Thursday, April 10, 2008

What is the Shields Up Test?

Many firewall users put a good deal of emphasis on the Shields UP test over at grc.com. The purpose of this test is to check your firewall remotely to see what's open, or visible. Many modern firewalls, including Online Armor pass these tests - if the test is performed properly.

The problem is that nowadays many computers are behind modems, routers or even hardware firewalls making it very difficult, or impossible to test.

How does the test work?

Putting it simply, when you run the test the shields-up server will start to fire data at your computer. So, the data comes out of the ShieldsUP server, whizzes it's way over the internet, undersea cables, fiber, you name it. It gets to your ISP... whizzes through their systems, and out another pipe towards your home. Once it gets to your home, it squirts through your modem or router and into your PC. Once it's on your PC, it's up to the firewall to deal with it. If it sends back ANY response at all - it's a fail.

So why does my software firewall fail?

Before we start talking about software firewalls failing, how do you know the data is even reaching your software firewall? Remember above where we talked about the pathway that the packets take? There's the problem. If you have a router, or a modem - or your ISP does anything tricky - or, if you are plugged into someone's wirless network in a hotel, the packets may not actually reach your computer.

The animation below shows the ShieldsUP test in action. The first one shows a normal test, working the way the SheildsUP guys intended, reacting against a computer connected to the internet, but in all it's stealthy glory.




The second animation shows a firewall that sends something back. That's a straight fail in ShieldsUp talk.... bad firewall, go to the back of the class.






The LAST animation is the interesting one. Here, the data squirts to your PC, hits your modem which cries "I'm alive! I'm here" - this causes ShieldsUp to fail - but the data actually got nowhere near your computer at all. It's also more interesting if you have more than one computer behind your firewall/router - because you wont necessarily know which one, if any, answered it.




So - what to do in this case? You could always turn off your computer - if you still get a failure then it must be the modem. Unfortunately - if you turn off your computer, you can't request the test :(

If GRC changed the test so you could request the test, turn off your computer - then come back and collect the results 5 minutes later, then that would work for those on a fixed IP - or, if you're a tenacious sort then you can probably figure out how to configure your modem differently to not respond to those pings.

Online Armor does (when properly tested) pass these tests as do many other firewalls - but the test cannot be passed (or failed) by your firewall if the data does not reach your software firewall. Now the only remaining question is whether there is any benefit to the ShieldsUP test, other than as a quick "do I have any open ports".

1 comment:

rich said...

A very enlightening article. I thought that the ShieldsUp test was foolproof - I used to pass the TruStealth test all the time. But after our internet router got reconfigured, I kept getting "closed" ports and failed the test. I tried different firewalls (Comodo and yours) and kept getting the same result, and I was stumped. I had a hunch it had something to do with the connection, but after this article I now know for sure. I wish the people at GRC put (an easy-to-undestand) disclaimer at the front, that can be easily seen. Overall thanks for this information!

Add to Technorati Favorites

Add to Technorati Favorites