Here are some tools and techniques to test if your firewall is up to scratch:
1. www.pcflank.com
Contains various test for the firewall including: port scanners, stealth testing, leak test and others.
For leak test, download PCFlankLeaktest.exe. This test tries to send some information out of your PC to the PCFlank site. The results are shown in http://www.pcflank.com/pcflankleaktest_results.htm
. According to PCFlank, only Outpost Firewall Pro and Tiny Personal Firewall pass the leaktest. At PCKingsford, we have tried the FREE Comodo Firewall Pro (CFP) and this works. If it fails, you just need to be sure that you have not tell CFP to ALLOW it. To check whether an application is allowed in CFP, open up the CFP, go to the Defense+ on top, then go to the Advanced tab on the left menu, then click Computer Security Policy. Look for the application name and edit the rules for it.
2. ShieldsUp at http://www.grc.com/faq-shieldsup.htm
Click on Services tab on the website, then select ShieldsUp. Follow the instruction to test your firewall via this website. The tests include:
File Sharing
Common Ports
All Service Ports
Messenger Spam
Browser Helpers
3. Leaktest 1.2 at http://www.grc.com/lt/leaktest.htm This is one of the original firewall leaktest program that started it all.
4. Firewall Leak Tester - www.firewallleaktester.com
This is a one-stop shop for leak tester programs you can use to test your software. It has over 26 leak testers. The website published results comparing various firewalls but note that the comparison was done in 2006 so that may have been outdated. You can always download the leak testers and test individually.
Other leak testers are:
http://www.pcflank.com/pcflankleaktest.htm
(this article can be seen at
www.pckingsford.com)
5. Testing exploits to PC.
http://www.pcflank.com/exploits.htm - simulates Denial of Service attacks on your system.
6. Question on "How Does a Router Protect?" has some answers here:
http://xtechnotes.blogspot.com.au/2012/04/how-does-router-protect.html
7. Linux - IPTABLES
For Linux users, the software firewall IPTABLES allow maximum configurability.
More details can be found in the "Linux Firewall" section in: http://xtechnotes.blogspot.com.au/2012/05/notes-linux.html
A list of simple rules is given here as an example for
Super Stealth mode
----------------
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
----------------
Once you've executed them, use this command for the stealth config to stick:
Code:
service iptables save
The above rules are quite strict. For simple web browsing, try this:
Basic Web Browsing mode
-----------------------------------
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables-save > /etc/sysconfig/iptables
----------------------------------
then to restart:
service iptables save
service iptables start
Links to IPTABLES configuration:
http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
http://www.thegeekstuff.com/2012/08/iptables-log-packets/
http://www.thegeekstuff.com/2011/01/redhat-iptables-flush/
http://www.thegeekstuff.com/2011/03/iptables-inbound-and-outbound-rules/
http://www.thegeekstuff.com/2011/02/iptables-add-rule/
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/
1. www.pcflank.com
Contains various test for the firewall including: port scanners, stealth testing, leak test and others.
For leak test, download PCFlankLeaktest.exe. This test tries to send some information out of your PC to the PCFlank site. The results are shown in http://www.pcflank.com/pcflankleaktest_results.htm
. According to PCFlank, only Outpost Firewall Pro and Tiny Personal Firewall pass the leaktest. At PCKingsford, we have tried the FREE Comodo Firewall Pro (CFP) and this works. If it fails, you just need to be sure that you have not tell CFP to ALLOW it. To check whether an application is allowed in CFP, open up the CFP, go to the Defense+ on top, then go to the Advanced tab on the left menu, then click Computer Security Policy. Look for the application name and edit the rules for it.
2. ShieldsUp at http://www.grc.com/faq-shieldsup.htm
Click on Services tab on the website, then select ShieldsUp. Follow the instruction to test your firewall via this website. The tests include:
File Sharing
Common Ports
All Service Ports
Messenger Spam
Browser Helpers
3. Leaktest 1.2 at http://www.grc.com/lt/leaktest.htm This is one of the original firewall leaktest program that started it all.
4. Firewall Leak Tester - www.firewallleaktester.com
This is a one-stop shop for leak tester programs you can use to test your software. It has over 26 leak testers. The website published results comparing various firewalls but note that the comparison was done in 2006 so that may have been outdated. You can always download the leak testers and test individually.
Other leak testers are:
http://www.pcflank.com/pcflankleaktest.htm
(this article can be seen at
www.pckingsford.com)
5. Testing exploits to PC.
http://www.pcflank.com/exploits.htm - simulates Denial of Service attacks on your system.
6. Question on "How Does a Router Protect?" has some answers here:
http://xtechnotes.blogspot.com.au/2012/04/how-does-router-protect.html
7. Linux - IPTABLES
For Linux users, the software firewall IPTABLES allow maximum configurability.
More details can be found in the "Linux Firewall" section in: http://xtechnotes.blogspot.com.au/2012/05/notes-linux.html
A list of simple rules is given here as an example for
Super Stealth mode
----------------
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
----------------
Once you've executed them, use this command for the stealth config to stick:
Code:
service iptables save
The above rules are quite strict. For simple web browsing, try this:
Basic Web Browsing mode
-----------------------------------
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables-save > /etc/sysconfig/iptables
----------------------------------
then to restart:
service iptables save
service iptables start
Links to IPTABLES configuration:
http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
http://www.thegeekstuff.com/2012/08/iptables-log-packets/
http://www.thegeekstuff.com/2011/01/redhat-iptables-flush/
http://www.thegeekstuff.com/2011/03/iptables-inbound-and-outbound-rules/
http://www.thegeekstuff.com/2011/02/iptables-add-rule/
http://www.thegeekstuff.com/2011/01/iptables-fundamentals/
Posts
No comments:
Post a Comment