Gibsons stuff is very usefull but personally failing the leak test doent bother me any,although i think the built in firewall can be made more secure with some tweaking which i might look at.You can block outbound connectios in the firewall setting i think,you just cant get it to notify you kise some personal firewalls do.

 

 

http://www.makeuseof.com/tag/windows-7-firewall-compares-firewalls/



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:28 PM

Posted 26 May 2014 - 05:21 PM

Windows firewall is unable to pass in that test because it restricts only inbound traffic.

 

If you want a real firewall you need something like this.



#4 TheGreatGarbled

TheGreatGarbled

  • Banned
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 26 May 2014 - 05:57 PM

YOU didn't say what the results were? what ports etc? Blue/Green/RED colors? GRC Shields UP test has been Changed by Gibson to enable a new feature. This was covered over a 3 week period in his "Security NOW" podcasts. You're not the first to think you failed. If you got RED open ports? then you DID fail and will need to check on why?   He made the result show BLUE Color- "Closed" on Ports 135, 139, 445 and it declares you FAILED. YOU really didn't. He has set the system to be able to detect UPnPlay Instant exposure tests. That's why if you always got STEALTH all green ratings in the past, suddenly, you get a FAILED even though no RED are showing, just the blue closed colors. What the test is really testing IS... your ISP's response. Especially for DSL.  It's showing your ISP not your machine. He has talked about changing it back to the old method but has not yet. He changed it due to the huge UPnP problems this past Winter that were in the news and that Hackers were exploiting. SO if you have "Failed" with BLUE "Closed" ports and NO other RED ports showing? you didn't Fail. 


Edited by TheGreatGarbled, 26 May 2014 - 06:00 PM.


#5 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,251 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:28 PM

Posted 26 May 2014 - 06:24 PM

Most firewalls will faill Leaktest, Why? Because they are set by defaut to allow all outbound traffic. When I messed around with Windows I had Kaspresky pure2.0 on ot and the firewall allowed all out bound traffic, I soon reset that, I made it so that any prog wanting access to the internet had to ask me first, then I would allow it and if it was a reg prog I used such as browser I selected remember this for next time. Yes its a pain in the neck at first but a well trained firewall is a good firewall.

 

 

As far as Shields Up! goes, it only scans whatever device is attached to your connection, which is usually a router, so anything behind that router isn't seen or tested.

 

Stealth Ports Or Closed?

http://www.insanitybit.com/2012/05/30/stealth-ports-or-closed/


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#6 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 26 May 2014 - 06:32 PM

Don't trust GRC LeakTest -- Firewall Leakage Tester.

I just tested it on a isolated test PC, and here are the results:

1.  Ran the program, my firewall (it monitors incoming and outgoing) caught it, I blocked it.
2.  A second warning came up, and I told to block it.
3.  Leaktest said it got through to the GRC website.

4.  Reset the settings to where GRC LeakTest wasn't included in the list of authorized or blocked programs.  I had backed up the settings before I did the test, and I used the settings file, and verified GRC LeakTest wasn't on the list of any of the programs.

5.  Disabled the Internet Connection (through the control panel), with the hardwire plugged in.
6.  Ran the program, my firewall caught it, I blocked it.
7.  A second warning came up, and I told to block it.
8.  Leaktest said it got through.

9.  Reset the settings to where GRC LeakTest wasn't included in the list of authorized or blocked programs.  I had backed up the settings before I did the test, and I used the settings file, and verified GRC LeakTest wasn't on the list of any of the programs.

10.  Unplugged Internet connection (hard wire).
11.  Ran the program, my firewall caught it, I blocked it.
12.  A second warning came up, and I told to block it.
13.  Leaktest said it got through.

14.  Reset my computer back to BEFORE the firewall was installed, using Paragon Backup and Recovery.

15.  Reinstalled the firewall as new.
16.  Repeated the above steps again, with the same results.
 

It should be noted that this PC used doesn't have wireless, so it wasn't getting out that way!


Edited by scotty_ncc1701, 26 May 2014 - 06:35 PM.


#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:28 PM

Posted 26 May 2014 - 07:00 PM

Leak Test is yet more hocus-pocus from Steve Gibson and co... The self declared security professional.



#8 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,251 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:28 PM

Posted 26 May 2014 - 07:11 PM

Same as Shields Up.


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,874 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:28 AM

Posted 26 May 2014 - 07:11 PM

Agreed...a legend in his own mind :).

 

Louis



#10 FatherTed

FatherTed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 May 2014 - 12:29 AM

Thank you guys for your very informative & illuminating answers, very much appreciated.

I was particularly interested in the comments about Gibson. I had no idea he is considered a charlatan in the security community but this article is damming. http://radsoft.net/news/roundups/grc/20060121,01.shtml 

Not sure if posting links external links is ok on this forum so apologies if it's not,

Thanks again

Ted



#11 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:08:28 AM

Posted 27 May 2014 - 09:55 AM

So much for Mr G..i do think some of his little security apps are quite well coded as far as i can see (which isnt very far)lol,but hes better at it than me..the websites terible,maybe i could show him how to use css im not bad at that.:-)


Edited by Wolverine 7, 27 May 2014 - 09:56 AM.


#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 29 May 2014 - 05:57 PM

First we need to know if ShieldsUp tested your computer or the network device that connects your computer to the Internet.

Is your local IP address a public or private IP address? What's the first number before the dot?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 FatherTed

FatherTed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 30 May 2014 - 12:58 AM

Errrr, private I think - I'm using my laptop from home. Errr......... (What's the first number before the dot?) sorry, don't know what you're asking here. Since I first posted, I have had a lot of help & advice & have since changed my av to Bitdefender & added Windows Firewall Control - so far so good!

Thanks for your enquiry



#14 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 30 May 2014 - 07:32 AM

First we need to know if ShieldsUp tested your computer or the network device that connects your computer to the Internet.

Is your local IP address a public or private IP address? What's the first number before the dot?

 

I believe that the general consensus here is that Fred Gibson and GRC can't be trusted, which as far as I'm concerned was proved by the tests in my other post.  But, I wanted to confirm it again.

Yesterday, after my wife and I got home from our grocery run, I opened several ports in my ROUTER/MODEM (in the range ShieldsUp checks), turned off all security software on my standalone, TEST PC and ran the shields up test.  Shieldsup said the ports that I had open was safe.
 

Have a good day.


Edited by scotty_ncc1701, 30 May 2014 - 07:37 AM.


#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 30 May 2014 - 01:26 PM

Errrr, private I think - I'm using my laptop from home. Errr......... (What's the first number before the dot?) sorry, don't know what you're asking here. Since I first posted, I have had a lot of help & advice & have since changed my av to Bitdefender & added Windows Firewall Control - so far so good!

Thanks for your enquiry

 

Sorry, I thought you knew your IP address because you did a firewall test.

 

Do you know how to use the command line? e.g. start cmd.exe?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users