JPF v2 beta progress.

Discussion in 'other firewalls' started by Nail, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Edit: Deleted!
    Reason: Because of some strange reason ( i was propably drunk) i deletede the 'Ask-Rule' in the 'Aplication Checksum Rule' o_O
     
    Last edited: Aug 19, 2006
  2. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    Just to check with you guys,

    When using PCFlankLeakTest, to test leaks on Jetico v2.0

    When you have a browser active and you test leaks with PCFlankLeakTest does it pass or fail ??
     
  3. Alffa

    Alffa Registered Member

    Joined:
    Aug 5, 2006
    Posts:
    12
    If I give IExplorer.exe access to network JPF v2 fails this. I have IExplorer blocked alltogether myself. Would like to know if there are Firefox-specific test-programs somewhere. Many tests in http://www.firewallleaktester.com/index.html require IExplorer to be allowed outbound, so don't know how many of those tests are actually IE-specific.
     
  4. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Regarding 'pcflankleak test' just want to inform you guys, that @Nail from Jetico declared this failure as a open bug. The 'indirect network access' interception - Jetico (1 or 2) is not catching windows OLE/comms - seams not to work at all.

    Somebody beside @Stem and me can confirm this?
     
  5. Alffa

    Alffa Registered Member

    Joined:
    Aug 5, 2006
    Posts:
    12
    Well if you mean that what the "indirect access"-event is supposed to be doing - I wonder it myself ... I unchecked all the default rules from this "indirect access"-table just to see when or on what kind of event it should wake up and ask me about rules but have not been able to produce or seen any events that would fit in that table. So to me also that that don't seem to be doing nothing atm. But if it is meant to catch those kind of "indirect acesses" that are not by any means "normal" (like this pcflanktest), then I look forward to it ... :)
     
  6. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    Hi people who are using jetico v2.0 beta

    I did try but never got it successfully to work.

    Can someone answer these questions :D ( screenshots for each questions is best solution for me to understand it better )

    0. Where do I set my rules eg. svchost.exe and services.exe which are use to request an IP to be assigned in jetico v1.0 I tried in jpfv2 but its not working?

    1. Can someone show me the full list of protocol jetico v2 have?

    2. Can jetico v2 able to set anti Mac spoofing settings?

    3. Can application be now use to bypass block rule sections ? eg. if A application is set to bypass or something , the blockrule will ignore the port from blocking it.

    4. How to do the most basic setup for jpfv2 eg. important setup like scvhost.exe and services.exe and others system files to allow internet to at least work?? ( Stem maybe you can do a good tutorial to setup this ? or anyone will be nice)
     
  7. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    JPF v2.0.0.7 beta is out:

    http://www.jetico.com/jpf2.htm#downloads

    Changes:
    1. Firewall startup bugs fixed (error codes 80080005, 80070776). [To Appyface: VNC problem should be fixed too]
    2. Duplicated popup messages fixed (echo popups).
    3. Duplicated rules in default configuration fixed.
    4. Buffer overrun on long flienames in application groups fixed.
    5. "direct memory access" process attack event handling fixed.
    6. UDP port checking bug is fixed in IP rules.
    7. Window position is saved on shutdown now.
    8. View->Toolbar status is displayed correctly.
    9. Default configuration file updated to allow Jetico Personal Firewall client-server communications.
    ~Removed direct download links - url to download page preferred....Bubba~
     
    Last edited by a moderator: Aug 29, 2006
  8. Nail

    Nail Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    28
    As far as I remember, JPF v2 supports same protocols as JPF v1.
    In addition, you can enter numeric value for unlisted protocol in IP and protocol rules.

    Yes. JPF v2 protocol rule supports MAC address checking. So you can create
    a pair of rules: first will check MAC address and second will check IP.

    Frankly speaking, I did not fully understand these questions. Please describe problems in details.
     
  9. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Beta 6 complete deinstalled, Beta 7 installed and running.
    - Jetico Service is now set to automatic.
    - So far these bugs seam to be fixed.
    - Also Jetico is now to recocnize dll injections, parent processes, 'indirect access to network', comm accesses, etc.
    It' is for a new application one 'Hash- Popup' more, but that absolute ok.
    - And the best, pcflanktest seams to be acomplished :)

    It seams Jetico is now a Firewall with HIPS features.
    Well done! Going on playing with Jetico 2 Beta 7.

    Feature request:
    - Could we make the tables 'Access to network', 'Indirect Access to Network', 'Process Atack' and 'Application Checksum' sortable by the colum Application? It is, as it is now, very hard to overview all the stuff for controling. Is it possible to ad a colum 'Date-Time' to these tables. If not the first request would make more problems than good.

    - The popup text should be changed in some cases. They are mostly talking about '...propably trying to access the Internet..' . That should be told only when the application needs a rule in 'Network activity', but not in case of 'indirect access to net' or 'access to network'. Could be confusing and result into a wrong confirmation when asked in these popups.
     
    Last edited: Aug 29, 2006
  10. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94

    Hi Nail, thanks for your reply,

    About svchost.exe and services.exe currently this two devices are the ones to get my connection working, under JPFv2.0 which table section should I be adding the settings for DHCP ??

    Next is which table section should I start advancing my ruleso_O

    What is Network Activity continueous requesting on IE different ports o_O like Internet Explorer instead of going to port 80 , port 443 on outbounds, its going to 1101 1102 and 1103 o_O

    Why does jpfv2.0 beta 6 crash on attempting to probe the port 1101 in shields up section o_O?
     
  11. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Assuming that svchost.exe is doing the DHCP request (WinXP) do following.
    - Create a new 'application table' for svchost.exe under 'Ask user'
    - Make a 'Jump-Rule' for svchost to this table.
    - Put the DHCP rule into this new createt table.
    - put all other rules regarding svchost into this table, like for windows update, time syncronisation etc.
    Let's tell you how i do it.
    - First a create 'groups' of similiar applications, like Web-Browser, etc. In this group are Firefox, Opera, IE, etc.
    - Make a 'application table' called 'Web-Browser' with rules for Webbrowser.
    - Make a Jump-Rule which links to the 'application group' 'Web-Browser' with 'action' Web-Browser (table)

    For application which need several rules, i create a table and jump-rules to those. Further i have for example a table called 'Port 80' only. To this i refer for applications which only and only need access to the network on port 80 for updates and so on.
    It's a question of personal taste.
    Those are abnormal ports for Browser, but tipical if you surf to some 'strange' Websites.

    - Port (UDP) 1101 is apparently pt2-discover or Silencer Trojan Horse
    - Port 1102 - don't have a clue
    - Port 1103 IMHO for xaudio.'x audio server, xaserver.

    Just allow only port 80, 443 in the table for Web-Browser, block the rest with loglevel 'notice' so that you can see in the Log whats going on.
    Install Beta 7 please or you have a nasty Guy called Silencer Trojan Horse
     
    Last edited: Aug 29, 2006
  12. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    Total uninstall of Beta 6
    Tried Instaliing Beta 7 twice.
    Total system slowdown on reboots.
    Firewall would not load, getting error message (80080005)
    Took 6 minutes to uninstall beta 7.
    Same result both times.
    Reinstalled Beta 6
    Any ideas??

    Windows XP Home Edition SP2 all updated.
     
  13. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    How is the service set? To manual or automatic?
     
  14. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    It's on manual
     
  15. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Beta 7 service should be set to automatic. Give it a try.
    The RPC (Remote Procedure Call) Service also has to run!
     
  16. ubuntu

    ubuntu Registered Member

    Joined:
    May 17, 2006
    Posts:
    22
    Location:
    China 中国
    Are you sure It's on manual and JPF is 2.0.0.7

    cleaning install and reboot ,I got error codes 80080005 and system slowdown
    so I go to Safe Mode change JPF Service Automatic to manual,reboot It's OK now.
    if you reinstall 2.0.0.7, you can try this way.
     
  17. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    Yes i'm sure. I even used a previous image with no other software installed
    and same problems. When I install 2.0.0.7 it is on automatic, I had RPC disabled and renabled it with no change in results. I was using SafeXP and Windows Worm Doors Cleaner to disable alot of stuff but there renabled now.
    I will try your fix in safe mode to see if it works. 2.0.0.6 is set at manual by
    default.
     
  18. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    OK. Problem solved. Works when service is set to Manual
    Thank you for all your help!!

    Rick
     
  19. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Didn't you told us that it was also before set to manual?
    Anyway, nice that it works this way, but it should work as intendet with service set to 'automatic'.
     
  20. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Didn't you told us that it was also before set to manual?
    Anyway, nice that it works this way, but it should work as intendet with Jetico service set to 'automatic' and RPC 'automatic'.
     
  21. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    2.0.0.6 was set to manual after rebooting.
    2.0.0.7 was set to automatic after rebooting.
    I did not try to reset 2.0.0.7 to manual till now.
     
  22. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Bug Beta v 2.0.07
    - Log Options are not stored.
    - Browser button for logfile not working
     
  23. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    Hey tommy,

    thanks for the advices, I shall try it when I get back from schooling.

    hmmm IE access outbound through 1101 is silencer Trojan Horse maybe possible, but then I currently on jetico v1.0 which makes my IE to work directly at 80 , 443 on outbound connections. So I can confirm one thing I had not set JPFv2.0 properly or some settings in there require adjustment.

    Previously I had the same thing happening to JPFv1.0 but Stem assist me through the rules and found that Land Attack and IP spoofing on my blockrule is the culprit to causing weird things to my IE to go to 1101 1102 1103 1104 and 1105. But After that, everything went smoothly at port 80, 443 most of the time is port 80.

    will it be possible to create the basic screenshots tutorial on setting up jpf 2.0
    properly o_O
     
  24. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    This would be a long tutorial :)
    Let me talk and perhaps coordinate that with Stem. He seams to be absend in the moment.
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It now appears (on my W2K setup) the "INDIRECT ACCESS" is now being intercepted (inter process/inject dll).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.