Author Topic: Firewall test and 'referrer' exploit  (Read 22105 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Firewall test and 'referrer' exploit
« on: September 08, 2004, 12:43:33 AM »
Does your firewall pass the 'referrer' test? (more information bellow)
Which firewall pass this test and how to configure it? Please, comment.

Test here (for instance): http://www.pcflank.com/test.htm

What is a referrer?

When you browse a web site, it can collect various data about you, such as the Internet address of your computer, your region, Operating System, browser type, browser version, etc. Your web browser automatically sends this information each time it locates a new web site. One of these data is the referrer, which is the location of the last site you visited. Sites keep track of this data, mostly in a general way for statistical data and marketing research. There is a growing concern that online privacy is being infringed. To safeguard your privacy we recommend getting competent firewall software to block your browser sending information about you and your computer.
The best things in life are free.

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #1 on: September 08, 2004, 12:53:39 AM »
Here you go Technical, from your posted link.

   
IP Address test

The test could not determine your IP address.

The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

This means the test cannot check your system as the results of the testing would be incorrect.

Edit,
XP Pro, Firefox browser used to access the site.  Haven't applied sp2 yet.  Outpost free firewall and Belkin wireless router.
« Last Edit: September 08, 2004, 01:03:06 AM by inthewildteam »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Firewall test and 'referrer' exploit
« Reply #2 on: September 08, 2004, 01:02:11 AM »
Will be the only solution?
I mean, try to surf anonymously using a proxy server?
I think the connection speed will drop significantly  :'(
The best things in life are free.

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #3 on: September 08, 2004, 01:07:06 AM »
Will be the only solution?
I mean, try to surf anonymously using a proxy server?
I think the connection speed will drop significantly  :'(

Just tried again using

******** 4 | 80.3.64.7 | cache4-****.server.ntli.net

Same result.

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #4 on: September 08, 2004, 01:10:00 AM »
Do you mean a site like anonymizer?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Firewall test and 'referrer' exploit
« Reply #5 on: September 08, 2004, 01:11:05 AM »
Will be the only solution?
I mean, try to surf anonymously using a proxy server?
I think the connection speed will drop significantly  :'(

Just tried again using

******** 4 | 80.3.64.7 | cache4-****.server.ntli.net

Same result.

What do you mean?
What is that IP address or server name?
The best things in life are free.

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #6 on: September 08, 2004, 01:20:11 AM »
I'm not sure what you are asking?

The site you linked to cannot identify my ip address, either with my normal connection or with a specified proxy.

I tried Anonymizer and it got an ip address and invited me to continue the test.  It was however the wrong address

    
IP Address test

The test has determined your IP address to be:
***.***.***.138

Please verify that this is your true IP address.

If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

If this is your true IP address click on "Continue" to check for vulnerabilities at this IP address.

Note: if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #7 on: September 08, 2004, 01:44:09 AM »
Technical,

having re-read the thread I think it safe to assume that my firewall does indeed pass the test you linked to.

I've pm'd you with some information and would be glad to offer more if you need that.  I'm not happy about publishing my ip address in an open forum as you can see from the published results of the tests, I take my security quite seriously.


Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re:Firewall test and 'referrer' exploit
« Reply #8 on: September 08, 2004, 02:22:22 AM »
Interestingly, I tried this with just Win's own firewall (SP2 version).  It passed the first 2 tests, but generated a warning about Browser Privacy.

And that's probably typical of what I'd guess is the majority of users, the ones who don't use proxies or other re-routers.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #9 on: September 08, 2004, 02:29:29 AM »
Interestingly, I tried this with just Win's own firewall (SP2 version).  It passed the first 2 tests, but generated a warning about Browser Privacy.

And that's probably typical of what I'd guess is the majority of users, the ones who don't use proxies or other re-routers.

You're a braver man than me just using sp2's firewall!!!  I'll stick with the non standard browser, software and hardware firewall, MikeBCda.

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #10 on: September 08, 2004, 02:35:13 AM »
Just for further tests (particularly Internet Explorer users) this link might be usefull.

http://www.dslreports.com/scan

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Firewall test and 'referrer' exploit
« Reply #11 on: September 08, 2004, 02:30:17 PM »
Referrer is nothing else as browsers URL buffer. Browser opens certain URL and then stores it into this "buffer". Any page that you visit after this one can check the referrer and see where you came from.
This method is also used for anti-leech systems that prevent hot-linking.

If browser is any good it can enable or disable referrer support.
Opera and Mozilla have such feature,so you really don't need a firewall to block it...
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Firewall test and 'referrer' exploit
« Reply #12 on: September 08, 2004, 05:43:18 PM »
Thanks RejZor.
I'm trying to get some help in Maxthon Forum too  ;)
(http://forum.maxthon.com/forum/index.php?showtopic=4971)
The best things in life are free.

neal62

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #13 on: September 09, 2004, 01:09:19 AM »
Something very interesting happened here after taking the PC flank test with SPF on my machine. Stated that I was not stealthed on Tcp ping, Tcp null, Tcp fin, Tcp Xmas,and
UDP. I also had a total of 13 ports that were open. All this with the setting in SPF set to "normal". Well, I tried the WinXP built in Firewall next  with the same test. This time I WAS stealthed, on the ping, null, fin, xmas, and UDP ports. Also the other 13 ports showed not to be open. Ran a special port scan with SPF and port 5000 showed to be open. Tried it with the XP firewall and port 5000 was closed. So, I uninstalled SPF, downloaded Outpost 1.0 free version which I had been using. Took the PC Flank test and it showed the same as the Win XP test result wise except that port 5000 still showed open.
     I am now using BOTH WinXp built in firewall, and also Outpost 1.0 free version with no conflicts at all between them. Outpost blocks all outgoing requests, WinsXp firewall is blocking port 5000 also so I believe I am getting the best of two programs. So far so good, no conflicts etc. Just thought I would pass this information on if it already hasn't been discussed about these two firewalls that apparently co-exist with each other on my WinXp Home System with SP1. ;D
« Last Edit: September 09, 2004, 01:20:50 AM by neal62 »

inthewildteam

  • Guest
Re:Firewall test and 'referrer' exploit
« Reply #14 on: September 09, 2004, 01:57:09 AM »
neal62
I think there might have been some discusion in these forums about this.
Certainly on other security sites and forums that I frequent, sp2's firewall gives excellent inbound protection, and the extra control over outgoing connections provided by Outpost firewall should give you great peace of mind.  Possibly the best solution for home users (not corporate) at the moment without resorting to a seperate hardware solution for your firewall

Hasten to add I haven't (as yet) applied sp2 as I use a hardware router/firewall and Outpost.

F.Y.I. home and corporate refer to where the pc is, not xp home and xp pro