App Review Bypass Firewall kaspersky 2017

[askmark]

update video

loopback test(bypass kaspersky firewall)

Clearly the KIS Firewall is flawed and this is a genuine bypass.

 

[uncle bill]

update video

loopback test(bypass kaspersky firewall)

Really nice.. but I think there's still a mistake: you had left the blocking rule as the latest rule. Firewalls applies rules in a top/bottom manner (and i think kaspersky firewall does it too) so you should move the rule to the top rows (behind dns rules should be fine) to make sure rule got applied before a rule which allows every kind of data traffic. Also please check that freegate works by using 127.0.0.1 otherwise there's no meaning to block that ip.

 

[SHvFl]

Really nice.. but I think there's still a mistake: you had left the blocking rule as the latest rule. Firewalls applies rules in a top/bottom manner (and i think kaspersky firewall does it too) so you should move the rule to the top rows (behind dns rules should be fine) to make sure rule got applied before a rule which allows every kind of data traffic. Also please check that freegate works by using 127.0.0.1 otherwise there's no meaning to block that ip.

He did that on the second part of the video(3min).

 

[uncle bill]

ok.. i should have looked till the end

 

[SHvFl]

Thanks for post aliali, but I am going to point out some things that is flaw in your videos. Personally, if someone is within your domain like your household I could easy just block their ip or by mac address filter using my pfsense router or any router. The problem people have is like corporation or mostly school system since freegate and Psiphon use ports that is require for other services in your network, which you can't just block them. You will require pattern recognition\deep packet inspection if you want your really block Psiphon/freegate which require hardware firewall equipment like sonicwall\watchguard etc...So I don't expect a measly firewall application to do that.

That is not a flaw in his testing. That is a flaw in Kaspersky not explaining the limitation/feature or whatever you want to call it.

 

[askmark]

You will require pattern recognition\deep packet inspection if you want your really block Psiphon/freegate which require hardware firewall equipment like sonicwall\watchguard etc...So I don't expect a measly firewall application to do that.

If thats true then how come these product that @aliali tested managed it?

update video

video 3 low restriced freegate

norton-eset-emsisoft and comodo no problem

kis===>> bypass

 

[aliali]

If thats true then how come these product that @aliali tested managed it?

comodo internet security(pass)

video

 

[Ana_Filiz]

aliali,
I don`t want to say nothing bad about Kaspersky because I`m afraid that most of the IS have an issue regarding the firewall.
I just wanted to ask you if you can test more security suites or firewalls in order to make an opinion on this matter?
I was observing in the past the matousec testing competition and Kaspersky was always good in providing firewall protection.
Results and comments - www.matousec.com
This is the theoretical part, in practice their firewall is not very good, in fact this was the issue that made me uninstall it and change it with Eset. One day it blocked my internet connection and I felt it was not so good in protecting me even before this incident.
I cannot say the same about their KAV, this is one of the best, without doubt.
I will be interested to see a firewall testing like the boys do with Malware Hub here.

Thank you.

 

[askmark]

I just wanted to ask you if you can test more security suites or firewalls in order to make an opinion on this matter

Have you seen the Comodo video above your post? I'm sure @aliali will produce others in time.

 

[Ana_Filiz]

Have you seen the Comodo video above your post? I'm sure @aliali will produce others in time.

I don`t like Comodo but the video was very good.

 

[hjlbx]

@uncle bill -- it's bad ju-ju -- don't ya think ?

K must not include the interface so as to prevent users from breaking things. It's rather unlikely.

comodo internet security(pass)

video

As you already know, COMODO IS\FW have Loopback filtering...

 

[askmark]

@uncle billK must not include the interface so as to prevent users from breaking things. It's rather unlikely

@hjlbx I'm curious to know what could users break if given control of the loopback interface as it doesn't appear to be a problem with other vendors firewalls?

 

[hjlbx]

This technical debate is ridiculous. I will craft my malware to use a hidden (GUI-less) FreeGate. Then when infected by it, people will scream "foul -- no fair..."

Whatever you call it, it is still a bypass - made possible either by intent\design of the firewall filtering rules or just plain oversight.

 

[hjlbx]

@hjlbx I'm curious to know what could users break if given control of the loopback interface as it doesn't appear to be a problem with other vendors firewalls?

You can't use FreeGate. No big loss... LOL.

If you completely block the Loopback, then you will break inter-process communication on the local machine - when one process on the system tries to communicate with another process on the system. There is some valid, safe Loopback communications - but undetected\not filtering connections to the network for IP\TCP ain't one of them.

 

[aliali]

avast internet security(pass)

video:

 

[uncle bill]

You can't use FreeGate. No big loss... LOL.

If you completely block the Loopback, then you will break inter-process communication on the local machine...

for those processes making use of tcp/ip and loopback interface.. but as far as i know there are plenty of others method to do ipc like:
- shared named memory;
- mailsolts;
- pipes;
- files..

 

[aliali]

fixed soon

 

[askmark]

fixed soon


View attachment 118855

Any bets on what soon means... 2017, 2018, 2019?

Seems very vague to me but at least they acknowledge they have a problem.

 

[Thunderbold]

You are brilliant..

 

[aliali]