Jetico: Half-baked Application SPI or me?

Discussion in 'other firewalls' started by ftoomsh, Jul 28, 2006.

Thread Status:
Not open for further replies.
  1. ftoomsh

    ftoomsh Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    3
    Jetico test configuration:
    - Factory settings
    - "Optimal Protection"

    Direct connection via DUN/RASPPPoE; Modem in Bridge mode, no NAT et all. Meaning to say no "active" protection whatsoever and nothing out of the ordinary to report for the past I don't know how long!

    Issue: I've a Workstation PC (not acting Gateway at this time) and desire to run with Jetico, without fuss or degrade to security, basic Server processes; a FTP daemon, VNC and then some. Even though outbound monitoring and ultimately control is my only real interest and concern!

    Problem: "Application" rule can be [accept any *] (or specific) and yet really must I add a permanent "System IP" rule for Port 21 (FTP) fixed open? If I omit this additional rule, remote borne connection requests always hit the Jetico wall.

    2006-07-28 5:38:26.914 reject Block All not Processed IP Packets 40 TCP incoming packet 4.79.142.206 me.me.me.me 58298 21 TTL: 110; TOS: 0; ID: 0080; TCP flags: SYN ; TCP Seq: 75661AD5

    Sure one defines similar rules in their hardware router but in software we can make forward decisions based on the statefulness of resident applications and their present bindings all the while obeying your rules aimed at them. That is in a nutshell, open and shut doors and restrict access dynamically on a case application need basis.

    So yeah, network/registry issue or is this a Jetico limitation?

    Note the Application protection component layer does function OK otherwise I wouldn't be wasting my time, I recognize Jetico's power as a table rule based firewall and strong process I wish I could say integration and tie to packets a la full blown SPI?

    High time I coded my own PF. Though I favour Sandboxing. I hear you, Paranoid2000, Phant0m, I hear you.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    For the FTP server, have you used the FTP server ruleset?
    I have only run servers on my local lan for testing rules based firewalls, I did run jetico with an FTP server with the FTP server ruleset, without a need for an IP rule.
     
  3. ftoomsh

    ftoomsh Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    3
    Have, the first rule tried, initiated by way of pop-up on outside connection attempt. The darn Action even lights up to signify activity and rule compliance during a hit on port 21.

    Application Rules/Tables tested individually as well as stacked include:
    - "FTP Server"
    - "Application Trusted Zone"
    - An all-out total and absolute accept all overriding rule as well minus all other Application rules to be sure.

    This instance we're talking pub, non-local, a distrusted zone.

    https://www.grc.com/x/PortProbe=21

    I ask then, using the grc test above, can anyone out there running a FTP server & appropriate Application rule get anything but Stealth, i.e. want an Open|Closed result, with Jetico on factory default "Optimal Protection" rule set ?

    Else I'll put it down to just me and my PC, a software conflict.

    Jetico is an awesomely tight application-internet firewall, I fail to see how the devs would overlook something so trivial yet somewhat compromising.

    I wouldn't mind so much this need for an explicit System IP rule IF my ports were stealthed WHILE no process is bind to them.

    Let's not debate the usefulness of stealthing ports. ;) It's not like, Woo! I'm hidden from attackers! Which is seldom the case. It's more a matter of keeping my line free than congested by wasted packets, acknowledgement returned to probes/scans that may even contribute to a DDoS should you be the target of one.
     
Thread Status:
Not open for further replies.