No announcement yet.

Firewall penetrated ! Leaktest

  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall penetrated ! Leaktest

    although using ISA 2004 infront of clients want to gain access to internet when I use 'leaktest' to test firewall it penetrates the ISA 2004.
    I wonder the effect of ISA on application filtering acting or not?
    Leaktest access to port 80 .Is it really a good test for firewalls functionality

  • #2
    Re: Firewall penetrated ! Leaktest


    Leaktest is one of the weakest pentrating test tools i know, allthough that shouldn't explain your test resaults.

    what exactly were you trying to check and where did you try to check it from ? was the computer located remotly ? was it in any way related or recently connected to your domain ? what are the rules defind on the ISA ?

    there could be many reasons you got the resault you mentioned earlier, but in most cases, it dependes on Firewall configuration.

    I recommaned the link below for download of penetration tools:

    feel free to contact me for further assistance.
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert


    • #3
      Re: Firewall penetrated ! Leaktest

      'leaktest' is just a sample.Test goal is to find out whether an unknown program running on domain
      workstations with Firewall client (FWC ISA2004) installed on it
      could communicate with it's predefined destination and send specific data to it's destination.
      test porgrams like Y! MSG or other programs which require their ports to be open to access Internet
      is not inculded in this step.
      I wonder although ISA has firewall Filter for application layer,it allowed 'leaktest' to access Internet
      but personal firewalls like 'Mcafee' or 'Norton IS' denied it's access.

      My ISA Internet rule is: allow to-->'http'/'https' protocols---> authenicated users.


      • #4
        Re: Firewall penetrated ! Leaktest

        because you're are an authenticated user at you're internal domain, and you have http access, its quite normal i think..
        in my oppinion, leaktest uses the common ports (port 80, 443 etc) where you already have been authenticated.

        What do you want to scan? what are you trying to do?
        from internal to external, or from external to internal?
        Technical Consultant

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"


        • #5
          Re: Firewall penetrated ! Leaktest

          Test is from Internal to external.I have allowed Internal to external Access to only http.I think the best way to deny 'leaktest' access is to only allow 'Internet Explorer' access to internet and not other programs.But I don't know it's effective or not?