Jetico making me crazy.

Hi Thomas123,

There is a problem with your setup, as your LAN should only cover the IP range shown, which is 192.168.0.0 to 192.168.0.255. Can you please check the IP that have been given to the 2 PC`s,... go to start menu, select "run",.. in the window that appears type cmd this will being up a screen,.. at the prompt type ipconfig /all ~leave a gap between the g and / (a list will appear), please note the "Default gateway" IP and the "IP address" for both PC`s

 

Computer 1

http://xs209.xs.to/xs209/06471/home1.JPG

Computer 2

http://xs209.xs.to/xs209/06471/home2.JPG

 

O.K. so from that info, the rules you have created should be changed.
1.
Action: Accept <----REJECT
Protocol: TCP/IP
Event: inbound connection
Application: System
Local address: Any
Remote address: 192.168.88.1
Local port: 139
Remote port: Any

2.
Action: Accept<----REJECT
Protocol: TCP/IP
Event: inbound connection
Application: System
Local address: Any
Remote address: 192.168.100.1
Local port: 139
Remote port: Any

When I browsed the shared folder on my other PC, Jetico popped up a fews time and then I added the following rules:

1.
Action: Accept<----REJECT
Protocol: TCP/IP
Event: outbound connection
Application: C:\WINDOWS\system32\svchost.exe
Local address: Any
Remote address: 192.168.88.1
Local port: Any
Remote port: 80

2.
Action: Accept<----REJECT
Protocol: TCP/IP
Event: outbound connection
Application: C:\WINDOWS\system32\svchost.exe
Local address: Any
Remote address: 192.168.100.1
Local port: Any
Remote port: 80

Action: Accept
Protocol: TCP/IP
Event: receive datagram
Application: C:\WINDOWS\system32\svchost.exe
Local address: Any
Remote address: 192.168.1.1 <-----Change to 192.168.0.1
Local port: Any
Remote port: 53

Go to the windows "start / all programs / Jetico personal firewall / (select) configuration wizard. When you run this, you will come to the "trusted zone", make sure that your LAN IP is placed there, this will be 192.168.0.1/24, the only other entries should be 127.0.0.1,... if there are any other IP`s, such as 192.168.1.0 remove them.

Is the router wireless?

 

No, my router is not wireless.

And, after I added "192.168.0.1/24" and removed everything except "127.0.0.1" in Configuration Wizard, I closed the wizard and reopened it. Besides the entries which you suggested me to add to there, I saw two extra entries there. They are "192.168.0.0/24" and "127.0.0.0/8"

 

Yes, sorry, your LAN is 192.168.0.0/24,... the 127.0.0.0/8 is o.k. as this is still the loopback adapter.

I am not sure as to why you where getting the inbound from 192.168.88.1 / 192.168.100.1, or the outbound to these IP`s,... I thought at first that you may be using wireless, and that someone else was using your LAN.

 

Thank you.

I have fixed the settings in Trusted Zone and the firewall rules.

I thought "192.168.88.1" as the "Gateway" and "192.168.100.1" as the "Cable modem", which made me believe they were safe...

Oh! And I have one more question. Do you have a set of recommended rules for Automatic Windows Update? I find that svchost.exe connects to different Windows Update servers every time when Windows checks for updates. Is there a defined network for Windows Update server? I think the default setting in Jetico is not good enough to handle Automatic Windows Update

 

Hi Thomas123,

Unfortunatly, as you mention, microsoft use many update server and many mirror sites, and these change depending on location,... what I do myself is to create 2 rules for svchost, one to allow all outbound TCP to remote port 80, and another for remote port 443,... I then only enable (tick) these rules when I make an update (I personally leave auto updates disabled) and make a manual check on updates every couple of days or so. I then disable those rules.

 

Well, it seems I have to disable Automatic Windows Update...

On the other hand, I have just figured out where 192.168.88.1 and 192.168.100.1 belong to. When I used the computer that had VMWARE installed, I found out 192.168.88.1 and 192.168.100.1 belonged to VMWARE. These IPs were added automatically to the Internet Zone in ZoneAlarm Free.

So, did I configure my rules in #623 properly?

 

If the Vmware network/LAN was active, then Jetico should pick that up automatically,... there would/should of been an entry in the trusted zone as: 192.168.0.0/16 which would cover all the LAN.
To answer your question. The first 2 rule,s inbound local port 139, is for NETbios (filesharing), so yes, if NETbios was enabled. As for the outbounds to the 2 IP`s for remote port 80, I am not sure as to why this connection would be needed for Vmware. When I have Vmware setup, I do not allow internal connections (Host->client), I only normally see svchost connecting out to remote port 80 for updates, or if windows help/support is enabled. The UDP inbound would be coming from the vmware gateway (for DNS)

 

I made my computers share files with VMWARE. I also configured VMWARE to share files with my computers. Does it explain what the connections do?

 

I have answered this question. (re-read my last reply)

 

Thank you for your kind help.

 

If you currently have VMware setup (using these IP`s), then just run the jetico "configuration wizard", and add 192.168.0.0/16 to the "Trusted zone", this will then allow all comms Host <-> Client. (you can then remove any rules you have created for svchost to connect to the VMware OS)

 

Maybe someone (Stem? ) can help me identify the source of this type of packets I am having regularly logged as rejected by Jetico...
Here is one example:

20-11-2006 18:11:24.250 reject Block All not Processed IP Packets 328 UDP incoming packet 0.0.0.0 255.255.255.255 68 67 TTL: 128; TOS: 0; ID: 0000

While the IPs are suggesting some internal system protocol/service, the oddest detail here to me seems to be the incoming UDP to port 67...

Thanks in advance!

 

Hi Roger_,
These are DHCP broadcasts, unless you are having problems getting your IP (or you are having connection problems) then you can simply leave these blocked.

Some info for DHCP

 

Hi Stem,

Thanks a lot once again!
Just had supposed the default pair of rules on the System IP table that are related to DHCP handing covered all that is required:

accept Allow DHCP request disabled UDP outgoing packet any 255.255.255.255 68 67
accept Allow DHCP reply disabled UDP incoming packet any 255.255.255.255 67 68

 

Hi Roger_

You need to check the rules, inbound/outbound ports allowed, then check the packet (local/remote ports) that is blocked.

You will see that the "allowed inbound" rule in Jetico for DHCP is source port 67 destination port 68. The inbound packet that was dropped is source port 68, remote port 67.

 

Yep, I did notice!
But I presumed this traffic would not occur as it was not covered by those existing default rules for DHCP from 'Optimal protection'.
So, this just means this set of default rules is not complete after all...

 

Hi guys and greetings from Greece!
man,this is an amazing job you've done here,it's like the "bible" of jetico
i used to run Sygate for a couple of years,then i had to look for something else..ZA free was just..not enough,tried NetVeda and though it's promising,it gave me a hard time with its configuration..Comodo would be perfect if there was a lighter version and did not hit 20-30% cpu usage and 30-40megs of ram..so i tried Jetico..this thing is so light and has such a simple logic behind it that made me stuck with from the moment i installed it and i think it will be for a looong time

 

I have given Firefox 'Web Browser' permissions.

I downloaded Martin's Keylogger as per thread:
https://www.wilderssecurity.com/showthread.php?t=153189
to test BoClean.

Why is Jetico asking me for Outbound TCP/IP permission for Firefox?
Shouldn't the default Web Browser rule (i.e protocol ->any, event->any)
cover this ?

 

Web Browser rules only cover normal http(80) + https(443) remote ports and occasionally some sites use other ports.
Check what ports are being asked permission by Jetico.
Also check wheather you are using some proxy server (different port also).

 

hi!

i want to try jetico either of the two version.

i use LnS i i thought this is hard to configure but im wrong. i think jetico is much harder to configure because i have no knowledge in ports what so ever.

LnS is now easy to configure because ruleset is ready made you can download.

please help me configure this in some basic step.

im only use dialup connection.

thank you very much and to hard woking member, sir stem!:wink:

 

You should start with Jetico1.
Jetico2 is still in beta, and still causing problems on some setups.

Most of the rules needed for basic operation are included in Jetico1. You will receive a number of popups for svchost, but this will depend on the windows services you have running.

Please post to let me know which O.S. you are running. We can then go through the installation of Jetico1 (and possibly disable any un-needed windows services), and I will explain the popups you will get and how to handle them.

 

thanks sir! i do a clean install and i write down the popup came. its hard for me because i dont have machine for testing.

im using windows xp sp2 and 56k dialup connection...

 

sir stem, i re-read all post. from what i understand.

for example if one program start, it ask for "access to network". just allow it.

and when the progam is ask for connection through internet, just allow it and this is the time you edit the rule its created by the program through configuration tab in jetico.

is this correct?

question:

how can i know what specific port is used by the program?

what is the difference between remote and local?

what is the difference between remote address and remote port?

what is the difference between local address and local port?

sorry for this sir but but im a newbie in this kind of environment.

thanks sir!