Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: More software firewall holes...

  1. #11

    Thumbs down

    u guys wouldnt have these problems if u werent running windows
    yeah ok it all makes since now..

    Well it didn't get through Tiny and Zone Alarm just didn't do anything. That's is pretty crazy.

    Firewalls cause more tourble than they do help
    actually they don't cause more tourble.

  2. #12
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Originally posted by Conf1rm3d_K1ll
    I have found a way of stopping too leaky breaching my firewall. What you do is delete the appropriate filter rules that allow IE access to the web and only allow Opera access. After doing this Tiny alerts you of too leakys attempts to access the web (which of course you block) and then gives some lame excuse that my connection is too slow or even down and it can't connect..
    Of course Too Leaky doesn't work anymore if you deny IE access to the net... I'm no C++ guru, but Bob Sundling was kind enough to include the source code... You might consider taking a look at it:
    // Step 1: Find the Internet Explorer executable (its location is in the registry).
    Too Leaky was designed for IE, not for Opera. I'm pretty sure the C++ programmers around here can rewrite this thing to penetrate your firewall using Opera...

    Originally posted by Conf1rm3d_K1ll
    After doing this Tiny alerts you of too leakys attempts to access the web (which of course you block) and then gives some lame excuse that my connection is too slow or even down and it can't connect..
    That message ('"There was apparently no leak, your computer or Internet connection is very slow, or, most likely, the GRC.COM website is down temporarily. Please try again later.") will show up if
    - you deny IE acces to the net (because Too Leaky was designed for IE).
    - 30 seconds pass without Too Leaky being able to connect (due to a slow connection, GRC being down, or not using IE - or having a real good firewall, of course).

    Again, I'm no C++ guru, but changing the '30000' in if ( (GetTickCount() - startCount) > 30000 )
    return false;
    to a higher number should solve the slow connection problem.

    Changing const char* baseURL = "http://grc.com/lt/leaktest.htm?"; into another URL should solve the GRC-problem, and the l33t C++-programmers out there can change the IE-routine to an Opera-routine...

    There you go, Conf1rm3d_K1ll, problem solved

    Originally posted by arkan351
    u guys wouldnt have these problems if u werent running windows
    True, we would have other problems then...
    And you wouldn't have a spelling problem if you didn't write. But then again, we enjoy facing problems, not avoiding them...

    Originally posted by S1lv3r
    Dunno if this has been posted yet. But thought it was an interesting read.
    Very interesting indeed. Thanks for the link

    Originally posted by Anirak
    Firewalls cause more tourble than they do help
    And you wouldn't have a spelling problem if you didn't write. But then again, we enjoy facing problems, not avoiding them...
    Dang, I'm repeating myself...

  3. #13

    Post

    Originally posted by Conf1rm3d_K1ll


    I have found a way of stopping too leaky breaching my firewall. What you do is delete the appropriate filter rules that allow IE access to the web and only allow Opera access. After doing this Tiny alerts you of too leakys attempts to access the web (which of course you block) and then gives some lame excuse that my connection is too slow or even down and it can't connect..


    You're right, Negative. It was just a "quick fix" solution to a rather complex problem!


    Perhaps you could suggest an alternative?

  4. #14
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Originally posted by Conf1rm3d_K1ll
    You're right, Negative. It was just a "quick fix" solution to a rather complex problem!
    Perhaps you could suggest an alternative?
    OUCH! No, I can't

    I'll leave that to the pro's

  5. #15
    Senior Member
    Join Date
    Nov 2001
    Posts
    185

    Re: an inetersting approach

    It would be interesting to try what Negative suggests.

    Personally I would suggest that concerned users go buy an `el cheapo' pc from the local used computer shop, or drag one out of the spare junk closet.

    Then put OpenBSD on that sucker. No keyboard, monitor, or mouse required. Get a couple of NIC's, and a switch. Once OpenBSD is installed build the packages for `ipfilter' , `tripwire', and 'host sentry'.

    Now you can set up an internal network behind your ipfilter firewall, set up the firewall to accept ftp connections from inside the firewall only /* firewall admin */ etc. etc.

    A host firewall is not the best way to go even if you only use one computer. The insta-firewalls like tpf and zone alarm are cool, but the worst possible thing you can have is a badly configured or incomplete firewall setup. Worse than none at all for sure.

    ipfilter is really great, it does not work with any *nix OS's that use glibc, so that rules out Linux except for really old versions.

    you can get OpenBSD at http://www.openbsd.org

    ipfilter is a default package that comes with OpenBSD, FreeBSD, NetBSD and several others.

    Some hints on setting it up can be found at:
    http://www.freebsddiary.org
    http://coombs.anu.edu.au/~avalon/ip-filter.html

    And as always a good place to get the packages mentioned above and others for *nix is http://www.freshmeat.net

    It is one of the firewall configs of choice for a good number of High Vis and High Risk sites, should note that ipfilter is hardly ever cracked if set up properly, but any firewall can be bypassed by the truly determined.

    Check out sites to see what they run /* will only show what server is, not always indicative of firewall OS */ at http://www.netcraft.com
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  6. #16
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post

    I think that it is funny that so many security "researchers" find these holes and take the time writing programs that prove the holes exist, but do not find a way to help protect us against these things. Is this really helping us? They expect the makers of the firewalls to do the fixing. If the problem can be fixed why dont they take real initiative after exposing the problem, and help develop the solution and make a bundle of cash at the same time. Whats the point in telling everyone that there is a hole in the boat, and you found it, but you didnt feel like plugging it and preventing the boat from sinking but that is the problem of the boat builder. If this sounds wierd its cuz I just finished a bottle of jack daniels and I think Im a little confused.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  7. #17
    Junior Member
    Join Date
    Aug 2001
    Posts
    28
    From what I have read,both Firehole and Too Leaky are based on the premise of first getting malware on the intended computer and then running said malware......although possibly a new angle,these seem to be not much different than any number of trojan programs out there.I'm not trivialising the problem,just saying that they are a new twist to an old problem.There's always another hole,there's always another piece of malware being written out there.......it all just enforces the importance of properly configured firewalls,up to date antivirus software,people needing to become more aware and better educated about what they may be downloading to their computers or where they surf(probably only wishful thinking on my part...oh,in a perfect world),and the need for some sort of public disclosure(whether it be full disclosure or partial) allowing softwaremakers to properly patch the problems,computer security people and network professionals to be aware there is a problem and try and defend themselves against said problem until a patch is hopefully made available.Again,I'm not saying this isn't an important issue......just the same old problem in a new wrapper,as I'm sure anyone out there involved with computer security for any length of time will agree.
    \"He who fights with monsters should look to it that he,himself,does not become a monster....when you gaze long into the abyss,the abyss also gazes into you\"

    Friedrich Nietzche

  8. #18

    Something about Firehole

    This thing didn't work when I changed the IP address.....

    YALTA's enhanced Leak Test were clean that my firewall didn't detect that connection and allowed it (as packets did get through), but the Classic test was lame as no connection was even made (blocked by firewall) but YALTA claimed to got passed it.....

  9. #19
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    You know people, the real issue in all those "leaking vulnerabilies" is getting malware on your computer first... No matter how much "firewall" vendors (firewall in quotes because the job you are expecting it to do is more IDS than firewall) tries to prevent it, once a malicous program has made it to the other side and has been executed, there is little you can do to be 100% safe... For example, the malware could even carry it's own tcp/ip stack and send directly to the modem or NIC, effectivly bypassing the firewall's filtering...

    The point is, you have to be carfull who you let into your house, not lock your doors and hope you locked in the thief/spy...

    Ammo

  10. #20
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted by ammo

    You know people, the real issue in all those "leaking vulnerabilies" is getting malware on your computer first... No matter how much "firewall" vendors (firewall in quotes because the job you are expecting it to do is more IDS than firewall) tries to prevent it, once a malicous program has made it to the other side and has been executed, there is little you can do to be 100% safe... For example, the malware could even carry it's own tcp/ip stack and send directly to the modem or NIC, effectivly bypassing the firewall's filtering...





    The point is, you have to be carfull who you let into your house, not lock your doors and hope you locked in the thief/spy...





    Ammo


    I couldn't agree more Ammo. It seems to me that a lot of folks tend to think that having these "personal firewalls" will actually prevent malicious code from communicating with the 'net if it gets onto the PC. This is mostly the same fantasy world wherein people believe that opening the attachment that came from their friend about Anna Kournikova is not a Stupid Move(TM).



    If the code doesn't get there in the first place, then the "personal firewalls" are really just superfluous.



    Oh, and by the way, the person who said that these problems would be nonexistant if you weren't running Windows would technically be correct. All of these incidents are specific to Windows, not any other OS.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •