Avast WEBforum
Other => General Topics => Topic started by: Lisandro on September 08, 2004, 12:43:33 AM
-
Does your firewall pass the 'referrer' test? (more information bellow)
Which firewall pass this test and how to configure it? Please, comment.
Test here (for instance): http://www.pcflank.com/test.htm
What is a referrer?
When you browse a web site, it can collect various data about you, such as the Internet address of your computer, your region, Operating System, browser type, browser version, etc. Your web browser automatically sends this information each time it locates a new web site. One of these data is the referrer, which is the location of the last site you visited. Sites keep track of this data, mostly in a general way for statistical data and marketing research. There is a growing concern that online privacy is being infringed. To safeguard your privacy we recommend getting competent firewall software to block your browser sending information about you and your computer.
-
Here you go Technical, from your posted link.
IP Address test
The test could not determine your IP address.
The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.
This means the test cannot check your system as the results of the testing would be incorrect.
Edit,
XP Pro, Firefox browser used to access the site. Haven't applied sp2 yet. Outpost free firewall and Belkin wireless router.
-
Will be the only solution?
I mean, try to surf anonymously using a proxy server?
I think the connection speed will drop significantly :'(
-
Will be the only solution?
I mean, try to surf anonymously using a proxy server?
I think the connection speed will drop significantly :'(
Just tried again using
******** 4 | 80.3.64.7 | cache4-****.server.ntli.net
Same result.
-
Do you mean a site like anonymizer?
-
Will be the only solution?
I mean, try to surf anonymously using a proxy server?
I think the connection speed will drop significantly :'(
Just tried again using
******** 4 | 80.3.64.7 | cache4-****.server.ntli.net
Same result.
What do you mean?
What is that IP address or server name?
-
I'm not sure what you are asking?
The site you linked to cannot identify my ip address, either with my normal connection or with a specified proxy.
I tried Anonymizer and it got an ip address and invited me to continue the test. It was however the wrong address
IP Address test
The test has determined your IP address to be:
***.***.***.138
Please verify that this is your true IP address.
If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.
If this is your true IP address click on "Continue" to check for vulnerabilities at this IP address.
Note: if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.
-
Technical,
having re-read the thread I think it safe to assume that my firewall does indeed pass the test you linked to.
I've pm'd you with some information and would be glad to offer more if you need that. I'm not happy about publishing my ip address in an open forum as you can see from the published results of the tests, I take my security quite seriously.
-
Interestingly, I tried this with just Win's own firewall (SP2 version). It passed the first 2 tests, but generated a warning about Browser Privacy.
And that's probably typical of what I'd guess is the majority of users, the ones who don't use proxies or other re-routers.
-
Interestingly, I tried this with just Win's own firewall (SP2 version). It passed the first 2 tests, but generated a warning about Browser Privacy.
And that's probably typical of what I'd guess is the majority of users, the ones who don't use proxies or other re-routers.
You're a braver man than me just using sp2's firewall!!! I'll stick with the non standard browser, software and hardware firewall, MikeBCda.
-
Just for further tests (particularly Internet Explorer users) this link might be usefull.
http://www.dslreports.com/scan
-
Referrer is nothing else as browsers URL buffer. Browser opens certain URL and then stores it into this "buffer". Any page that you visit after this one can check the referrer and see where you came from.
This method is also used for anti-leech systems that prevent hot-linking.
If browser is any good it can enable or disable referrer support.
Opera and Mozilla have such feature,so you really don't need a firewall to block it...
-
Thanks RejZor.
I'm trying to get some help in Maxthon Forum too ;)
(http://forum.maxthon.com/forum/index.php?showtopic=4971)
-
Something very interesting happened here after taking the PC flank test with SPF on my machine. Stated that I was not stealthed on Tcp ping, Tcp null, Tcp fin, Tcp Xmas,and
UDP. I also had a total of 13 ports that were open. All this with the setting in SPF set to "normal". Well, I tried the WinXP built in Firewall next with the same test. This time I WAS stealthed, on the ping, null, fin, xmas, and UDP ports. Also the other 13 ports showed not to be open. Ran a special port scan with SPF and port 5000 showed to be open. Tried it with the XP firewall and port 5000 was closed. So, I uninstalled SPF, downloaded Outpost 1.0 free version which I had been using. Took the PC Flank test and it showed the same as the Win XP test result wise except that port 5000 still showed open.
I am now using BOTH WinXp built in firewall, and also Outpost 1.0 free version with no conflicts at all between them. Outpost blocks all outgoing requests, WinsXp firewall is blocking port 5000 also so I believe I am getting the best of two programs. So far so good, no conflicts etc. Just thought I would pass this information on if it already hasn't been discussed about these two firewalls that apparently co-exist with each other on my WinXp Home System with SP1. ;D
-
neal62
I think there might have been some discusion in these forums about this.
Certainly on other security sites and forums that I frequent, sp2's firewall gives excellent inbound protection, and the extra control over outgoing connections provided by Outpost firewall should give you great peace of mind. Possibly the best solution for home users (not corporate) at the moment without resorting to a seperate hardware solution for your firewall
Hasten to add I haven't (as yet) applied sp2 as I use a hardware router/firewall and Outpost.
F.Y.I. home and corporate refer to where the pc is, not xp home and xp pro
-
I am getting the best of two programs. So far so good, no conflicts etc.
Well, new Windows firewall was designed to not conflict with 3rd party firewalls. It's not a surprise but, of course, it's wellcoming 8)
On the Maxthon forum (link above) a lot of users say that in other browsers they can achieve the referrer protection without any problem. Maxthon (ex-MyIE2) does not have this feature yet.
It seems it's not a 'firewall' issue but a 'browser' one :-[
-
*
With the pcflank test, it could not get my correct IP.
With the dslreports, I got the following:
Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information.
TCP ALL : FILTERED No response packet was received.
UDP ALL : FILTERED No response packet was received.
This is basically what I get when I visit Gibson Research ... all ports Stealthed! :D
*
-
I first ran the test with my Zone Alarm on medium firewall settings, and came up with several ports open. When I ran it again with settings on high, I came out of the test with a clean bill of health. Except for the referrer exploit. I went into Opera (preferences-security) and disabled support for referrers there. Am I correct in assuming that there is no way to disable the referrer support in IE?
-
Am I correct in assuming that there is no way to disable the referrer support in IE?
I couldn't find it into IE or Maxthon...
Anybody coulld help us on it?
On Maxthon forum, I read that Maxthon does not provide this security feature but I don't know about IE, probably not either :'(
-
Perhaps it can be done by a registry tweak. IE itself doens't have a option to enable/disable it.
HERE (http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q178/0/66.asp&NoWebContent=1) is some information about how IE handles referers
-
Are referrer's actulary anything to worry about, would it make it easyer for them to hack/virus me if they new i last was on the avast forums or i was looking at FF (game) movies on the inet?.
--lee
-
Eddy, very thanks for the article. Very illustrative... But, I can't figure out how to tweak that :-\
-
lee: I beieve that when you link from one site to another, the site you link to can have the info off the page you came from. If on that site were confidential info like email addresses, credit card info or anything you did not want the new site to see, that would be the problem.
Gene.............
-
Exactly. By default,good online services use secure protocol (HTTPS) that doesn't use referring,doesn't cache files and so on. This provides many security mechanisms that prevent third party from getting your informations as Gene already mentioned.
But there is many unsecure services which use normal HTTP protocol.
If its not designed well,it can store your username/password or even credit card number into referrer "register" or "buffer" as i explained before. And if you visit some page right after you entered sensitive info,they can simply read that sensitive info from referrer.
-
In IE, go to Internet options>Content>autocompleat, then you can stop passwords an so on from being saved, and wipe any forums/passwords already saved, if referrer's are already there, is it pointless doing it?
--lee
-
Blocking referers shouldn't be the job of a firewall. A local proxy such as The Proxomitron (my favourite, a very powerful program) or Webwasher will block them.
The Proxomitron can be downloaded here
www.proxomitron.info/files/index.html
www.proxomitron.org
has a list of other local proxies (including Webwasher).
Delta.
Edit: added links.
-
No,browsers should handle the referrer,not firewalls. I have referrer totaly disabled in Firefox and i have no problems on pages. Some download systems refuse because they don't detect their site being browsed first (anti-leech),but nothing too serious.
-
For more firewall and other tests try Eric Howes site here
netfiles.uiuc.edu/ehowes/www/main.htm
Look for Online security & Privacy tests in the left hand frame.
Delta.
Edit: Cut and paste the link into your address bar.
-
I have referrer totaly disabled in Firefox
I can't see it anywere in firefox, could you give some direction to the exsact place in the browser please, or is it by about:config?
--lee
-
lee,
In firefox, go to tools, options, privacy. Under privacy you will see "saved passwords" Click on that and then you'll see the option of "remember passwords". Make sure that option is un-ticked. I believe this is what you were asking about Firefox. ;)
-
No,this is not it. Look at the info below...
How to disable Firefox referer
Type "about:config" into URL line (without quotes),enter referer into Filter: line and you should get only one entry (network.http.sendRefererHeader).
Use these values:
0 - totaly disables referring
1 - referring disabled only for images
2 - referring enabled
-
RejZor,
Thanks for the info on how to disable the referer in Firefox. I WAS able to do that. Mine of course was set to a value of 2, so I changed it to 0. That shouldn't affect the way Firefox operates in the future should it? If so at least I know how to change it back. :) I took the PC Flank browser exploit test again and this time it passed stating that my browser was not revealing ANY information. Thanks again RejZor. ;D
-
Yes thanks for that RejZoR
BTW when i go to about:config, there is a setting there that safes passwords for a time period of 30, if it safe to put this to 0?
Thanks again
--lee
-
Well, I found Agnitum Outpost Professional version referrer plugin... 8)
Options > Plug-Ins > Active Content Filtering > Settings > Privacy > Referrers > Disable
Well, it works so good that I can't even use avast forum :'(
When I try to post I get this :'( :-\
-
The problem of Agnitum firewall (Outpost) is that it ads a "Referer blocked by Outpost www.agnitum.com" tag instead of real referer ::)
When you try to post to avast! (this) board,it reads the referer and find the www.agnitum.com URL inside it and rejects you. Thats the problem of Outpost. Its better to just blank the referer or totaly remove it from header instead of putting advertisement URLs inside ::) Thats how most of firewalls and browsers remove referer.