Author Topic: Firewall test and 'referrer' exploit  (Read 19773 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Firewall test and 'referrer' exploit
« Reply #15 on: September 09, 2004, 03:38:17 AM »
I am getting the best of two programs. So far so good, no conflicts etc.

Well, new Windows firewall was designed to not conflict with 3rd party firewalls. It's not a surprise but, of course, it's wellcoming  8)

On the Maxthon forum (link above) a lot of users say that in other browsers they can achieve the referrer protection without any problem. Maxthon (ex-MyIE2) does not have this feature yet.

It seems it's not a 'firewall' issue but a 'browser' one :-[
The best things in life are free.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re:Firewall test and 'referrer' exploit
« Reply #16 on: September 09, 2004, 11:03:50 AM »
*

With the pcflank test, it could not get my correct IP.

With the dslreports, I got the following:

Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information.
TCP ALL : FILTERED No response packet was received.
UDP ALL : FILTERED No response packet was received.

This is basically what I get when I visit Gibson Research ... all ports Stealthed!    :D  

*
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Gene Johnson

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #17 on: September 09, 2004, 04:56:23 PM »
I first ran the test with my Zone Alarm on medium firewall settings, and came up with several  ports open. When I ran it again with settings on high, I came out of the test with a clean bill of health. Except for the referrer exploit. I went into Opera (preferences-security) and disabled support for referrers there. Am I correct in assuming that there is no way to disable the referrer support in IE?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Firewall test and 'referrer' exploit
« Reply #18 on: September 09, 2004, 05:04:57 PM »
Am I correct in assuming that there is no way to disable the referrer support in IE?

I couldn't find it into IE or Maxthon...
Anybody coulld help us on it?
On Maxthon forum, I read that Maxthon does not provide this security feature but I don't know about IE, probably not either  :'(
The best things in life are free.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Firewall test and 'referrer' exploit
« Reply #19 on: September 09, 2004, 05:25:27 PM »
Perhaps it can be done by a registry tweak. IE itself doens't have a option to enable/disable it.

HERE is some information about how IE handles referers

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re:Firewall test and 'referrer' exploit
« Reply #20 on: September 09, 2004, 05:43:49 PM »
Are referrer's actulary anything to worry about, would it make it easyer for them to hack/virus me if they new i last was on the avast forums or i was looking at FF (game) movies on the inet?.

--lee

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re:Firewall test and 'referrer' exploit
« Reply #21 on: September 09, 2004, 05:51:14 PM »
Eddy, very thanks for the article. Very illustrative... But, I can't figure out how to tweak that  :-\
The best things in life are free.

Gene Johnson

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #22 on: September 09, 2004, 05:56:01 PM »
lee: I beieve that when you link from one site to another, the site you link to can have the info off the page you came from. If on that site were confidential info like email addresses, credit card info or anything you did not want the new site to see, that would be the problem.

Gene.............

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9387
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Firewall test and 'referrer' exploit
« Reply #23 on: September 09, 2004, 07:05:16 PM »
Exactly. By default,good online services use secure protocol (HTTPS) that doesn't use referring,doesn't cache files and so on. This provides many security mechanisms that prevent third party from getting your informations as Gene already mentioned.

But there is many unsecure services which use normal HTTP protocol.
If its not designed well,it can store your username/password or even credit card number into referrer "register" or "buffer" as i explained before. And if you visit some page right after you entered sensitive info,they can simply read that sensitive info from referrer.
Visit my webpage Angry Sheep Blog

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re:Firewall test and 'referrer' exploit
« Reply #24 on: September 09, 2004, 08:15:13 PM »
In IE, go to  Internet options>Content>autocompleat, then you can stop passwords an so on from being saved, and wipe any forums/passwords already saved, if referrer's are already there, is it pointless doing it?

--lee

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline Delta

  • Full Member
  • ***
  • Posts: 105
Re:Firewall test and 'referrer' exploit
« Reply #25 on: September 09, 2004, 09:11:15 PM »
Blocking referers shouldn't be the job of a firewall. A local proxy such as The Proxomitron (my favourite, a very powerful program) or Webwasher will block them.

The Proxomitron can be downloaded here
www.proxomitron.info/files/index.html

www.proxomitron.org

has a list of other local proxies (including Webwasher).

Delta.

Edit: added links.
« Last Edit: September 09, 2004, 09:58:04 PM by Delta »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9387
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Firewall test and 'referrer' exploit
« Reply #26 on: September 09, 2004, 09:19:20 PM »
No,browsers should handle the referrer,not firewalls. I have referrer totaly disabled in Firefox and i have no problems on pages. Some download systems refuse because they don't detect their site being browsed first (anti-leech),but nothing too serious.
Visit my webpage Angry Sheep Blog

Offline Delta

  • Full Member
  • ***
  • Posts: 105
Re:Firewall test and 'referrer' exploit
« Reply #27 on: September 09, 2004, 10:24:16 PM »
For more firewall and other tests try Eric Howes site here

netfiles.uiuc.edu/ehowes/www/main.htm

Look for Online security & Privacy tests in the left hand frame.

Delta.

Edit: Cut and paste the link into your address bar.
« Last Edit: September 09, 2004, 10:31:17 PM by Delta »

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2326
  • The only true failure is when you give up
Re:Firewall test and 'referrer' exploit
« Reply #28 on: September 09, 2004, 10:29:24 PM »
Quote
I have referrer totaly disabled in Firefox


I can't see it anywere in firefox, could you give some direction to the exsact place in the browser please, or is it by about:config?

--lee

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

neal62

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #29 on: September 10, 2004, 06:37:59 AM »
lee,

In firefox, go to tools, options, privacy.  Under privacy you will see "saved passwords"  Click on that and then you'll see the option of "remember passwords". Make sure that option is un-ticked. I believe this is what you were asking about Firefox. ;)
« Last Edit: September 10, 2004, 06:39:09 AM by neal62 »