Firewall test and 'referrer' exploit

Does your firewall pass the ‘referrer’ test? (more information bellow)
Which firewall pass this test and how to configure it? Please, comment.

Test here (for instance): http://www.pcflank.com/test.htm

What is a referrer?

When you browse a web site, it can collect various data about you, such as the Internet address of your computer, your region, Operating System, browser type, browser version, etc. Your web browser automatically sends this information each time it locates a new web site. One of these data is the referrer, which is the location of the last site you visited. Sites keep track of this data, mostly in a general way for statistical data and marketing research. There is a growing concern that online privacy is being infringed. To safeguard your privacy we recommend getting competent firewall software to block your browser sending information about you and your computer.

Here you go Technical, from your posted link.

IP Address test

The test could not determine your IP address.

The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

This means the test cannot check your system as the results of the testing would be incorrect.

Edit,
XP Pro, Firefox browser used to access the site. Haven’t applied sp2 yet. Outpost free firewall and Belkin wireless router.

Will be the only solution?
I mean, try to surf anonymously using a proxy server?
I think the connection speed will drop significantly :cry:

Just tried again using

******** 4 | 80.3.64.7 | cache4-****.server.ntli.net

Same result.

Do you mean a site like anonymizer?

What do you mean?
What is that IP address or server name?

I’m not sure what you are asking?

The site you linked to cannot identify my ip address, either with my normal connection or with a specified proxy.

I tried Anonymizer and it got an ip address and invited me to continue the test. It was however the wrong address

IP Address test

The test has determined your IP address to be:
..***.138

Please verify that this is your true IP address.

If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

If this is your true IP address click on “Continue” to check for vulnerabilities at this IP address.

Note: if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.

Technical,

having re-read the thread I think it safe to assume that my firewall does indeed pass the test you linked to.

I’ve pm’d you with some information and would be glad to offer more if you need that. I’m not happy about publishing my ip address in an open forum as you can see from the published results of the tests, I take my security quite seriously.

Interestingly, I tried this with just Win’s own firewall (SP2 version). It passed the first 2 tests, but generated a warning about Browser Privacy.

And that’s probably typical of what I’d guess is the majority of users, the ones who don’t use proxies or other re-routers.

You’re a braver man than me just using sp2’s firewall!!! I’ll stick with the non standard browser, software and hardware firewall, MikeBCda.

Just for further tests (particularly Internet Explorer users) this link might be usefull.

http://www.dslreports.com/scan

Referrer is nothing else as browsers URL buffer. Browser opens certain URL and then stores it into this “buffer”. Any page that you visit after this one can check the referrer and see where you came from.
This method is also used for anti-leech systems that prevent hot-linking.

If browser is any good it can enable or disable referrer support.
Opera and Mozilla have such feature,so you really don’t need a firewall to block it…

Thanks RejZor.
I’m trying to get some help in Maxthon Forum too :wink:
(http://forum.maxthon.com/forum/index.php?showtopic=4971)

Something very interesting happened here after taking the PC flank test with SPF on my machine. Stated that I was not stealthed on Tcp ping, Tcp null, Tcp fin, Tcp Xmas,and
UDP. I also had a total of 13 ports that were open. All this with the setting in SPF set to “normal”. Well, I tried the WinXP built in Firewall next with the same test. This time I WAS stealthed, on the ping, null, fin, xmas, and UDP ports. Also the other 13 ports showed not to be open. Ran a special port scan with SPF and port 5000 showed to be open. Tried it with the XP firewall and port 5000 was closed. So, I uninstalled SPF, downloaded Outpost 1.0 free version which I had been using. Took the PC Flank test and it showed the same as the Win XP test result wise except that port 5000 still showed open.
I am now using BOTH WinXp built in firewall, and also Outpost 1.0 free version with no conflicts at all between them. Outpost blocks all outgoing requests, WinsXp firewall is blocking port 5000 also so I believe I am getting the best of two programs. So far so good, no conflicts etc. Just thought I would pass this information on if it already hasn’t been discussed about these two firewalls that apparently co-exist with each other on my WinXp Home System with SP1. ;D

neal62
I think there might have been some discusion in these forums about this.
Certainly on other security sites and forums that I frequent, sp2’s firewall gives excellent inbound protection, and the extra control over outgoing connections provided by Outpost firewall should give you great peace of mind. Possibly the best solution for home users (not corporate) at the moment without resorting to a seperate hardware solution for your firewall

Hasten to add I haven’t (as yet) applied sp2 as I use a hardware router/firewall and Outpost.

F.Y.I. home and corporate refer to where the pc is, not xp home and xp pro

Well, new Windows firewall was designed to not conflict with 3rd party firewalls. It’s not a surprise but, of course, it’s wellcoming 8)

On the Maxthon forum (link above) a lot of users say that in other browsers they can achieve the referrer protection without any problem. Maxthon (ex-MyIE2) does not have this feature yet.

It seems it’s not a ‘firewall’ issue but a ‘browser’ one :-[

With the pcflank test, it could not get my correct IP.

With the dslreports, I got the following:

Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information.
TCP ALL : FILTERED No response packet was received.
UDP ALL : FILTERED No response packet was received.

This is basically what I get when I visit Gibson Research … all ports Stealthed! :smiley:

I first ran the test with my Zone Alarm on medium firewall settings, and came up with several ports open. When I ran it again with settings on high, I came out of the test with a clean bill of health. Except for the referrer exploit. I went into Opera (preferences-security) and disabled support for referrers there. Am I correct in assuming that there is no way to disable the referrer support in IE?

I couldn’t find it into IE or Maxthon…
Anybody coulld help us on it?
On Maxthon forum, I read that Maxthon does not provide this security feature but I don’t know about IE, probably not either :cry:

Perhaps it can be done by a registry tweak. IE itself doens’t have a option to enable/disable it.

HERE is some information about how IE handles referers