Intercept Loopback needed only if running proxies?

Discussion in 'other firewalls' started by nmaynan, Dec 30, 2008.

Thread Status:
Not open for further replies.
  1. nmaynan

    nmaynan Registered Member

    Joined:
    Mar 2, 2008
    Posts:
    98
    I understand the advantages of configuring an Intercept Loopback setting on your firewall when one is running a proxy (e.g., when using NOD32 3.0 AV). But in a scenario where no proxies are in play, is it still advantageous for high security to enable Intercept Loopback?

    Is Intercept Loopback's only action to provide protection when running a proxy? Or does it provide additional security even with no proxies running--if so what exactly does it protect against absent proxy use?
     
  2. neksus

    neksus Registered Member

    Joined:
    Nov 27, 2008
    Posts:
    54
    If you are running a proxy that is allowed to access internet (nod32 or similar AV proxy, some kind of internet content filter like ad/spam blocker, or maybe proxy used to share internet connection in LAN environment), and if it's bound on localhost then you can control what goes through by using intercepting function of a firewall.
    If that is not the case, IMO you don't get additional protection with it enabled.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't know how your firewall handles loopback traffic, whether it blocks or allows it by default or whether it lets you specify different permission for individual apps. IMO, loopback connections should only be permitted for applications that require them to function properly. Loopback traffic is no different than any other traffic and shouldn't be treated any differently.

    There's a leaktest that can give you a better idea of how loopback connections work. Download the PCAudit2 leaktest from http://www.firewallleaktester.com/leaktest12.htm. If any of your security software detects dll injection or global hooks, it will alert you about one when you run this test. In order to see how loopback connections are used (sometimes maliciously), you need to allow it. Blocking the hook makes the test useless. If your firewall has a status screen that lets you view connections and listening ports in real time, make it visible before running this test. This test can be very enlightening, especially if your firewall is set to ask you before allowing a loopback connection. Deny the connection requests as they appear. Even with a local proxy service running, if your firewall handles loopback traffic properly and is configured well, you can allow the hook/dll injection and still pass the test.

    I'm not a fan of leaktests or of sites that use them to rate or compare firewalls. But this particular test can be very useful, especially for working with loopback rules. Some security apps will label the hook/dll injection as malicious. In this instance, it is not. The test is harmless.
     
Loading...
Thread Status:
Not open for further replies.