Fred,
After LEAKTest determines that you are secure, it suggests:
". . . but to be completely certain that your firewall deserves the credit
for blocking this outbound connection attempt, you should try permitting
LeakTest to connect just to be sure it can."
This is not foolishness, just a basic connectivity test. You can get an
"unable to connect" message if your machine is not on the wire. Opening the
port will confirm that you have connectivity and that the leaktest is
working properly once you close the port again.
Kind regards,
Ron Frost
-----Original Message-----
From: Frederick M Avolio [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 7:19 PM
To: Jamy Klein; '[EMAIL PROTECTED]'
Subject: RE: your mail: Desktop FW LEAKing
At 02:51 PM 12/19/00 -0500, Jamy Klein wrote:
>this isn't news... every firewall on this planet has this problem with the
>exception of zonealarm. It's not just personal firewalls.
>
>Your corporate firewall doesn't care what app goes out port 25. Currently
>their is no effective way to block apps going out a corporate firewall. The
>only solution thus far is to install zonealarm or something similar on each
>workstation.
The question is one of configuration, isn't it. Most people configure
firewalls to allow anything outbound, when all you really require is ...
well, what is required for business. Most vendors ship them that way
because that is what customers want.
I have a fairly simple filtering firewall for my home office. Still, I turn
off most outgoing ports and only allow what is required. It's easy for me
to deal with this and enforce it as I am the CEO, CSO, and network
administrator :-).
By the way, leaktest said: "If your computer is currently connected to the
Internet, the most likely cause for Leaktest's inability to connect is an
aggressive and properly working firewall!" Then it said ... to be sure,
allow port 21 outbound. Okay, I did that. Then I ran it and it said
"Firewall Penetrated! Leaktest WAS ABLE to connect to the GRC NanoProbe
Server! Leaktest was not prevented from connecting to the Gibson Research
NanoProbe server."
Well, duh, as my kids say. tcpdump tells me it made a connection on port
21. But normally that is disabled on my firewall. The only reason it
"Penetrated!" my WatchGuard Soho was because it asked me to reconfigure it.
(You don't suppose that is just a clever social engineering job, do you?
:-))
Anyway, port 21 is again closed up.
Yes, of course I am over simplifying. I do have other permitted services
from inside to out so I can do things. So, I also have to be careful of
Trojan horses. And I wait a week or so before running programs someone on a
mailing list tells me to run.
Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
