PC Flank challenges firewalls!

[muckshifter]

Recently we, here at PC Flank, have released the Stealth Test that gives opportunity to determine if your firewall is successful in making your computer "stealthed". The "stealthed" system is invisible to others on the Internet, so it is harder for intruders to "detect" such system and thus far harder to attack. Indeed, "stealthed" system is not absolutely safe system, and we should not overrate it, but it is the first barrier made by firewall to stop intruders and it is better if this barrier works.

The Stealth test uses five scanning techniques: TCP ping, TCP NULL scanning, TCP FIN scanning, TCP XMAS scanning and UDP scanning. Using each technique the test creates a packet and sends it to port number 1 of your system. If your firewall drops the packet and does not send any response it will mean that your computer is "stealthed". Otherwise if there is any response from your system it will mean that your computer is "non-stealthed" and your firewall has failed this test.

Here is the descriptions of each packet:

• TCP ping packet
  Description: An uniquely configured TCP packet with the ACK flag
• TCP NULL packet
  Description: An uniquely configured TCP packet that contain a sequence number but no flags
• TCP FIN packet
  Description: The TCP FIN scanning is able to pass undetected through most personal firewalls, packet filters, and scan detection programs. The scan utilizes TCP packet with the FIN flag
• TCP XMAS packet
  Description: The TCP packet with the URG, PUSH(PSH) and FIN flags
• UDP packet
  Description: An uniquely configured UDP packet with empty datagram.

Selected tools
We have selected and downloaded eight leading pesonal firewalls for our test. Each firewall was tested with default settings.

... and the results are ...

Why not discuss this on the forum?

 

[TECHGUNS]

PC FLANK IS MY FAVORITE. HAVE BEEN USING IT TO TEST SECURITY ON ALL MY FRIENDS PC'S FOR ABOUT 4 YEARS. I LIKE THE SYGATE TEST, SHIELDS UP, AND NORTONS FIREWALL TEST. I DONT LIKE THE NORTONS FIREWALL BUT THEY HAVE A GOOD FIREWALL TEST. SYGATE FIREWALL IS WHAT I USE WITH PROXOMITRON A LOCAL PROXY FILTER.
DONT TEST PUBLIC PROXYS WITH FIRE WALL TESTING BECAUSE THEY MIGHT THINK HACK ATTACK.
TRY PROXY TESTING SITES LIKE http://stealthtests.lockdowncorp.com/ IF YOU USE PUBLIC PROXYS.
YOU CAN GOOGLE "MY IP" LOTS OF SITES OUT THERE FOR TESTING PUBLIC PROXYS.

 

[crazylegs]

This just reinforces what i already knew, that my ZoneAlarm Security Suite is the business and coupled with my Hardware firewall keeps me very well protected.....Nice Info there Muck's.....

 

[TECHGUNS]

YOU CAN PASS ALL THESE TEST AND THE HACKERS TROJANS CAN STILL GET IN USING AUTOMATION LIKE JAVA AND ACTIVEX SO USE AN ALTERNATIVE BROWSER WITH JAVA TURNED OFF. WHEN YOU NEED JAVA JUST USE IE WITH JAVA ON. EVEN BETTER SANDBOX YOUR BROWSER "SANDBOXIE" HTTP://WWW.SANBOXIE.COM I USE TO USE THE FREE SURFINGARD SANDBOX BUT IT SEEMED TO HAVE A LOT OF PROBLEMS AND YOU CANT DOWNLOAD A FREE VERSION ANYMORE.

BROWSERS KMELEON AND FIREFOX WORK GOOD. SURF SAFE

 

[Ian]

Wow, I didn't expect Norton to do that bad! I'm using Kerio Personal Firewall at the moment, which I am quite pleased with - although I am a big ZoneAlarm fan!

 

[muckshifter]

Nothing will help the unwary from ... "oh, that looks good, 'click click' ... WTFliping heck happened there then?" ... to late.

TECHGUNS, please fix you 'caps lock' ... it is very hard on the eyes to read, and, is really considered shouting.

 

[Me__2001]

i have NIS and it ust passed all of the tests , but then i have taken a long time to get it right

 

[Adywebb]

Remember those tests were done in 2002 - NIS may have improved things by now!

i have NIS and it ust passed all of the tests , but then i have taken a long time to get it right

 

[Me__2001]

just noticed that Adywebb, that may be why

 

[Adywebb]

Weird isn't it how after 3 years a thread suddenly appears again!!

 

[TECHGUNS]

I like to steath it at these sites and then connect to a fast public proxy somewhere. Hackers can still find your IP address through referrer. I was surfing atsronomy web sites when zone alarm was warning me. I did whois on the IP address and I was one of those sites so I know web sites have hackers behind them and they know your IP steathed. I have been using proxomitron to take care of that I just copy and paste IP adresses of other public proxys that I find on a list in xforward out in proxomitron. then I google "my ip" and check my machine and proxy with a remote IP test, your real IP should not show. You can also trickem into thinking you have another OS and browser type.
SURF SAFE

 

[TECHGUNS]

I think that I should put another post about proxo. It wont do squat unless you find the proxy settings in your browser type in localhost port 8080 or 127.0.0.1 port 8080.
Proxomitron comes with the filters but I like to mess with it. I copy and paste about 30 public proxys into proxomitron it will allow you to switch to each one easy or unhook for testing at PCFlank.

Just put a public proxy IP to hide referrer your IP. I only put proxy address in it because thats almost like reverse spoofing someone.

HTTP Header
X-Forwarded-For (out):
Replacement text
218.26.177.98

change your browser or OS

HTTP Header
User-Agent: Konqueror 3.1 (out)
Header Value Match
*
Replacement text
Konqueror 3.1

You might want to change your language the referrer is in another country

HTTP Header
Accept-Language: German (out)
Header Value Match
*
Replacement text
gmh

If you dont know what all this garbage is about playwith it untill you hang it. This is a good antihack tool.