Jetico making me crazy.

Discussion in 'other firewalls' started by aigle, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    From your logs, it is showing that connections are being blocked by the "block" rule,... that is why I wanted you to untick this rule, to see what popup is given (what ports are shown)
     
  2. Taru

    Taru Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    50
    After I untick "Block..." from uTorrent rules, many pop-ups appear if I wanted to accept incoming data from uTorrent, etc. Mainly from the 1900 port.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Port 1900 is for UPnP, you should disable this option in Utorrent, this will attempt to open ports in your router.

    Are there any popups for other inbound connections (not 1900)?
     
  4. Taru

    Taru Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    50
    They were also some 15005
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This is the port you said you have set for inbound from the router, and that you have set in the Jetico rules,... so re-check your rules for Utorrent, and that you have correctly set the inbound for this port.

    The inbound rules should look like:-
     

    Attached Files:

    • port.gif
      port.gif
      File size:
      19.8 KB
      Views:
      949
    Last edited: Oct 31, 2006
  6. Taru

    Taru Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    50
    I know that it is a crazy situation, but it is set like this. :doubt:
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Well, if you have set the rule correctly, and you are still being prompted for this inbound, then the rule is some how corrupted. Delete the inbound rules, and create new rules.
     
  8. Taru

    Taru Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    50
    That is the problem, I don't know how to create a rule well. That's why I came at this forum.


    [Ps : Dont forget the main thread but : I don't create rule, I just accept (with remember my answer) or block :/ I also would need some help about this, w/o forgeting the main thread heh.)
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Have a read through this thread, there are a number of post that show how to create rules,... one example here
     
  10. Taru

    Taru Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    50
    My bad english make me misunderstood.
    I know how to create one, not how to configure it for a specifical program.
     
    Last edited: Oct 31, 2006
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    In the rule,.. (see post 505) you will see under Packet Parameters~ "Application",.. here you can select which program is allowed to use the rule.
     
  12. Taru

    Taru Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    50
    If I accept+remember my answer for any application I know, and I block+remember my answer for any application I do not know, without hard and complex rules, is it enough?

    [I dont talk about uTorrent here, only for any program and about security with this way]

    In other words, I don't know if a program must be in "trusted zone" or "sensible zone" or "system application" etc...Maybe I could learn, but where ?
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    That is a difficult question, as I dont know what you have allowed/blocked (what the popup was when you made the selection)

    Time is needed,...... searching this forum (advanced search at top of page) or "google" (or other search engine) will answer most questions.
     
  14. Ozular

    Ozular Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    2
    Tutorial, originally in Spanish

    Translated by KDNeese here, the original Spanish version is here. I've just spent ages putting it together. It needs some more work but I haven't got time right now. If anyone can complete the translation please post it. I don't know how accurate the information given is, but I hope it helps someone. The translators comments are in red :

    JETICO Configuration

    I hope that this configuration works for all of you. It has been modified according to the experiences of the majority of knowledgeable people.


    APPLICATION TABLE
    http://www.geocities.com/ladidel_jetico/applicationtableindex.html.JPG

    Here you need to put the primary and secondary addresses of your email provider (DNS or MAIL accordingly).
    Basically he is saying When you attempt to access your email or ISP homepage, look at the DNS numbers that show up on the firewall log (as in the picture) in order to confirm which DNS entries are allowed.
    CREATING RULES FOR YOUR APPLICATIONS
    There are three rules you should always create:
    a. Rule for access to network (Here Jetico generates a hash for the application).
    b. Rule for controlling when the application can access the Internet.
    c. A way to lock the application.
    Note what access to the Network is vital, for when the access rule doesn't work.


    I'll give an example:
    Internet Explorer
    a. Verdict: Accept, application C:\program files\Internet Explorer\iexplore.exe (always put the full path of the application), ), event: access to network, protocol:any.
    b. Verdict: accept, application C:\program files\Internet Explorer\iexplore.exe,event: outbound connection, Protocol: TCP/IP, local address:any, local port: port range 1024-5000, remote address: any, remote port: 80 (here make another similar rule for other ports...
    the next phrase is untranslatable - must be colloquial "ej.443,20-21,3128,8080,80,esto se facilita clonandola: click con el botón derecho del ratón sobre la regla a clonar y despues cambiar en ésta solamente el puerto" (the word "clonar" isn't even in the Spanish dictionary) - Click on the right mouse button over the rule and then only change the port , also you can configure the application in this case like the web browser in the path; you can try this in the web browser (not sure what he means or if that is correct translation) in the images this is all done in the application table.
    c. Locking the application application: C:\Program Files\Internet Explorer\iexplore.exe, event: any, protocol: any, local address: any, local port: any, remote address: any, remote port: any. You'll see in the figure that this is not exactly the same as "block proxy any," the address of the remote port is already here.
    I have modified this last rule for the outbound connection and "any" already works correctly, denying all access for the most security (in case a program doesn't work with this, at least change the inbound connection).
    If you use Proxomitron, configure it as if it were Internet Explorer; to port 8080 or whatever you determine. Note that there may be a conflict using the same port for Proxomitron and IE or Netscape Navigator, whichever you are using).



    ASK USER

    http://www.geocities.com/ladidel_jetico/askuserindex.html.JPG
    This is the fundamental module for creating rules for programs that you install on a new system. The process will be:
    1. Change the "reject" to "ask"

    2. Start the program while online, and then try to arrange the rules so the program will function correctly and be able to access the Internet if need be. Only change it if the outbound port is in the range of 1024-5000 and in the cases of those programs that need to access different places, revise the remote address, remote port and modify it according to the needs of the program (P2P need limited amplified range... If you don't do this the firewall will not allow it to ask the internet and will not ask the question so you can change the reject to ask user).

    3.
    Not exactly sure what he is saying. I believe he is saying If your programs are already functioning correctly, change to "ask a reject," whatever that means.


    4. Copy the rules from this module to the application table. You can do this precisely by right-clicking the rule and pasting it in the other window (hope this makes sense...this sentence is really hard to translate).


    5. If Windows is updated, after the change from "ask" to "reject," do not delete the rules until you reboot [word reinície not in dictionary-but I'm thinking this is what it may mean, but am not sure] the computer, because for each update carried out a network access rule is created with its corresponding hash, and when you reboot this is that which will permit you to install it correctly (when do don't do this, at times the computer will reboot itself; I have seen it do this with each update). Due to this situation, or if Windows Update automatically installs (which I don't like), or if you go to Microsoft in the first two-week period of each month to be brought up to date, it makes this process easy and secure. One more explanation, and because each update creates new rules, I see for the moment it is complicated to make new rules and general update rules for Windows for simply "configure and forget."





    PROCESS ATTACK TABLE

    http://www.geocities.com/ladidel_jetico/processattacktableindex.html.JPG
    This should always be set to "reject," only when some programs don't work should you make a call, like in the case of your antivirus that you install, changing it from "reject" to "ask" so that the corresponding rule can be added. Actually, there are very few programs that need this, and they can be given greater permissions when they want to active a certain program from the task bar.


    SYSTEM APPLICATIONS
    http://www.geocities.com/ladidel_jetico/systemapplicationsindex.html.JPG
    For Windows updates:
    1. Manual updating: to go to Microsoft, change previously entered rule of "reject to "ask user" in the table where you have added the rules, keeping in mind that some will never be the same. Therefore, I do this and abandon the added rules en this module and after rebooting the says for the correct installation, I look a "ask user" and eliminate the rules that have been created there and again change them from "ask" to "reject."


    2. Automatic updating (I do not use it, the updatings are in the first two-week period of each month) - Activate those while on the Internet and changing the previous in "ask user" from "reject" to "ask.," Jetico will use the rules you have made here for automatic updates so that the automatic updated will work normally and will be added to the system applications, and as always again change from "ask" to "reject" in the module "ask user."



    SYSTEM INTERNET ZONE

    http://www.geocities.com/ladidel_jetico/systeminternetzoneindex.html.JPG


    Very important


    1. Going to Jetico, click in file, click in "save and to keep the configuration." I name it Optimal1.bcf (to keep it in floppy disk by if reinstaláran Windows).


    2. Go to Jetico folder and to save the Optimal1.bcf in the "config" folder.

    3. Go to Jetico, click on file, and click on "open" and select Optimal1.bcf (you already have two configurations and this way failures of any type are avoided that at times can come about. Now, in Jetico, to the left you will have two configurations. The second is Optimal1.bcf. Right click the file, click on "apply and policy" and "set default."

    4. Go to Jetico, click on options, click on general, to put palomita
    [have no idea what he is trying to say - the word either means "pigeon" or "popcorn"] in: Automatically save changes, Apply changes automatically, Load default policy at start up.
    Remember that this is a new program and even though there are rules, and according to the news I have received about Jetico, they say it will add what seems has been called a "sandbox," an application filter inside the proper system for maximum protection, besides those it already has.
    [This doesn't make a whole lot of sense, but is as close as I could get to the actual translation. Perhaps it will make sense to you...]

    Suggestion for advanced users:

    You can close all the ports by 127.0.0.1 except for the programs that utilize them, according to your own criteria. Only remember that if they are blocked in general, never forget to allow access for those programs that need access, like Avast, for example.


    ------------End of tutorial----------​

    I have spent a while configuring Jetico to optimise it as much as possible, eg, I created a table to 'Allow http' and one to 'Allow https', both for any application, a 'Browser' table which contains the 'Allow http' and 'Allow https' tables among others (again for any application) and an 'Internet Explorer' table which contains the Browser rule among others. I created these tables in the left hand pane of the Jetico window and none of them contains the name of an application. In the right hand pane of Jetico I have one Application rule which refers to C:\Program Files\Internet Explorer\IEXPLORE.EXE and the verdict I selected was 'Internet Explorer' to make it use the 'Internet Explorer' table I created. A 'Firefox' table also contains the Browser rule, etc. Reusing rules in this way instead of creating individual ones means that Jetico has to do much less. It only checks through the application names and locations once before using any rule tables. My copy of Jetico is currently using only 3.624 MB of memory! Don't forget to put the most accessed rules at the top of the list to make them quicker to use.
     
    Last edited: Nov 3, 2006
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Ozular,
    Well,.. there are a lot of un-needed blocking rules, and if a new user followed this tutorial, they could possibly block themselves from the internet, and block the opening of some needed windows applications. But lets look through,.....

    For the DNS server address, there is no need to manually enter these. These can be select within the rule as: Address type~Name server.
    These would not show in the log, unless you have already allowed or blocked the connection with logging.

    As you posted to JeticoV1 thread,.. this is incorrect (it is actually incorrect for V2). There is no need to create 3 rules. Most applications can be used with a ruleset, so only one rule with a "handle as" and then the ruleset with a block all at the end of that ruleset. You do not need a "access to network rule" to create an hash,... this will be created on any rule.

    You would actually use the "browser" ruleset for this, this can be edited to add any other ports required

    As in the example the remote ports used are for FTP/HTTP/proxy connections, why would there be a need to allow inbound. This is a security risk. Browsers do not require inbound connections for normal browsing.

    You would config proxo to use the browser ruleset, with allow inbound from localhost. Why would there be a conflict with Proxo and IE/Netscape using ports? You would then config the browser to outbound to localhost (and set the browser to use localhost proxy). Note: in the pic, IE is not set to use proxo.

    The default setting for "ask user" is "ask" (I think it would be called "reject user" if "reject" was default)

    Well, this would be down to the user knowledge. I myself would not go about checking access needed by programs this way. For programs with un-known needs (for access) I normally follow either: A block-all ruleset with logging, to see the first access attempts, create a rule from logging, and run the program again. It can be a little time consuming, but there are no popups, and the rules can be checked, and a tight config made. The other option is to allow all outbound with logging,.. this is o.k. if the program is well known/trusted, a ruleset can then be created from logs.

    From (1): change from "reject" to "ask",.. this is saying, change this back to reject.

    This is just a case of moving the rules, this can be done by dragging and dropping the rules, but cannot see why anyone would do this. It would be better to place these into a ruleset(table) for that application

    Unfortunatly, due to your ruleset for:-

    Windows update would not be able to apply.

    To restict localhost activity, it is best to remove the localhost from the trusted zone.

    So to finish:-
    lets just look at all the "block rules" in the first pic: These are not needed,.. from the ruleset posted, all non-processed packets would be blocked anyway,..
    For the DNS rules,.. only one set are needed either in the "System internet zone" (if the DNS client is being used) or in the "Application Table",(if the DNS client is disabled), but even then, you only need 2, one for outbound datagrams, and one for inbound datagrams. (and from the point of security, these should not be left here, they should be placed into a DNS "table" so only allowed applications can access these rules.
    Note: from the instruction to set the "attack table" to "reject",.. this will be a major problem, as example "attacker starts application with hidden window", this is basically "parent->child". (one application starting another_ mostly done by explorer (clicking shortcuts)). As for the windows updates,.. well, the last time I updated with the attack table enabled, I was give at least one attack alert for each update,.. if these are blocked, the updates will not apply)
     
  16. Ozular

    Ozular Registered Member

    Joined:
    Nov 3, 2006
    Posts:
    2
    Hi Stem, it needs a fair bit of editing, doesn't it !? I just stitched the translation and the pics together here and didn't see the result until I had posted it. That took a lot longer than I thought it would so I didn't have time to sort it out.
    I've only been using Jetico for a week and haven't fathomed it out completely, but at first glance I thought the pictures had too many rules, as you pointed out, that's why I added the little bit about optimising.
    There's a distinct lack of info on Jetico and a tutorial is needed as it's not simple, but definitely worth using. I've gotten to grips with the Application Tables but the Protocol and IP Tables are new to me as I've only used Outpost Free firewall since becoming a netizen (Outpost's application rules are all either TCP or UDP based).
    I've been reading your posts this week so thanks for the all advice; I have only found a few threads on Jetico so any help is appreciated. I didn't like Jetico at first but only because it requires a lot of working out, it would be a lot more popular if there was more advice on it.
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Ozular,
    From this thread there is a lot of info,.. I have been trying to put together a post to explain/show the workings of Jetico, but have kept starting again as I do miss things out, and see that some info can confuse.

    I will work (more/quicker)on creating a Jetico user/help thread, as I can see there is a need for this.

    As from your use of this firewall,.. you will notice its ability to process packets to flag level,.. this can be hard to explain.
     
  18. glentrino2duo

    glentrino2duo Registered Member

    Joined:
    May 8, 2006
    Posts:
    310
    Hi Stem, along with othes, i will be looking forward to your Jetico guide. It's quite hard to read through all information in this thread. Thanks in advance! Very much appreciated!
     
  19. Bizadi

    Bizadi Registered Member

    Joined:
    Aug 25, 2004
    Posts:
    79
    Location:
    Tulalip, Wa.
    Sorry, I haven't read all of the pages of this topic yet but what is the difference between Application Trusted Zone & System Applications? For example, Jetico pops up for my MS mouse (C:\Program Files\Microsoft Hardware\Mouse\dplaunch.exe and C:\Program Files\Microsoft Hardware\Mouse\POINT32.EXE). What should I allow it as? I do remember to tick the "remember my answer" box.

    Also, what is the deal with the "Misc" line with the Hash number?
     
  20. Roger_

    Roger_ Registered Member

    Joined:
    May 7, 2006
    Posts:
    89
    Location:
    Portugal
    What permission does Jetico ask for exactly?? You can allow it if it is permission for 'access to network'...

    Application Trusted Zone is for specific well-know applications (which cannot be 'hacked' as well!) as it will allow everything!

    As for System Apllications, if you use the Optimal setting, under Ask User you can click and see on the right panel what rules are included by default for known Windows System apps:
     

    Attached Files:

  21. Roger_

    Roger_ Registered Member

    Joined:
    May 7, 2006
    Posts:
    89
    Location:
    Portugal
    I missed this one on my last reply...
    This is an unique hash code to identify the executable to force the detection of changes in it: if so, it will ask you again for all permissions. Do remember to go to the Ask User list and delete the old versions as Jetico does not do it automatically.
     
  22. Bizadi

    Bizadi Registered Member

    Joined:
    Aug 25, 2004
    Posts:
    79
    Location:
    Tulalip, Wa.
    Thanks, Roger. I just got Jetico today and it a bit overwhelming, initially. I have read thru Page 7 of this thread and I had already found an answer to my "Hash" question before you replied (but thanks again :cool: ). I need to study the manual but I sure wish that there was a thread for Jetico like "Extra settings for Nod32" (in the NOD32 Version 2 forum). That's what I crave: clear, step-by-step, detailed instructions and lots of pictures with Red Arrows! :D
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Bizadi,
    lol :D I am putting together a guide,.. this is not so easy, as I do not want to confuse, and spare time for me as been short. I will finish/post as soon as I can. (I just hope it can be fully understood,.. and not miss anything out (that is needed))
     
  24. Fumens

    Fumens Registered Member

    Joined:
    May 5, 2005
    Posts:
    23
    Thank's before Stem, really looking forward to it.
     
  25. Thomas123

    Thomas123 Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    26
    Location:
    Hong Kong <-> New York City
    Hi, I have problem using utorrent with Jetico Personal Firewall v.1 too. I have read through this thread, but utorrent said there was no incoming connections. :oops:

    Now, I set Port 16456 for the incoming connection in uTorrent program and forward Port (TCP/UDP) 16456 on my DI-604 Router.

    I also installed UPnP UI through Add/Remove Windows Components and started (Manual) SSDP Discovery Service and (Manual) Universal Plug and Play Device Host before downloading with utorrent. I am not sure if I need these services running and UPnP installed. I just found these solutions on Google, but they did not work. :'(

    And, here is my rules for utorrent in Jetico Personal Firewall: o_O

    1) Aceept
    Access to network

    2) Accept
    TCP/IP
    Outbound connection
    Location address: any
    Remote address: any
    Local port: 1024-65535
    Remote port: 80-83

    3) Accept
    TCP/IP
    Outbound connection
    Location address: any
    Remote address: any
    Local port: 1024-65535
    Remote port: 1024-65535

    4) Accept
    TCP/IP
    Inbound connection
    Location address: any
    Remote address: any
    Local port: 16456
    Remote port: 1024-65535

    5) Accept
    TCP/IP
    send datagrams
    Location address: any
    Remote address: any
    Local port: 16456
    Remote port: 1024-65535

    6) Accept
    TCP/IP
    send datagrams
    Location address: any
    Remote address: 239.255.255.250
    Local port: any
    Remote port: 1900

    7) Accept
    TCP/IP
    receive datagrams
    Location address: any
    Remote address: any
    Local port: 16456
    Remote port: 1024-65535

    Here is an event in the log:

    11/5/2006 11:21:55.622 reject Block All not Processed IP Packets 134 UDP incoming packet 82.51.178.143 192.168.0.101 16160 16456 TTL: 113; TOS: 0; ID: 0743
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.