A New-Simple Outbound Protection Test [CLOSED]

Hi Guys,

Here is another BASIC outbound protection filtering test for testing firewalling functionality. It tests data transfer over ICMP and a firewall’s reaction to it. Any average firewall should pass these basic ones though there are still many which cant.


[attachment deleted by admin]

Downloaded and ran it. CFP 3 passed it, but my hardware firewall failed it, so now we got another reason to use CFP ;D


this is a basic test that any decent firewall should be able pass.


Just want to add one thing. Disabling all ICMP-traffic with IPSec will make you pass the test.
With CFP you get Error: icmpEcho Status=11010, but with IPSec, you get Error: icmpEcho Status=11003.
What’s the difference between 11010 and 11003?

Considering I have Defense+, The “Firewall” alert did pop up, and I passed all tests.


Considering I allowed a lot of outgoing ICMP connection rules (for uTorrent), I still passed :-TU

same good results here: first alert from Def+, I allow it, and then an alert from the firewall itself. Also in my case when I disable CFP, the router firewall doesn’t pass the test.

By the way it’s not the first time I notice that: when I allow or block something from Def+ or the firewall without checking the remember box, things are being remembered for the Windows Session. Like for that test, I didn’t check remember and the ICMP traffic from it keeps being blocked with no alert, starting with the second test.

Actually, I found it wasn’t for the logon session. I restarted the app and CFP alerted again.

hey, if I can pass this test with v3 installed in Basic (ie, no D+) by blocking the executable trying to connect to the internet, how is there no outbound protection? :wink:


same here, as i said in my post above, I allowed the process with Def+, and still got an alert from the firewall. Good news for those guys down there at Scott’s newsletter! :Beer

(also wanted to let you know I posted something there tonight: http://blog.scotsnewsletter.com/2008/01/22/comodos-ceo-attacks-scots-newsletter-product-decision/#comment-306 )


That “so called recommended firewall” was failing this basic test in its most advanced mode. You can test yourself if they havent fixed yet. And people still compare it with CFP 3…


The reason many firewall have poor outbound protection for ICMP is that is rarely used to leak data.
Comodo should make a leaktest that sends data (a short string written by the user) using pings (e.g. using 16 different sizes of ping, each one representing 4 bits) to a comodo server with software able to decode the pings and show the strings in a website.

Here is a trojan that LEAKS data(personal information) over ICMP:

Never mind leaking data, there are various DDoS Attacks Tools that use ICMP protocol. It is not just leaking the data. A User’s computer can be a zomby and his firewall may not be detecting this at all… Another example: http://ca.com/us/securityadvisor/pest/pest.aspx?id=2776

I dont think most firewalls would fail this test. At least the decent ones… It is as basic as grc.com leaktest…



For some strange reason CFP does not pass the ICMP2-test!!! (:AGY)

“Your firewall has FAILED the test”

ICMP1-test passed…

I’m confused!


Harry, did you answer No to the firewall alert?

Also, this is the incorrect thread to be posting about leak testing, so I’ll be moving your and my post to the appropriate one. [Done]

Are you supposted to get a firewall alert?
I’ve never got any :frowning:
(Alerts for ICMP enabled)

I got an alert for the first test, which I declined… and therefor past the test.

there was no firewall alert for the second one and failed the test…

run with fresh installation of CPF in standard configuration.

Harry :THNK

Strange. I got 2 alerts:

  1. Defense+, which I had to allow to be fair
  2. Firewall alert, which is the real show that I had to deny

Using Clean PC mode (D+) and Custom mode (firewall)

If this bun can pass it, anyone can.

I have Defense+ in Paranoid Mode and Firewall in Custom Policy. I don’t get any alert probably because I’ve blocked all ICMP traffic In/Out :wink:

Lol true :smiley:

I am using Clean PC mode (D+) and custom mode (firewall) but do not get an alert for the second test… wondering what settings are required.

Harry (:SAD)