IE connections /JPF V2

Discussion in 'other firewalls' started by shaunwang, Sep 6, 2006.

Thread Status:
Not open for further replies.
  1. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    C:\Program Files\Internet Explorer\iexplore.exe 3336 outbound connect 381 1640 0.0.0.0 2031 202.156.243.177 1105

    is this port supposed to react to 1105 or port 80 o_O
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: JPF v2 beta progress.

    This looks like a re-direct. Are you connecting to this IP before this remote port connection? What rules are you using for IE (browser rules?)

    Is this your ISP?

    inetnum: 202.156.192.0 - 202.156.255.255
    netname: SGCABLEVISION-SG
    descr: StarHub Cable Vision Ltd
    descr: Singapore Broadband Access Provider
    country: SG
     
  3. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    Re: JPF v2 beta progress.

    yes stem this is my isp is this supposed to be working like this ??
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: JPF v2 beta progress.

    What is you current ruleset for IE.
    You can use the default ruleset, but for IE you will need to add a rule to allow send/receive datagrams to remote 127.0.0.1, then place a "block all" rule at the end of the ruleset (set with logging)
     
  5. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    hi stem I done what u have said,

    this is taken from Applications

    C:\Program Files\Internet Explorer\iexplore.exe 3700 outbound connect 381 1640 0.0.0.0 1258 202.156.246.130 1105
    C:\Program Files\Internet Explorer\iexplore.exe 3700 outbound connect 381 2932 0.0.0.0 1256 202.156.246.130 1101
    C:\Program Files\Internet Explorer\iexplore.exe 3700 outbound connect 381 2890 0.0.0.0 1255 202.156.246.130 1102
    C:\Program Files\Internet Explorer\iexplore.exe 3700 outbound connect 381 4507 0.0.0.0 1254 202.156.246.130 1101

    202.156.246.130 is my ISP

    why is this repeating, by right shouldn't the port be focusing on 80 or 443?
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,

    These would be blocked if you have placed the "block all" rule at the end of the ruleset.
     
  7. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    this the web browser section

    accept disabled TCP/IP inbound connection C:\Program Files\Mozilla Firefox\firefox.exe any 127.0.0.1 Hash D83EFFFB 764BCA4D EC54FCA9 7B7D59A1 B44485BB
    reject disabled TCP/IP outbound connection C:\Program Files\Mozilla Firefox\firefox.exe any 127.0.0.1 Hash D83EFFFB 764BCA4D EC54FCA9 7B7D59A1 B44485BB
    accept disabled TCP/IP send datagrams any 127.0.0.1
    accept disabled TCP/IP receive datagrams any 127.0.0.1
    accept disabled any access to network
    accept Allow http disabled TCP/IP outbound connection any any any 80
    accept Allow https disabled TCP/IP outbound connection any any any 443
    reject blockrules info any any


    I have added this in, then I realise that DNS also affected, hence I not too sure my dns settings are correctly.

    Means when u use this rules, in Ask User Table, IE is set to web browser and dns section , if dns is below web browser rule then it will appear screen cannot be display if dns is on top of web browser rules then it will access..
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    For DNS (with DNS client disabled), you can add a rule at the top of your browser ruleset to allow TCP/IP send/receive datagrams remote IP="name server" remote port 53.
    You should also block firefox inbound connection from localhost(127.0.0.1)
     
  9. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    but if u block firefox inbound my firefox will not start o_O

    and this doesn't solve the 1101 problem
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You only block the inbound from local host(127.0.0.1).
    You already have a rule to block the outbound to 127.0.0.1, so there should be no inbound from 127.0.0.1, if there is, then something is wrong.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Then you have not set your rules up correctly, or you have other rules allowing the outbound connections.
     
  12. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    hmmm then firefox will not start, its like it hangs in the taskmanager when I block inbound connection 127.0.0.1 when I accept it again, it works.

    my rules a bit weird now, O I forget to mention to u that,

    whenever I test comodo, the same thing happens, 1101 is outbound with iexplorer.
     
  13. shaunwang

    shaunwang Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    94
    LOL Stem I understand fully what's happening,

    Admuncher is the culprit for all the redirections seems like I forget that this popup destroyer uses this technology to kill almost all the popups.....

    Thanks Stem at least now I understand that firefox do not need those unless admuncher is switched on, I have to allow inbound connection to firefox, if ad muncher is switched off, then I have no problem launching .
     
Loading...
Thread Status:
Not open for further replies.