Firewall penetrated

Posted on 2006-06-05
Last Modified: 2013-11-16
I am ignorant in security services. I have a watchguard firebox x500 we just bought.  I have tested all my ports and everything looks closed or in stealth.  I ran GRC's leakage tester and it is telling me that "leak test was not prevented from connecting to the Gibson research web server. You either have no firewall, you have deliberately allowed leak test to connect outbound or leak test has just slipped past your firewall's outbound protection. "  by default all outgoing connections are allowed and enabled on the watchguard http service.  Should I be concerned about this?  what is the appropriate action I should take?
Question by:jettset
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Have a quick search on Google for a free port scan.    this is one I use although you need Java client installed.

    This will tell you the ports you have open.

    Post the results and we will see if we can help further.
    LVL 12

    Assisted Solution

    Quite simple. I dont know whether Steve did it for some great cause or not but I can say this shows the fundamental flaws in many Firewall Systems. Having said that I have to accept this is a part of Human Behaviour also.
    Common Analogy:
    Firewall is there to protect from intrusion. We have a safe system and we need to firewall to protect it from the bad guys from internet or outerspace ;). But this firewall doesnt care ( normal circumstances) when there is a outgoing connection initiated from the safe system to external world.
    This is true with most personal firewalls.

    But in your case as you've mentioned that all out going connections are open on HTTP that gives the answer. When you downloaded the program and click on test, then it initiates a connection to outerworld. When this connection reaches the firewall the rulebase/security policy allows it. So the connection reaches the destination Steve website.
    Result: "LEAK TEST FAILED". :)

    If I am in your shoes I will do a nessus scan from outer world first (With Nessus 3.0 its much more easier). Close the loopholes; Then look in to the requirement of opening all the outgoing connections. Do a detailed study on the requirements and close the policy accordingly.

    Author Comment

    As I stated all my ports are closed,  I used the shields up program.  I then used GRC's leak tester  (  This test is used with an internet connection.  It does state a "personal" firewall tester.  I am not sure that this test is something I should be concerned about.  
    LVL 11

    Expert Comment

    Watchguard by default does not apply access controls to outbound connections and this is why the "leakguard" connection was allowed.

    Author Comment

    Should I apply outbound restrictions?  If so, I am not exactly sure how this can be done and not impede the domain users ability for web access.  
    LVL 51

    Accepted Solution

    This was the point of our earlier posts. You 'need' to allow outgoing traffic in the same way as you deliberately open incoming ports for email etc. It is not a concern unless you 'wanted' to block the outgoing ports.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Thank you Jettset :)

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Sbs2011 has been hacked. Foreign users in AD 7 103
    Opening Port 80 10 56
    IP Phones with SonicWall 6 65
    increase internet speed 3 38
    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now