About application filtering

Discussion in 'LnS English Forum' started by imsai, Dec 1, 2005.

Thread Status:
Not open for further replies.
  1. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
  2. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada
    Hello,


    Your getting those alerts because you did not add a port or a range of ports to allow or every address is blocked!,also if you wanted to block the all the port's to a program just type ;1-65535 (as is) in TCP and UPD and there is no need to block any ip's.I did it on IE my self,but found you can only add so many!Ip's and ranges and it's not much!But for other
    programs it tighens up your security,hope this helps.
     
  3. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    What I want is to allow IE to connect only to specified ip addresses.
    And it looks like that it connects to any address right through the Squid.
     
  4. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada

    It can't be done due to the limit's of port's and IP address you can add to IE in the Application filtering tab,I think I got about to six not sure and it said I have reached the limit!

    But every other application on your computer,well most of them anyway can be added with a port and a range of IP's for the applications.
    and really tighten up your port's of just who can use those applications to connect.Also you can block IP ranges in Internet filtering and make your computer almost impossible to connect expect the port's you leave open for P2P sofware,and there is also a limit on Internet filtering. I need more rule space on App filtering and internet filtering,but I don't think it will happen it has been talked to death about this limit's on rules,but I love LnS reguardless of that litttle problem.

    I have most of my computer with yellow Icons for port allow or block,but I have not found away to do this for Internet explorer and web surfing yet.

    Maybe somebody knows how?,but IE has to be trusted or you won't connect to the internet and thats how you can get a virus just from visting a website.Too bad major flaw in Windows,good luck
     
  5. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    For security reasons I allow IE only to connect to MS-Update pages! This can be done in application filtering of LnS.
    I recommend the latest Firefox release (1.5). It can run an additional extension, which controls all active contents (Javascript, Java, Flash etc) for each website by one single click. it is called "Noscript". A very fine product!

    In general it is not trivial to control your standard browser. You could try using a proxy, not sure though that this simply prevents unwanted outbound traffic.

    Thomas :)
     
  6. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    Could you please look at screens I posted and tell me what's wrong?
    I want to allow address range 193.222.135.222-193.222.135.233 for IE to connect to.
     
  7. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada

    It's not woking because you have to add port's also,for TCP and UPD then it will work,but if you try this with Internet Explorer you will soon see you run out of room there is a limit.Good luck
     
  8. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Well, it all depends on the traffic you generate to the IPs.
    First, you must add at least 1 port for your address range. Try port 3128 and see if it requires an additional port. You might connect through a proxy server via port 3128.
    Second, for UDP you should allow port 53 to your DNS server (this could be 213.134.128.20).

    Thomas :)
     
  9. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    imsai,

    According to the Intenet storm center 37% of the internet users today are not protected against the current "Win32/Delf.DH-Trojan horse" (others call it "Zero Day IE Exploit"). This is because these users are still running Internet Explorer and they use Active-X.

    MS has not yet released a patch for this vulnerability. LnS can not help you with this one! So before fuzzling with the configuration of LnS did you deactivate Active-X ??

    Thomas :)
     
  10. imsai

    imsai Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    13
    Kush, Thomas M... Thank you!

    :)
     
Thread Status:
Not open for further replies.