Jetico 2 and Live Messanger 8

Discussion in 'other firewalls' started by Tommy, Jan 30, 2007.

Thread Status:
Not open for further replies.
  1. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Does anybody has a working ruleset for Jetico regarding Life Messanger including Cam and Voice connection? Can't find anything in the WWW.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Tommy,
    I cannot help you with a dedicated ruleset. I normally set some basic rules for an application I do not know a ruleset for, and create rules from the log.
    Basically: I set up a table:- (test)
    Allow outbound connections local ports 1024-65535 remote ports 1024-65535
    Block outbound connections with logging
    Allow outbound datagrams local port 1024-65535 remote ports 1024-65535
    Block outbound datagrams with logging

    I check (while the application is running) the "Applications" Tab, to see what ports the app as bound to for "Listen" and "Listen datagrams" and set rules to allow the inbound on these, and place a rule after each to block with logging.

    It does take a little time to set up completely/correctly, but is better than allowing all.
     
  3. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Stem, i laso started weeks ago with the same ruleset you metioned. I am testing now for arround 2 weeks Jetico with Live-MSN.
    Problem is that it is hard to identify which port, type of traffic, etc. is used for what purpose or from which function (voice, cam, etc.). MSN seams to have noo specified port range for the different functions, they seam to be total random. There are also a lot of incoming TCP/UDP connections on very random ports.
    With MSN 7 is was easy. Going to hate the Live-MSN, but i need this f......g program sometimes.
     
  4. adam777

    adam777 Registered Member

    Joined:
    Apr 15, 2006
    Posts:
    48
  5. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Thanks for the link, i will add thos into a ruleset. :thumb:
     
  6. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    These are my rules for Live Messneger. Chat and File Transfer are working for me, I am pretty sure that Voice worked but I can't recall correctly because I haven't used it recently. I have never tested WebCam.
     

    Attached Files:

    • MSN.png
      MSN.png
      File size:
      13.7 KB
      Views:
      10
  7. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Are the mentioned ports remote or local ports?
     
  8. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I think that the ports are remote.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi pcaca,

    I do think all connections are outbound (so TCP ports are remote), but as with other messengers, I think the UDP is both ways
     
  10. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    Hi Stem,

    You are probably right for UDP, as you can see from my rules posted above I have inbound and outbound allow rules for UDP on remote port 7001.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi pcaca,
    You say File transfer is working correctly with the ruleset you posted. It is just that looking at the port requirements (link from adam777), it looks like it uses similar to FTP(passive) for file transfers.

    It isnt software I use, so I am just trying to collect info.
     
  12. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    I am testing and testing. The most complivated is the WebCam and Audi feature. Amasing range of ports as well on UDP and TCP both directions.
     
  13. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    Yes it worked corectly. I am on Vista now and I haven't installed Jetico yet, buy I will install it on Vista now to confirm that it works.
     
  14. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Tommy,
    Inbound connect on port 80 o_O This could open up allsorts of problems. What are they doing.
     
  16. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    I know, but i am collecting in the moment everything what is asked by popup, later i will filter the dangerous stuffout and join the rules :) It's dificult to find out what they are doing during a chat session.
     
  17. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I have re-checked the File Transfer and I can confirm that it works for me with the above ruleset. I can send and recieve files. I haven't tested Sharing Folders.

    I can see some packets blocked in the log: incoming UDP from remote port 1227 and outbound TCP to remote port 7001, but I haven't noticed any problems during chat and file transfer.
     
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi pcaca,

    Thanks for the info.

    Have you got the audio/webcam~video active (in use)?
     
  19. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I added two marked rules to my Live Messenger ruleset and now I can establish audio conversation, although there are lot of blocked packets on random ports in the logs. I don't know what people at MS had in mind when they set up such complicated ports range in their messenger :D What is the purpose of other ports if I can make Audio conversation only with these rules.

    P.S. I don't have webcam to test video cals.
     

    Attached Files:

  20. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
  21. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    It seems that MS table has many unecessary ports there. because I can establish audio connection with my simple rule above, without that inbound 30000-65535 rule for audio.
     
  22. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Yes but it seams in connection with a Webcam your ports aren't sufficent enough, at least in my case.
    Lets see how much we can reduce the ports, what a mess :mad:
     
  23. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    Too bad I don't have webcam to test it. You can try to reduce Audio and File Transfer ports since it works with my rules.

    EDIT: First you need to reduce doubled ports. You have HTTP, HTTPS and 1863 several times in your rules.

    EDIT2: Tommy, your ruleset can be reduced, you have many repeating ports and overlaping ranges. Here is how it would look if we simplify it. I think it's too open ruleset.
     

    Attached Files:

    Last edited: Feb 16, 2007
Loading...
Thread Status:
Not open for further replies.