Firewall doesn't prompt when opening port using IP 0.0.0.0 (all interface)

Discussion in 'ESET Smart Security' started by freesurfer, Nov 17, 2007.

Thread Status:
Not open for further replies.
  1. freesurfer

    freesurfer Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    57
    Good day,

    I'm using ESS v3.0.563.0, firewall in interactive filtering mode.

    I have 2 programs, Apache HTTP Server and Diskeeper, that opens port using IP 0.0.0.0 (all interface). I wanted to keep the ports open locally only (block internet and LAN) but ESS doesn't prompt when these program runs/open ports and when accepting connections from the internet (I used grc.com's Shields UP to test for the ports). I tried switching the protection mode, Strict protection and Allow sharing, but still no prompt, still open to the internet.

    Then something unexpected happens (considering the situation). While in the process of restricting programs (settings allow/deny rules, more on it later), I was able to have ESS prompt for connection accept from the internet. The rule I was setting up allowed a certain protocol/port open, for the specified program (in this case, Diskeeper), from localhost (127.0.0.1). When I tried to scan that port from the internet, ESS prompted. When the rule was removed (leaving no other rules as it's the only rule), ESS didn't prompt.

    A "trusted" program that accepts connections supposedly locally only (such as those that has a service component and/or uses TCP/IP for communication between components) can be accessed from the net. This makes such programs a potential security threat/loophole as it is open to the internet for abuse.

    Unless I'm missing something, some obscure settings tucked in the bowels of ESS, then I hope that ESET can fix ESS to recognize the all-interface IP (0.0.0.0) and prompt accordingly if it should accept connections locally, from the internet, or not at all.

    (for those curious, I create two types of rules for programs, an allow rule specific to a certain protocol/port/ip, and a deny all.).

    Regards.
     
    Last edited: Nov 17, 2007
  2. freesurfer

    freesurfer Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    57
    Weird. I can't seem to recreate this problem now. I just hope it stays that way. But I noticed something off, something somewhat not consistent w/ the overall behaviour of ESS' firewall.

    Normally, ports are either stealthed (no reply) or open. But why is it that when in interactive mode and you deny an incoming connection (one-time), the port still replies? In a one-time deny, shouldn't the firewall wait for the user instead of immediately acknowledging the request?

    Oh well, I'll just post a new thread for this.
     
Thread Status:
Not open for further replies.