FireHole

Discussion in 'LnS English Forum' started by BVV, Jan 6, 2004.

Thread Status:
Not open for further replies.
  1. BVV

    BVV Guest

    Why is it that FireHole is only intercepted by LnS when the browser isn't running already? When it is running, FH can connect to the internet without any reaction from LnS.
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey BVV

    You using Opera browser or something else?
     
  3. BVV

    BVV Guest

    I recently switched to Greenbrowser, which is a frontend for IE similar to the better known MYie. If my memory serves me correctly, the same thing FireHole/LnS) happened when I was using K-Meleon. If you mean to say that it depends on the browser I'll do some testing to see what happens with a different browser.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    On Windows XP and perhaps 2K if you use Firehole with Internet Explorer regardless of an existence session, firehole will fail.
     
  5. BVV

    BVV Guest

    I have reinstalled K-Meleon (which is not based on IE) and made it the default browser on Windows 2000. The same thing happens as before; when the browser is already running firehole can connect, when firehole has to launch the browser LnS intercepts it.
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, this is true, if the browser is already started by an allowed process it is not started again when Firehole perfoms its test and so Look 'n' Stop doesn't detect this launch.
    With the 2.05b1, activate the DLL filtering and normally Look 'n' Stop should detect and block the firedll (used by firehole) in all cases.

    Frederic
     
  7. BVV

    BVV Guest

    Thanks for your reply Frderic. It's working perfectly now.
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    ***** DLL Filtering BUG?!?!?!? *****
    ***** DLL Filtering BUG?!?!?!? *****
    ***** DLL Filtering BUG?!?!?!? *****
    ***** DLL Filtering BUG?!?!?!? *****


    With Firehole.exe v1.01 added to Application Filtering List with Launching rights ONLY like I do number of other Applications like Explorer.exe, and FIREDLL.DLL configured as deny with logging flag set, executing Firehole v1.01 and clicking “Start” button the Firehole Leaktests successfully bypasses DLL Filtering Layer.

    As you probably noticed I created a rule named FireHole $1.01, it is configured to Block Outgoing packets to the Firehole server (66.39.30.176) via www-http port (80tcp). If in fact FIREDLL.DLL was truly prevented from connecting rights the Internet Filtering Layer shouldn’t be catching Firehole packets informatics…
     

    Attached Files:

  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    &
     

    Attached Files:

  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Phant0m,

    Is the problem systematic ? Look 'n' Stop never detects firedll.dll ?

    If you change the Log attributes is it the same ?

    The fact to see the packets in the log is coherent with the result of test inside Firehole. The only strange thing is that firedll was anyway blocked as trying to connect.

    I will try to reproduce that.

    Thanks,

    Frederic
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Frederic


    No Look ‘n’ Stop does detect FIREDLL.DLL, but I just blocked it and configured warning flag to show you it was successfully being seen, In both cases though it still leaks.
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Indeed this anomaly is easily reproduced every time… ;)
     
Thread Status:
Not open for further replies.