Jetico 2 and Live Messanger 8

Does anybody has a working ruleset for Jetico regarding Life Messanger including Cam and Voice connection? Can't find anything in the WWW.

 

Hi Tommy,
I cannot help you with a dedicated ruleset. I normally set some basic rules for an application I do not know a ruleset for, and create rules from the log.
Basically: I set up a table:- (test)
Allow outbound connections local ports 1024-65535 remote ports 1024-65535
Block outbound connections with logging
Allow outbound datagrams local port 1024-65535 remote ports 1024-65535
Block outbound datagrams with logging

I check (while the application is running) the "Applications" Tab, to see what ports the app as bound to for "Listen" and "Listen datagrams" and set rules to allow the inbound on these, and place a rule after each to block with logging.

It does take a little time to set up completely/correctly, but is better than allowing all.

 

Stem, i laso started weeks ago with the same ruleset you metioned. I am testing now for arround 2 weeks Jetico with Live-MSN.
Problem is that it is hard to identify which port, type of traffic, etc. is used for what purpose or from which function (voice, cam, etc.). MSN seams to have noo specified port range for the different functions, they seam to be total random. There are also a lot of incoming TCP/UDP connections on very random ports.
With MSN 7 is was easy. Going to hate the Live-MSN, but i need this f......g program sometimes.

 

Well, Tommy, you're right.
The port ranges are much wider than in 7.x

http://support.microsoft.com/kb/927847

 

Thanks for the link, i will add thos into a ruleset.

 

These are my rules for Live Messneger. Chat and File Transfer are working for me, I am pretty sure that Voice worked but I can't recall correctly because I haven't used it recently. I have never tested WebCam.

 

Are the mentioned ports remote or local ports?

 

I think that the ports are remote.

 

Hi pcaca,

I do think all connections are outbound (so TCP ports are remote), but as with other messengers, I think the UDP is both ways

 

Hi Stem,

You are probably right for UDP, as you can see from my rules posted above I have inbound and outbound allow rules for UDP on remote port 7001.

 

Hi pcaca,
You say File transfer is working correctly with the ruleset you posted. It is just that looking at the port requirements (link from adam777), it looks like it uses similar to FTP(passive) for file transfers.

It isnt software I use, so I am just trying to collect info.

 

I am testing and testing. The most complivated is the WebCam and Audi feature. Amasing range of ports as well on UDP and TCP both directions.

 

Yes it worked corectly. I am on Vista now and I haven't installed Jetico yet, buy I will install it on Vista now to confirm that it works.

 

Those are my finding on a Windows XP 2 System so far.

http://img74.imageshack.us/img74/6431/20070216125127yu1.th.png

But still popups are coming up. Mostly regarding WebCam.

 

Tommy,
Inbound connect on port 80 This could open up allsorts of problems. What are they doing.

 

I know, but i am collecting in the moment everything what is asked by popup, later i will filter the dangerous stuffout and join the rules It's dificult to find out what they are doing during a chat session.

 

I have re-checked the File Transfer and I can confirm that it works for me with the above ruleset. I can send and recieve files. I haven't tested Sharing Folders.

I can see some packets blocked in the log: incoming UDP from remote port 1227 and outbound TCP to remote port 7001, but I haven't noticed any problems during chat and file transfer.

 

Hi pcaca,

Thanks for the info.

Have you got the audio/webcam~video active (in use)?

 

I added two marked rules to my Live Messenger ruleset and now I can establish audio conversation, although there are lot of blocked packets on random ports in the logs. I don't know what people at MS had in mind when they set up such complicated ports range in their messenger What is the purpose of other ports if I can make Audio conversation only with these rules.

P.S. I don't have webcam to test video cals.

 

Yes the Audio and Video ports are a total mess. I created a test rulset regarding Microsoft direct information, which looks this way:

http://img201.imageshack.us/img201/5681/20070216175748bq3.th.png

 

It seems that MS table has many unecessary ports there. because I can establish audio connection with my simple rule above, without that inbound 30000-65535 rule for audio.

 

Yes but it seams in connection with a Webcam your ports aren't sufficent enough, at least in my case.
Lets see how much we can reduce the ports, what a mess

 

Too bad I don't have webcam to test it. You can try to reduce Audio and File Transfer ports since it works with my rules.

EDIT: First you need to reduce doubled ports. You have HTTP, HTTPS and 1863 several times in your rules.

EDIT2: Tommy, your ruleset can be reduced, you have many repeating ports and overlaping ranges. Here is how it would look if we simplify it. I think it's too open ruleset.