Guarddog 2.0 Testing "If you are not paranoid then you don't realise the situation."

Simonzone Software Menu Guarddog - Firewall utility Guidedog - Network utility Watchdog - Real time monitor

The usual Open Source approach to testing involves releasing "beta" or "Release Candidate" versions of a piece of software and then allowing people to try it out and report any problems they encounter. Unfortuately this means that any features that are not used by the users are assumed to be in a state acceptable for release. This is may be acceptable for most software, but for security software it is not. We must assume the worst until proven otherwise. This means assuming that Guarddog's protocol support is insecure until proven secure.

Unfortunately I don't have access to all of the different software or the time to test every protocol myself. But you can help by following the instructions on this page and sending me your results. By putting together information from user reports I hope to determine which protocols people are successfully using and which ones need fixing. I'll also tabulate results and update the protocol testing table (the "scoreboard") that appears lower on this page.

By helping test Guarddog your are helping create a safer and more secure internet, not just for Guarddog users but also for all internet users. Thanks in advance. - SBE

Overview

The best way to test a protocol in Guarddog is to turn the one you are interested in on, turn the "Domain Name System" (DNS) protocol on too, and then all the rest off, and then see if you can still use that protocol on your network. For example, if you want to test HTTP (used on the WWW) you would turn of all the other protocols, and then turn on HTTP and DNS. Apply those changes and then go to your browser and see if you can still browse web sites. Then email the results in to me.

Detailed steps are below.

Clear your firewall

If you are already using Guarddog right now for your firewall and you don't want to lose your current configuration, then go to the Advanced tab and click "Export". Now save your configuration somewhere in your home directory. Now you can click on "Restore to factory defaults...".

Turn on the target protocol

Go to the Protocal tab and enable the protocol you want to test. It's probably a good idea to enable the DNS protocol too. Now "Apply" your changes.

Take it for a test drive

Try out your selected protocal and see if it still works. For example, if you are testing HTTP try using your web browser to access a few sites.

What to do when it doesn't work

Hopefully you can still use the selected protocol with your computer just the way before you installed Guarddog. But testing wouldn't be testing unless we suspected that there was a chance that things would fail. If you think that Guarddog might be at fault then go to the "Advanced" tab and click on "Disable firewall", "Apply" the changes and then see if your protocol now works. If it doesn't, then chances are that Guarddog is not to blame. :-) Otherwise, enable the Guarddog firewall again and "Apply" it and test again to be sure. If it is still not working try:

• Check your installation. Make sure that Guarddog properly installed.
• Check your Guarddog configuration. Make sure that correct protocol is selected.
• When you "Apply" the firewall, do any error messages appear?
• Try the protocol again.

If it is still not working then you can consult the system's error logs to find out is happening.

Watching the error log

The error logs on your computer will (should!) record when packets on your network are blocked by Guarddog.

• Open a console/shell.
• Type "su" and press return, then enter the root password to change to the root user.
• The location of error logs and where exactly blocked packets are logged can differ between machines and distributions. But typically they are kept in the /var/log/ directory. Type "cd /var/log" and return to go there.
• On Mandrake and probably Redhat too, packet logs go to the messages file.
• Type "tail -f messages" and press return to view the most recent entries in the log file and watch as new entries are added. (Type Control+C to stop)

Blocked packets recorded in your error log typically look like this:

Jan 13 14:48:47 localhost kernel: DROPPED IN= OUT=ppp0 SRC=195.241.227.220 DST=204.198.135.20 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=TCP SPT=1313 DPT=80 SEQ=2188445252 ACK=694258979 WINDOW=63712 RES=0x00 ACK PSH FIN URGP=0 OPT (0101080A0004FADD0C3D9687)

You should also see entries in your system log when the Guarddog firewall is updated (i.e. clicking "Apply" on the GUI) or a network interface becomes available (i.e. you connect to your ISP). The messages will look something like this:

Jan 13 14:48:51 localhost guarddog: Configuring iptables firewall now.
Jan 13 14:48:52 localhost guarddog: Finished configuring firewall

Now, make sure that you are running the tail command to watch the logs. Try using the protocol again. If packet logs start appearing in the error log then chances are that it is being generated by Guarddog blocking packets. Time to send in your discovery.

Just a note. if you are testing on a private network (which is recommended) it is best to try to stop all traffic on the network so as to avoid unwanted 'noise' from appearing in the logs.

Send in your Results

When you having finished testing, email in what you have discovered along with the following information:

• Linux distribution name and version you are using, and also say if you are using a different kernel than the default one for the distribution.
• How you installed Guarddog. From a package like RPM or by using the source tar ball.
• Which protocols you tried and whether they worked or not. (Plus any other useful information like, for example if it worked using linux client programs but didn't using Windows client programs.)
• Are you using iptables (recent series 2.4 kernels) or ipchains?
• If there are packet log entries in your log file, then cut and paste them into the email too. (Don't send me your whole error log!).

A Tip for Advanced Users

If you are familiar with network protocols and suspect that a protocol is not working properly you can turn on the "Advanced Protocol Help" checkbox on the Advanced tab. Now go back to the Protocol tab and click on the protocol you want more info about. The infomation is shown on the right side of the window, along with a description of what network connections Guarddog thinks the protocol needs to operate.

Below is the "testing scoreboard" showing what is known about each protocol and it's support in the current Guarddog development version. There are many gaps in the table right now, but these will be filled in as I update it with my own testing and what I hear from you people, the users.

Legend
1	= Well tested and in common use.
2	= Tested.
3	= Smoke tested. (Appears to work ok).
4	= No complaints. (Has been available for a while, but nothing reported)
	= Unknown.