Look ‘n’ Stop Application Filtering disadvantages

Discussion in 'LnS English Forum' started by Phant0m, Feb 13, 2005.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Look ‘n’ Stop Application Filtering disadvantages

    1) The incapability to backup and re-apply
    2) Incapability to specify a port to address.
    Benefits to specify port to address;
    - Passive FTP issues
    - Application: Windows Explorer
    - - Ports And IP address selection –
    TCP
    - Ports: 443
    - @ IP: 142.123.23.11

    Now if I were to use Internet Explorer with Passive FTP setup, Windows Explorer on XP is seen making TCP initiating connection to FTP server via port 21. Not a problem, add port 21 to the TCP Ports field, now I try to download file off of FTP server, whoops blocking! Reason; the specified IP for port 443 is at fault, have two options, keep manually adding FTP server IP addresses all throughout the days or empty the “@ IP:” field. Since manually adding/removing FTP server address to the list is out of the question, so empty the IP field it’ll have to be, but now Windows Explorer can connect to any legit or not IP addresses through TCP ports 443 and 21. Done? Wait a minute! Trying to download off of FTP server I see further blockings, what? Reason; Temp range TCP ports usage for Passive FTP data connections, what does this mean? Back to modifying for applications “Ports And IP address selection”, add 1024-5000 to the TCP ports list s required. Now what do we have here? Windows Explorer being capable of use to make TCP initiating connections to any remote machine through ports 21, 443, and 1024-5000. And now I’m asking myself what is the point to even bother using “Ports And IP address selection” feature? I’m experiencing these problems with a lot of things I run….
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Phant0m,

    1)
    By using the "extra save" option it is normally possible to save the application filtering in a .reg file and re-apply it later.

    2) My understanding of passive mode was only port 20 and 21 are required in client mode. It's true that it is not sufficient with IE, I don't know why.
    Using another FTP client (Smart FTP) PASV mode seems to work with allowing only 20 and 21 ports. However, one packet using a port above 1024 is blocked at the beginning of the connection.

    Anyway we will try to improve that in the next version to be able to specify source & dest ports and perhaps depending on client/server TCP usage.

    Regards,

    Frederic
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hi Frederic

    Thanks for responding.

    1) Yes, I use “Extra Save” and "Common to all users" but regardless if it is the same Windows Install session I always get what you will see in the below attached image.

    2) Yes you are correct; IE is exceptionally different than standard third-party FTP clients, as for using third-party FTP clients, everything that even comes close to what I like in a FTP client requires purchasing something I can’t afford. And all free-wares are limited or not what I’m seeking in a FTP client.

    And IE were just an example, mIRC being another, and I have entire list I can go through.

    That would be a very big improvement, but that’ll still leave an issue with port or ports applying on global scale to everything listed for “@ IP:” field. :(
     

    Attached Files:

  4. birdie

    birdie Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    8
    @Phantom.

    Have you ever tried Filezilla?
    I like it a lot AND it is free!

    :D
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok, in this case, this is simply a bug. Not yet reported by a lot of people (or perhaps once, because now this issue sounds a little bit familiar to me).

    Frederic
     
Thread Status:
Not open for further replies.