Re: ISA server and Gibson's LeakTest

From: James Grant (nospam_at_nospam.com)
Date: 08/12/03

• Next message: David Thielen: "adv: Software firewall with sourcecode"
• Previous message: Kristóf: "Setting up one firewall on two PC's"
• In reply to: Netmasker: "ISA server and Gibson's LeakTest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 11 Aug 2003 23:45:23 GMT

Netmasker wrote:
>
> I run ISA Server SP1 server on win2k and my "IP Packet Filters rules"
> explicitly declared that only Outbound DYNAMIC TCP and UDP traffic is
> allowed. But when I run the Gibson's "LeakTest" utility it successfully
> connects to Gibson's web site. So ISA server seems to allow outbound http
> traffic.
> My first question is what "Dynamic" stands for as far as outbound
> connections are concerned. Is my configuration wrong or ISA server can't
> manage outbound connections properly ?

Apparently LeakTest is "Dynamic" ;-)

> My second question is which firewalls (if any) get LeakTest to fail ??

I think you're worrying about the wrong stuff.
Leak tests are trojan prototypes that demonstrate potential ways
(at the time of their creation) for apps to circumvent personal
firewalls and get information out. Each one proves again that
personal firewalls are limited at least when it comes to protecting
you from malware on your system. When they come out, personal firewall
vendors compete in a game of catch up and PCFlank runs a beauty contest
to rate how well they've done.

You want to keep your system clean and running good and current
anti-virus.

Also, you have a server, so you should not be running unnecessary
things on it. Your risk of getting a trojan should be low to zero.
You should be more concerned with incoming threats. Run nmap or some
other test to see your system as hackers see it.

James Grant
8Signs Ltd.
http://www.8signs.com

---

• Next message: David Thielen: "adv: Software firewall with sourcecode"
• Previous message: Kristóf: "Setting up one firewall on two PC's"
• In reply to: Netmasker: "ISA server and Gibson's LeakTest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Unable to print on ports 9100/515 ... Is the protocol definition for outbound on port 9100 and 515 actually trying ... > the detailed steps to publish a TCP/IP network printer through ISA, ... > 306071 How to Publish a TCP/IP Printer Behind ISA Server ... (microsoft.public.windows.server.sbs) Re: Outgoing VPN Error 619 ... Outbound VPN is not "supposed" to ever be allowed. ... The Web Proxy and Winsock Proxying services only "proxy" TCP or UDP based ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004 ... Microsoft ISA Server Partners: Partner Hardware Solutions ... (microsoft.public.isa.vpn) Re: Personal firewall recommendation wanted ... Security Suite but am very disappointed in the company's lack of ... The Windows-Firewall is perfectly suitable for filtering inbound traffic ... Blocking outbound traffic is unreliable, ... "Personal Firewalls are crap. ... (comp.security.firewalls) Re: Question about ISA port forwarding ... One final thing is it possible for IAS to Send outbound on the published ... Microsoft Internet Security & Acceleration Server: Partners ... Microsoft ISA Server Partners: Partner Hardware Solutions ... (microsoft.public.isa.configuration) ISA server and Gibsons LeakTest ... I run ISA Server SP1 server on win2k and my "IP Packet Filters rules" ... explicitly declared that only Outbound DYNAMIC TCP and UDP traffic is ... So ISA server seems to allow outbound http ... My first question is what "Dynamic" stands for as far as outbound ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2003-08