Jetico for everyone!

Discussion in 'other firewalls' started by olap, Jun 4, 2006.

Thread Status:
Not open for further replies.
  1. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @Stem
    2 time again false!!! IExplorer log "FullAccess", test you self again!!!

    respect to you, but sorry, what is this comment, in fisrt post pass noting
    then pass SPI yes, but non pass inbound/outbound, Please test you first!
    "Think about it,.. How can you have SPI on inbound connections!" o_O
    what is "SPI incoming packet" o_O?
     

    Attached Files:

    Last edited: Jun 8, 2006
  2. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Correct me if I am wrong, but SPI is all about incoming connections. It can determine whether or not a TCP connection is a response to one initiated by the computer than allows it if it is. It thus blocks all unsolicitated connections such as port scans, worms, etc.

    Cheers,

    Alphalutra1
     
  3. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @Stem
    no compree what yuo Think with this:
    "Think about it,.. How can you have SPI on inbound connections!"?

    and say you

    what is then "SPI incoming packet"?
     

    Attached Files:

    Last edited: Jun 8, 2006
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    olap,
    If you have a rule to "Allow ALL", then it will Allow all. It will not matter what outbound states are being kept as the rule to "Allow All" will bypass this and allow all in/out.

    SPI is to keep track of the outbound connections, to allow only replies from the connections that are made outbound, this then stops any inbound connection attempts, but your rule to "Allow all" will bypass this and allow the inbound from anywhere.
     
  5. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    Stem
    I must say false again, sorry
    very, very respect to you again, but you answer arrive slightly embarrass
    examine yuor answer
    look at carefully initially in what manner this rule work
    this rule work unusual
    accept all not accepted "continue" then accept "warning" in Log Level for all
    what you desires
    then test IE or Fox same on the test page with "FullAccess"

    http://www.it-sec.de/vulchk.php/inhalt/vulchk.php/?sid=e4bb071714d7bcdf16348980d9c01fdf&WARNING

    _READ=1&PROXY_READ=1&submit=Check+host%21

    http://www.auditmypc.com/freescan/scanoptions.asp

    https://grc.com/x/ne.dll?bh0bkyd2

    go too you Log and look at carefully

    then explain what is "SPI incoming packet", "SPI outgoing packet" what is "Block incoming packet" and what is "Block outgoing packet" and full stealthy
    I now what is "allow", but I now what "reject" is too
    then go with standard "Allow ALL" by Jetico on https://grc.com/x/ne.dll?bh0bkyd2

    Have Fun..
     
    Last edited: Jun 8, 2006
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi olap,
    I would like to continue this, and set up to show you, but I really dont have the time to waste, but, if what you say is correct, that the "Full Access" rule will block inbound connections, then the "Full Access" rule is no good for pgms such as "emule / torrent clients" etc as you have stated, as these require inbound connections to be allowed.

    Good luck
     
  7. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    Stem
    false again, sorry
    another confuse answer arrive
    how you know "Allow ALL" rule for application like eMule is direct connection,
    you non recieve event from firewall, true!
    when you connect eMule with "FullAccess", o je you recive many, many events like "Stateful UDP Inspection incoming packet","Stateful TCP Inspection incoming packet", "Stateful UDP Inspection outgoing packet", "Stateful TCP Inspection outgoing packet", "reject TCP/UDP incoming packet" and "reject fragmented packet" end work like a charm!
    same is with "µTorrent" too!
    I think that I waste my time with this discussion, all this I have tested before
    sharing Rule file on the net, if this is hard for you swallow up, go!
    for what all this, you can wast your time 5 min for test!
    I go
    Sailin' the high seas, matey! Away and away....
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I think you really need to read up on SPI, a starting point is http://en.wikipedia.org/wiki/Stateful_firewall
    You should get an understanding that with programs such as "emule" that require inbound connections,... these are unsolicited inbound connections,.. there is no prior knowledge of the IP`s that will ask for the inbound connection,...

    EDIT:
    To run a very simple test, I have installed a "Torrent client" while running this with "Fullaccess" rule, unsolicited inbound connections where allowed. This just confirms that the "Fullaccess" rule is dangerous to use for browsers.
     
    Last edited: Jun 9, 2006
  9. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    another very, very confused answer
    I believe only in Log screen like this:
    I see that you need little help with this rule, just ego is to big!
    then you maybe understand that application is not direct connected, but through a firewall!
    see to Log screen and folow "continue"
     

    Attached Files:

    Last edited: Jun 9, 2006
  10. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    IE & Skype
    then you maybe understand that application is not direct connected, but through a firewall!
    see to Log screen and folow "continue"
     

    Attached Files:

  11. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Very amusing lol.
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    olap,
    You have a lack of understanding on this.
    It is not what is being blocked that is of any interest or concern to me, it is what is being allowed.
    Your ruleset allows inbound TCP SYN packets (unsolicited inbound connections) to any/all ports, this I have checked with a torrent client. This is a major problem when the ruleset is used with browsers.


    These posts are,........ but the fact users will be online, possibly with IE using this ruleset is not, I just hope they have a good AV that can catch worms etc.

    This is my last post on this, as olap just cannot understand that if the ruleset will allow inbound connections for a torrent client, then the exact same ruleset when used for a browser is going to allow inbound connections for that browser.
     
    Last edited: Jun 10, 2006
  13. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    dear Stem I understand very, very, good!
    and I understand your frustration too
    took a two day off, and then come back
    résumé of the our informal discussion on this rule, from your first post where "FullAccess"
    rule alow all, be arrive only on "TCP SYN packets", how to? strange! what yuo thinko_O
    false again, you be only slightly confused
    Fox & IE with "FullAccess" rule
    folow "continue"

    test from: https://grc.com/x/ne.dll?bh0bkyd2

    Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

    Everyone be able to make this probe, if you need help how to enable event in Jetico ask!

    Have Fun...
     

    Attached Files:

    Last edited: Jun 10, 2006
  14. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    olap, any updates on ur bcf config?

    i am really a idiot on this:D
     
  15. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    Update:

    To convert "Olap.bcf.txt" to "Olap.bcf "!
    Open one "Folder" go Tools-->Folder Options-->View-->unstick "Hide extensions for know file types" -->Apply-->OK
    Now right click on file "Olap.bcf.txt"-->Rename then delete ".txt"
    By popup "Rename" click "Yes"
    Thats it! Enjoy.
     

    Attached Files:

    Last edited: Jun 11, 2006
  16. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,565
    When this thread first came up I thought it would be a way to get Jetico to install and run. Now two people who know a lot more than me cannot agree on a safe way to set this up correctly, what chance do I stand. Maybe I should leave well alone. This really seems to be a geeks or experts f/w (no insult intended). From the little knowledge I have, Stem's argument seems more logical.
     
  17. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    You have two possibility, make rule alone [how you say "little knowledge I have"(is no insult)], and test you configuration on the net, or applying rule for someone with few more experience, and again test on the net.
    question is, which variant is comfortable for you!
    with updated rule you can see Log "Block All not Processed IP Packets".
    Your verdict

    Have Fun...
     
    Last edited: Jun 10, 2006
  18. Drazhar

    Drazhar Registered Member

    Joined:
    Jun 10, 2006
    Posts:
    4
    Hi everyone!

    I´m using this Rule Set (thanks Olap!), but I tried the TrueStealth test and I only have 3 ports stealth and the other ones Closed, so I don´t pass the test. Is this correct? If not, can anyone help me?
    I´m using mozilla firefox (last update) at FullAccess.
    Beside, I have some problems with svchost, because I have to change it in the rules with mine because ther isn´t another way to have internet. Thank you very much!
     
  19. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    explain your internet connection, problem is only with your "svchost" rule
     
  20. Drazhar

    Drazhar Registered Member

    Joined:
    Jun 10, 2006
    Posts:
    4
    First of all sorry about my english, I´ll try to do my best.

    I´ve got a router. Svchost seems to change its hash code, I don´t know why. And when I try to use irternet frist time I install Jetico, I have to do a Rule for it with full access (or change yours to point my svchost.exe). If I don´t do that I can´t use my internet connection. I use FullAccess for Firefox and IExplorer. If you need to know something especific, please tell me (I don´t know what you need to know) .

    On the other hand, what about the TrueStealth test?

    Thank you very much for your attention!
     
  21. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @ Drazhar

    Restart Jetico with fresh updated "Olap.bcf" rule
    this rule is configured for "winxp pro sp2 English Edition", if your "svchost" change its hash code then you have different "win OS".
    1. go "Application Table" and direct all "svchost" rule to your system "svchost" point
    2. go "Ask User" table and direct all system application rule to your system point
    3. go "IP Table" and kindle "Allow DHCP request" and "Allow DHCP reply"
    4. go "Start"-->"All Programs"-->"Jetico"-->"Configuration Wizard"
    go "Trusted zone" and enter your "Router" IP (example 192,168.2.0/255)
    start your "browser" with "FullAccess" rule
    test on internet and come back

    Have Fun..
     
    Last edited: Jun 11, 2006
  22. Drazhar

    Drazhar Registered Member

    Joined:
    Jun 10, 2006
    Posts:
    4
    Okey, I´m here again!

    I do want you tell me and now I have internet access. I tried again the TrueStealth test, and I have the same ports closed and 3 stealth. What I have to do now to turn all that ports stealth? Thank you for your help and sorry if I´m a bit boring! :'(
     
  23. olap

    olap Registered Member

    Joined:
    May 20, 2006
    Posts:
    95
    @ Drazhar
    Your "Win OS"?
    create one screen jpg from Jetico "Ask User" table and post
     
  24. Drazhar

    Drazhar Registered Member

    Joined:
    Jun 10, 2006
    Posts:
    4
    Here it is!

    Spanish Windows xp sp2 I think. Thanks again ;)
     

    Attached Files:

  25. controler

    controler Guest

    Olap

    Is your current ruleset for a computer without a router or will it work with a router also or is do I need to set it up diferent?

    I have to admit, when I first installed your last ruleset, I was wondering about the full access also. It looked starnge to see that as a rule.

    controler
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.