Jetico fw. Access to network requests - from apps that should never need a connection

Re: Jetico fw. Access to network requests - from apps that should never need a connec

Where?



Are you thinking of "Protocol"?

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

Yes you are correct I was thinking of "local sockets" under Protocol.


Event: either "any" or "access to network" was selected
Protocol: "local sockets" was selected for certain windows process dependencies needed for Firefox to function


Access to network I assumed allowed access to 127.0.0.1
Protocol set to "local sockets" restricted traffic to local ports?

I didn't independently test with any tools to see what packets were passing, so I'm not sure if only web traffic is actually what the firewall was allowing through with that configuration.

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

The events~"Any" / "Access to network" will allow that application access to all windows sockets.

Only if this address is within the trusted zone

I am not completely sure why this is added as "Protocol", selecting this for "IE" makes it crash. I have not made any tests on this, so unsure at this time.

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

http://gambasdoc.org/help/doc/network

http://www.melikyan.com/ptypes/doc/streams.namedpipe.html
Would seem to confirm my thoughts in principle.

Again, I haven't actually verified that JPFv1 acts by passing traffic in this way.

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

It would crash if you set IE as local sockets, because IE needs TCP/IP to send outbound traffic.

From my understanding "Local Sockets" would be used on one of the OS system process dependencies like "explorer.exe", potentially "svchost.exe" "lsass.exe" "csrss.exe" processes that only talk to other system processes or applications. or for an application like DU meter, that only needs to read loopback.

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

It was allowed to connect out, it was during a browse that it crashed.

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

Well, honestly I'm not sure what Jetico developer's definition of "local sockets" is under protocol. I hoped you might have a better understanding of this, since you shed a lot of light in the 30 page thread. If Jetico's definition of "local sockets" reads similar to any implementations like those expressed in the links above, it would appear that "local sockets" is intended to restrict traffic to communication between processes on a host machine.


Edit: IBM link

http://publib.boulder.ibm.com/infoc...ibm.ztpf-ztpfdf.doc_put.cur/gtpc1/locals.html

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

As I said, I have not taken to time to look at this fully. But I would of expected this to of been an "event" if indeed it is for the restriction of access to local sockets rather than full access to winsock.

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

I haven't either, hopefully someone poses this question to Jetico Developers.

 

Re: Jetico fw. Access to network requests - from apps that should never need a connec

I will send an e-mail.

I currently have Jetico1 on a VM. I just changed the rule for "Explorer.exe" to "Protocol~ local sockets": "Event~ Any", performed a search and "explorer.exe" then made outbound connection attempt to MS (as it does), there was no alert from Jetico1 due to that rule (It was the host that actually alerted me to the connection attempt)