Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GRC Leaktest Finds A Hole in pfSense - how to fix

    Off-Topic & Non-Support Discussion
    5
    8
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gigaboy
      last edited by

      Hi,
      Have pfSense lastest version install.  New installation.  No holes with uPnp (good!).  But I ran Gibson Research Corps "Leaktest" and immediately found a hole.

      https://www.grc.com/lt/leaktest.htm and

      https://www.grc.com/lt/howtouse.htm

      Wondering if anyone else has experience this problem, and is there a setting inside pfSense to plug it?

      Thanks in advance,
      Mark

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        There is no problem except for the Gibson idiot who's been spreading misinformation and FUD for ~15 years.

        https://web.archive.org/web/20060118024806/http://grcsucks.com/

        1 Reply Last reply Reply Quote 0
        • G
          gigaboy
          last edited by

          OK, it looked like the information was pretty old on the GRC site.  Maybe a problem in the past?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            You cannot test packet filters on a router with any similar "LeakTest". That thing was designed to detect "leaks" in application-level firewalls on local computer. Run foo.exe. Allow traffic outbound from foo.exe in firewall. Rename foo.exe to bar.exe. Run bar.exe. Is traffic still allowed? Oh noes, you have a giant leak and the world will collapse into blackhole soon. Now, wrap this into tons of FUD and marketing BS and pretend to be a security guru.

            That test has NO RELEVANCE WHATSOEVER when it comes to pfSense.

            1 Reply Last reply Reply Quote 0
            • C
              chrcoluk
              last edited by

              some of his tools are useful, such as testing dns randomisation and a convenient way of doing a remote portscan.  However I agree some of his information is just outdated.  e.g. displaying a big warning if your ip is pingable, oh no people can ping me its the end of the world.

              pfSense CE 2.7.2

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @chrcoluk:

                displaying a big warning if your ip is pingable, oh no people can ping me its the end of the world.

                Even worse when you have a PTR for the IP. T3h noes, NSA knocking on your door.

                1 Reply Last reply Reply Quote 0
                • N
                  NOYB
                  last edited by

                  I think an important point to keep in mind with GRS tools is to separate what the tool does vs. the marketing hype.  I think the tools are decent at what they do.  But take the marketing hype about what the results mean and their significance with a big grain of salt.  Understanding the results in context of ones own environment needs is paramount.

                  1 Reply Last reply Reply Quote 0
                  • G
                    grandrivers
                    last edited by

                    well steve said on security now his firewall is pfsense so I assume its free of major problems at least in defualt config

                    pfsense 2.4 super micro A1SRM-2558F
                    C2558 8gig ECC  60gig SSD
                    tripple Wan dual pppoe

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post