Hi,

I have some trouble getting my bittorrent client, utorrent, to work with Jetico. Jetico is seems to be stopping a lot of bittorrent packets via the "block all not processed IP packets" rule System IP table. I've been giving it carte-blanche access and putting it into the Application Trusted Zone...

This is what shows up in the log when it happens:

11/1/2005 reject Block All not Processed IP Packets 48 TCP incoming packet xx.xxx.xxx.xx 192.168.1.33 1943 4474 TTL: 115; TOS: 0; ID: E4CD; Don't fragment; TCP flags: SYN ; TCP Seq: 2FDF42A2

they're all size 48 and 60 packets. When I enable UPnP port mapping in utorrent, it becomes a flood of these blocked packets. So, is there a way I can create an "exception" to this rule in jetico to allow these packets to pass through only to utorrent?

Also, when I give utorrent application trusted zone access, another prompt pops up to ask me what I want to do with an application called c:\windows\System.exe (event send datagrams to a remote address, port 137, maybe trying to reach the torrent tracking site?). I've been putting it in the trusted zone as well...

Does anyone have a pre-configured ruleset for bittorrent clients?

Thanks,
Russ

Hi, I found this thread after a forum search, the fix was a reinstall of windows. I'm a little reluctant to do a full reinstall of windows because of this issue, I installed windows on this machine less than a month ago and have only used Look 'n' Stop and Jetico (besides the integrated WinXP firewall).

http://www.wilderssecurity.com/showthread.php?t=101255&highlight=jetico

-{ Quote: "This is what shows up in the log when it happens:

11/1/2005 reject Block All not Processed IP Packets 48 TCP incoming packet xx.xxx.xxx.xx 192.168.1.33 1943 4474 TTL: 115; TOS: 0; ID: E4CD; Don't fragment; TCP flags: SYN ; TCP Seq: 2FDF42A2 " }-
Can you describe your set up/connection a little more: connnection type, router, anything else that may be affecting the use of this app.

-{ Quote: "they're all size 48 and 60 packets. When I enable UPnP port mapping in utorrent, it becomes a flood of these blocked packets. So, is there a way I can create an "exception" to this rule in jetico to allow these packets to pass through only to utorrent? " }-
Can you define the ports to be used instead of using UPnP? This would make configuring the firewall easier.

-{ Quote: "Also, when I give utorrent application trusted zone access, another prompt pops up to ask me what I want to do with an application called c:\windows\System.exe (event send datagrams to a remote address, port 137, maybe trying to reach the torrent tracking site?). I've been putting it in the trusted zone as well..." }-
You should deny NetBios from leaving your system/network.

-{ Quote: "Hi, I found this thread after a forum search, the fix was a reinstall of windows. I'm a little reluctant to do a full reinstall of windows because of this issue, I installed windows on this machine less than a month ago and have only used Look 'n' Stop and Jetico (besides the integrated WinXP firewall)." }-
Have you made sure any previously installed software firewall is completely removed and the Windows firewall is disabled? Reinstalling Windows should only be a last resort.

Regards,

CrazyM

The latest -

after being away from my computer for a couple of days, with my bittorrent client off, I returned and the next time I tried my bittorrent client the problem disappeared (no evidence of the packets getting caught in the log). However, after a day or so of running bittorrent while writing in openoffice writer my computer started experiencing intermittent freezes, culminating today in a complete freeze of my system, which I had to do a hard reset to get out of (actually, my girlfriend had to do the reset, I wasn't around at the time). After the reboot Jetico said that it was corrupted and needed to be reinstalled, as did Netlimiter which I had been using along with Jetico. I've uninstalled jetico but kept my last several logs if anyone is interested in seeing them. Is there a way I can read them without reinstalling Jetico? They're binary files, but I can see a little of what was going on when I open them with notepad. One thing I noticed was: C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\drwtsn32.exe. WMP9 crashed and dr. watson got called. I remember dr. watson getting called once before and jetico blocking access (I forget the name of the rule, I think it was the one to prevent an attacker from inserting code into a running program). I'll post the logs if anyone wants to look at them. I'd really like to figure out what the problem is because I really like Jetico and would prefer to stick with it... meanwhile, I'm removing access to WMP9 on my system as per http://www.microsoft.com/windows/windowsmedia/player/faq.aspx#2_4

My connection is cable, and I'm running behind a Netgear WGM124 pre-n router. My bittorrent client was using a single port (I disabled the use UPnP option in it) and the router was forwarding the port correctly. The next time Netbios popped up to try to escape my network I denied it and created a rule - thanks for that tip. I'm still very much a novice when it comes to firewalls...

Russ

Hi,

Jetico needs extra rules adding in order for torrents to work, it's not particularly difficult just a pain that you need to do it.

You need to monitor the un-processed packets and added in rules to allow them. I will flip back into windows later (I normally use Linux) and see if I've made a note of them.

Thanks - it would be great if you have those rules handy. If you don't, that's ok, I'll try my hand at drawing them up myself (even though I barely can read the log!). I'm going to have to leave off installing jetico again for another day, I'm just too busy right now...

Best,
Russ