Jetico making me crazy.

Kad uses UDP,
You should check your settings, and then try the test page, your browser should then connect out to the emule site (remote port 81) and will inform you if inbound connections(tcp)/datagrams(udp) are being allowed.

 

The page test can't be loaded with Jetico, I tried also to switch to your emule ruleset but it did not work... in the Emule options I did not touch anything: client ports are 4662 tcp (but I tried also to change it in 4665) , and 4672 (udp), in Emule I can't see other options which could generate this problem, and as i said I'm not behind a proxy... Well, I'm really puzzled now...

 

I loaded the test page, I just had to allow my browser outbound to remote port 81.
Are you making sure that the ports used within emule are the same as in the jetico ruleset.

Pic from my test settings, test page result:

 

Allowing port 81 also my tests were successful. I attach you my ruleset, I changed it to be exactly the same as yours (except for the ports used), even if as you can see the previous rules were more permissive, so they were not the problem. And, as you can guess, kad is still broken.

Thank you again for all your help.

 

Gesu'(o v...) non mostrare anche quella ridicola regola di accept datagram su porta "0"!

 

@Gesu`,
If the port test was successful, then the inbound rules are correct.
From your post 675, this shows inbound TCP being dropped, which means at that time your ruleset was not correct.
KAD uses UDP, so even with TCP inbound being dropped/blocked, this would not directly affect KAD.
As I suggested earlier, you should check for driver problems, first by updating your network drivers.

 

Hi,please could you help me with creating ruleset for Skype?
officially Skype web says this:http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=148
Thank you in advance for your reply,Bohemy

 

@Stem: You're right (as usual ), at this moment the log does not show all those lines, anyway even if I updated network drivers (I've an AsusM2V with Attansic L1 Gigabit Ethernet onboard), Kad still does not work... well, I suppose there's nothing to do...

@gavel: Perché non dovrei mostrarla? Al momento l'ho disabilitata ma ricordo che avevo dovuto attivarla altrimenti Emule continuava a presentarmi richieste di connessione... (Che intendi con "o v..."?)
(We're discussing about the rule Receive datagrams on any port, without it I had to manually allow a lot of requests, when I connected to ed2k.)

 

Well, I found what is the rule that creates the problem: System IP table | System Internet Zone | Deny All fragmented packets.
Here what happens when I use Kad Search:



As you can see only few packets have a destination and a source port, so I'm not able to create strict rules, all I can do is to create a rule to accept all incoming packets on UDP protocol, but I fear that this compromises system security... Any ideas?

 

As it is the "Deny all fragmented packets" rule that is dropping these, then the only solution would be to disable or change that rule.
This would open the possiblilty of a DOS attack by fragmented packets, but that is up to yourself.

 

Well, as I supposed it's better to leave that rule... it's not so important anyway...

Really, really thank you for all your help, Stem

 

This is my port scan:

I tried but can't have port 113 pass the exam. Need some help on how to make a rule for it.

And another question, is it possible to have my port 80 stealth when I surf their website and do the port scan? Why do they try to scare me all the time?

http://img250.imageshack.us/img250/3449/tested7zp.jpg

 

Jetico blocks port 113 by default. Do you have router running? If yes, it might be the reason why port 113 is closed, not stealth. Try google with the keyword "port 113" + your router's manufacture.

In terms of openess of port 80, it means your computer is acting as web sever. If you don't open port 80 on purpose, it might relate to a trojan/backdoor infection.

 

Problem solved. Thanks shek

I'd believed port 80 is the local port for web browser for a long time!
All problems are from router. I were finally able to login my belkin after tens of tries last night. After updating the firmware and changing to a shorter password, It really takes shorter to login now.

I hard stealthed the port 113 by forwarding to a unexisting machine.

Port 80 is opened by an online game when it works as server. I disabled it because I'd never host a game.

 

HI, Shek:

Do you have some ready rules for CS1.5 CS1.6?

 

When connecting out with your browser, it will use local ports >(above)1024 to remote port 80

It sounds like the game is using UPnP(SSDP) to open ports in your router. You can disable this in the windows service and/or in your router settings.

 

No, I am not a game player at all.

 

Hi, stem:
I guess there is should be no service in my computer. When setting the router, I saw the game listed in the predefined application gateway options gate way for both server and client. And it happened being installed in my computer. Then I just enabled it and plan to kick some ass on my server Never happened That is why it is open

BTW, do you have any suggestion on how to password protect jetico from being shut down? Yesterday, jetico 1 is turned off once for no reason (after I clicked the firefox in the taskbar). And some days earlier, I saw two firewall icon in the tray after I shut down and restart. I found a freewatchdog on softpedia called FSL process watchdog, but it is much bigger than the xpfirewall watchdog. The dog works, but eats too much, looks ugly and no password lock. Is there a possible way to have the windows security center to recognize jetico 1 and monitor it, or any other better dog.



Another thing, what is different between exit and shut down jetico1?

 

I would suggest SSM Free which you can use to protect Jetico from shutdown (and many other features)

On "Exit", the "Tray Icon" will dissapear, so the UI cannot be opened, but the firewall/policy is still active. On "Shut Down", the firewall protection is closed completely (no firewall/policy active)

 

Thanks stem! SSM looks good.

A question here, how can I set the ssm to detect jetico's stopping running and start it again? I can't find help file

 

Hi Ghost_ARCHER,
SSM will intercept any kill attempt. But in case Jetico is terminated:-
Select Application rules ~ fwsrv.exe(Jetico) ~ "Keep this process in memory".

 

Yeah, thanks stem.

Found SSM is another jetico But it works good, except conflict with faststone on my system. the image viewer kept collapses.

I have some question about the blacklist of website -- the untrusted zone you post. Some page I can access before is unavailable now. Is there any easy way to unload and reload the blocklist, like unload and reload rules?

For some case firefox use remote ports other than 80:443, should I add a detailed rule for it? And I notice that in the rule for web browser, the remote address is any. There is another option like trusted / blocked zone. Does that mean the blacklist we made need to specified here?

 

Any problem/conflict you find with SSM, report them to the SSM forums they are quick to help/resolve problems

I take it you mean the "Blocked zone". You would need to manually edit out using the "Configuration Wizard" (you can delete all entries with "Remove all")

There are various remote ports used, you can add these within the browser ruleset. (Clone the rule and simply change the remote port). Any IP within the "Blocked Zone" will be blocked, regardless of ports used.

 

Hello Stem and other firewall gurus ^^

First, thanks a lot for all this information about Jetico. I read the all 28 pages from this thread an this makes a very good knowledge base.

I set up Jetico and I almost succeed to get it quiet with all the rules you provided. However there are still of processes that require "access to network" but I don't know if I should allow them to do so ;-)

Here are some examples:
TeaTimer.exe (Spybot resident)
nvsvc32.exe (Nvidia process)
apoint.exe (touchpad process)
E_FATIAAE.exe (Epson E68 printer driver)
SSScsiSV.exe (SonicStage process)
EabServr.exe (HP quick lunch buttons driver)
Adobe Gamma Loader.exe (that comes with photoshop I suppose)
...

all theses processes are legitimate, at least I think so but why do they want to "access network" As far as I understood, this event means that the application tried to open a socket to communicate. So I can't see any point in TeaTimer or printer driver to communicate with the network and if some of they are denied access to network I have connection problems (e.g. SSScsiSV.exe ... if I reject access to network, WiFi connection takes much longer to establish and this leads to other consequences like Avast mail shield it cannot connect to POP, IMAP, SMTP, ...)

Can you explain this?

What policy should I adopt conerning theses processes?

Thanks a lot in advance for your advice.

 

They do not let me search for topics. I think I have to register on SSM. Bad