用億聯光纖連線, 用m0n0wall 做ip分享+防火牆

測試一 All blocked
測試二 All stealthed

後來發現，用防火牆來單純的管理網路的輸出輸入大都可以擋掉該擋的...
不過現在的惡意軟體沒那麼簡單，會用其他的方式來突破，
例如從thread以及memory的區塊下手，先複製Firewall認可的合法程式thread一份，
在thread配置記憶體後還沒載入程式前，直接對配置的記憶體區塊修改成惡意的程式碼，
如此委裝成防火牆認可的程式，然後對外連線...，這樣一來，就破功了！
因為防火牆還是依照他"死的"rule來過濾...

參考資料如下：
http://www.firewallleaktester.com/leaktest7.htm
詳見：Leaktest Description，內有解釋六種測試的原理...

我測Sys gate
有裝BlockICE
除了ICMP以外其餘都是closed

呃...是BLOCKED...
打錯

結果是......................?
Sygate Online service:
Service Ports Status Additional Information
FTP DATA 20 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
FTP 21 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SSH 22 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
TELNET 23 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SMTP 25 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
DNS 53 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
DCC 59 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
FINGER 79 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
WEB 80 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
POP3 110 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
IDENT 113 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Location Service 135 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
NetBIOS 139 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
HTTPS 443 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Server Message Block 445 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SOCKS PROXY 1080 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
UPnP 5000 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
WEB PROXY 8080 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.

Results from scan of commonly used trojans at TCP/IP address: XXXXXXXXX

Service Ports Status Possible Trojans
Trojan 1243 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Trojan 1999 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Trojan 6776 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Trojan 7789 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Trojan 12345 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Trojan 31337 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Trojan 54320 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Trojan 54321 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.

Results from scan of ICMP at TCP/IP address: XXXXXXXXXXX


Protocol Type Status Additional Information
ICMP 8 BLOCKED An ICMP ping request is usually used to test Internet access. However, an attacker can use it to determine if your computer is available and what OS you are running. This gives him valuable information when he is determining what type of attack to use against you.

You have blocked all of our probes! We still recommend running this test both with
and without Sygate Personal Firewall enabled... so turn it off and try the test again.




.........................................................................................................



The results of Stealth Test


We have sent following packets to TCP:1 port of your machine:
• TCP ping packet
• TCP NULL packet
• TCP FIN packet
• TCP XMAS packet
• UDP packet
Here is the description of possible results on each sent packet:
"Stealthed" - Means that your system (firewall) has successfuly passed the test by not responding to the packet we have sent to it.
"Non-stealthed" - Means that your system (firewall) responded to the packet we have sent to it. What is more important, is that it also means that your computer is visible to others on the Internet that can be potentially dangerous.
Packet' type
Status
TCP "ping" stealthed
TCP NULL stealthed
TCP FIN stealthed
TCP XMAS stealthed
UDP stealthed




Recommendation:

Your computer is invisible to the others on the Internet!

Test1:all blocked
Test2:all stealthed

XP Pro Firewall + KAV Pro 5.0.391 + Vigor 2104(DMZ)

我灌了outpost3.51最新版+kav5.0.522
網路環境是中華的光纖(FTTB)再用分享器接進來的
測試結果第一個幾乎全部都closed，不同的只有：
WEB 80 OPEN
Location Service 135 BLOCKED
NetBIOS 139 BLOCKED
Server Message Block 445 BLOCKED
ICMP 8 OPEN

第二個則是全部non-stealthed

開了xp sp2內建防火牆也是一樣情形，有人知道為什麼會這樣嗎？
我的xp更新也都是最新的

Test1:all blocked
Test2:all stealthed

XP 內建無用firewall + nod32 2.51.26

我是安裝Outpost firewell pro 3.51
但是有一個ICMP 8 是OPEN的
請問使用同軟體的各位 該如何設定？