Jetico making me crazy.

hey stem currently

I am testing this program called tor which actually hides your IP information and valuable stuff from the internet, anonymizing which I will say.

I tested the security in shields up, the test result shows that all the ports are stealth, except ICMP ping ( echo) failed.

Is there anyway to block this.

Tor uses proxy server and a port to anonymous therefore in order to run this program one must edit IE options connection settings to set proxy.

any ideas of solving this in jetico ??

 

shaunwang,
If you are using an external proxy, then it will be the proxy IP that is scanned at shieldsup. You need to check the IP shown at shieldsup before the scan is made, if this is not your IP, then no settings change on your PC/Jetico will change the results.

 

but will I be secure in that way or because of the external proxy that I have weaken my system??

 

Hi shawnwang, first sorry that your question as not been seen by myself (and answered) before now.

If you have not seen this thread it is worth a look. ("dog" knows this software/proxy well)
Using an external proxy, will not in itself make your security less, unless you are allowing "all" to~from/or have the proxy IP as trusted. You should still use the same firewall rules as you would if connected directly to the internet, dont forget using this type of software is mainy to hide your IP etc from those you connect to,... so your PC IP can still be scanned/attacked, and you still need your firewall set up as such.

 

Hello all Jetico(1) users,

I am thinking it is time to sort out the info contained within this thread (possibly a bit more info to fill some gaps may be needed), and was just looking for a bit of feedback before I begin, mainly to see what type of format/info would be needed. ie, would it be best/needed to start from installation, or just mainly rules creation etc.

Feedback please:-

Stem

(I would make a new thread for the info)

 

Hm, general a good idea. But the new thread should be a closed one and should only be filled with real informations step by step from you. Like a Jetico FAQ and pinned. Second; are we sure that Jetico 1 will be oficially still avalable after v2 gets out of Beta?

If so, i think the main goal should be informations strictly regarding to Jetico1 as explanations to features and handlings, rules + attachment, to import those, as basic stuff is already dicussed in hundreds of other FW-treads at Wilders.

 

Thanks for feedback Tommy,

Well, lets ask,... I will e-mail,.. please do same.

I would like to put all info together. (this I would like to do for all firewalls that need this type of info)

As for pinning,.. well,... maybe,.. but it would be a compilation,.. not just for Jetico.

Regards,
Stem

 

Done.

If you need help tell me.

 

Yes, help is needed,.. my own personal opinion on what a user needs is not enough, I could very easily miss info needed, as I may think certain info is un-needed.

Lets make the forum do as intended,.... share info,

Edit:
I think too many Jetico users are placing too many applications into trusted zone,... am I wrong?




.

 

If i read the threads here, i would say yes. I think it's a lack of knowledge regarding the aplication as of protocols and ports. But this is a general problem. 60% of FW user don't know what they are doing. Tha'ts the danger with Jetico as it needs more than basic knowledge.

In Jetico v1 i don't had any aplication in trusted zone. I worked allways with application tables like 'Webbrowser' etc. The most filled one was a table called 'Port 80 only' for aplication who need only access to network an the possibility for update checks on port 80.

 

I personally believe it is just the way info is given (or in most cases not given).

A lot of users go for firewalls like ZA simply as there is no need to sort out the need for protocols/ports needed. Some very basic info,.. in a way understandable to new users is needed.

As with Jetico,.. lots of new users agree that this is a "complicated firewall",.. but just some basic info can change that,.. it is what I would like to see,.. for user to see how easy it is to set rules within a firewall and make themselves more secure.

 

@Stem
What do you think of establishing a kind of 'Knowledge Base' here. Kind of subforum with closed threads, like the Sygate Forum 'still' has.

 

Hello people

Only today did I stumble across Jetico - I was still clinging to Sygate - and am hugely impressed, if slightly bamboozled, and impressed too by the incredible if informative jumble that is this thread!

Please forgive me then for jumping in with just a short question. I hope you don't mind:

Is there any way to stop the five-second cycle of Jetico opening and reading settings.xml, and explorer.exe querying and opening fwui.dll? I'm running XP Home SP2 with all relevant patches, use a Huawei NAT/router modem via USB, and have XP's services and other non-essential junk pared down to the absolute minimum. Any pointers would be appreciated. Thanks in advance.

 

That's one of the problems in the moment. Jetico has an 'Echo-bug' which result in two popups for the the same case. Seams that there are problems with fast storing and rereading the xml file.

Fwui.dll IMHO that belongs to Symantecs Firwall configuration GUI and should be written fwUI.dll.

 

Thanks Tommy. I'm confused about what you say about fwUI.dll - it's the "Jetico Personal User Interface Module", in Jetico's folder. Nothing to do with Symantec. Haven't actually touched anything of Symantec's since their antivirus hosed my system, twice, many moons ago...

 

Ah you are using Jetico v1? Sorry i am with my brain on Jetico v2.
Ok back to your question why explorer.exe is quering this file. To tell you the trueth i don't know for sure, so i can only guess. Please wait for @Stem he has Jetico v1 still on one of his testing machines.

 

This is new to me, I have not come across this. When do these happen? Are you using a large list in your trusted/blocked zones?
What other security software have you installed?

 

Thank you both for replying.

I'm using Jetico 1.0.1.61. Not much in trusted/blocked zones etc - 15 applications trusted, 10 accepted, 6 rejected, and 2 each for web browser, ftp and email. Under system applications, all rejected except for userinit, winlogon, lsass, explorer, csrss, services and svchost (as per someone's screenshot way back in this thread). The system's running well, and the firewall is working as it should.

DISK ACCESS
See the attached screenshot of disk activity from Filemon.



1. This has a periodicity of 10 seconds (one cycle of identical accesses repeating endlessly); I've highlighted in yellow the end of the previous cycle and the start of the next, to show the timing.
2. Screenshot was captured under normal conditions - Firefox window open, NoteTab (text editor), Proxomitron, web connection, AVG limited to the contextual menu (no on-access scanning etc). Disk activity remains the same even with all of these programs and their processes killed and the usb internet cable removed.
3. Disk access was the first thing I checked for after the initial install of Jetico, when the settings were little different to default.
4. After Jetico is shut down, there's no disk activity whatsoever.

REGISTRY ACCESS
See the attached screenshot of Registry access from Regmon [as a separate post; the board doesn't let up upload two in one post]; it shows registry access with only Jetico running, nothing else.
1. It has a periodicity of 5 seconds.
2. When Jetico is stopped (ie there's nothing in the system tray), there are no registry accesses at all.

POSSIBLE CAUSES?
The disk activity is definitely caused by Jetico - when it's shut down, there's not a single disk or registry access from any process! What would be helpful to know is whether anyone can replicate this. If not, then it's probably a problem with my own set-up, probably one too many disabled XP services:
1. Errors in XP's system log. The only error I'm getting in XP's system log is an on-boot error regarding Zero wireless configuration - depend on the E/S Protocol in NDIS user mode, which failed to load as it's either disabled to is missing components [sorry, my box is in Portuguese - this is a rough translation!]
2. When Jetico was installed (as now), the computer's ethernet card and wireless card were disabled, together with windows services relating only to them. Could it be that their "present but disabled" state prompts Jetico to check over and again whether they've been enabled? The connection at present is only via USB.

Tell you what - I'll give the current beta a whirl, and also try re-enabling wireless (to clear that error) and see whether that solves it.

Thanks

 

Here's the registry access log referred in the previous post:

 

The missing E/S Protocol in NDIS user mode process stopped the beta from running. Solved by enabling it, and the full wireless setup. Same situation as with v.1.0 - constant disk access (much more than v1.0), whether or not the wireless services and processes are running or have been killed off.

However, the disk does power down correctly (it's an Acer laptop), so accesses are "passive" (not sure that's the right word - they don't seem to count when calculating the amount of time expired since the last user access), so it's now a non-issue as far as I'm concerned. Don't scratch your heads much more about this - and thanks again for your help.

 

Ok all that stuff is absolute normal. As exploerer.exe (should be in your windows directory, if not its a virus) is the user shell, which is responsable for the taskbar, desktop, icons, and everything what has to do with GUI's. It will access each programm which depends on an own GUI in order to load it. So nothing to worry. In your case the fwui.dll which is the responsable one for Jeticos GUI.

Also the behaviour of Jetico checking in short times the settings file is normal and nececcary. Jetico needs to know its own basic settings to work correct. Its checking for changes.

Accessing the registry is also normal as Jetico and each other FW checks only the registry settings regarding to Networks, DHCP Domain, TCIP, Proxy, etc. and its own settings in the Regsitry.

 

Anyone here knows how to set limewire in jetico,

example if port is = 50000 in limewire how should one set a rule for it to downloads files.

I tried setting some rules but it does not download anything. any ideas

 

Hi
Have you taken a look at the "torrent" ruleset I posted,.. this will show you how to set a port for inbound (Info on how to change the port used here)

 

Hmmm stem I did clone the torrent ruleset to be used in limewire but then the +SYN logs out vigorously on the port which I had already exclude from protection of SYN.

I tried opening a port, which also does not work

any ideas ?

 

Which rule is blocking/logging the "blocked SYN" packets?