NIS2004 blocking trusted site ?

Discussion in 'other firewalls' started by Sweeney, Apr 7, 2004.

Thread Status:
Not open for further replies.
  1. Sweeney

    Sweeney Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    2
    I use NIS 2004 on win XP home sp1. I run Folding@home and have the ports it uses entered as trusted sites. These are 8080 ports entered as a range for download and port 80 ports for upload.
    I have the program entered as allowing all conections.
    The uploads to port 80 are fine but the downloads from the 8080 ports are blocked.
    I understand that NIS lets any trusted site through without any action so I'm puzzling out why 8080 ports are blocked. If I disable NIS the downloads are fine.
    The other event, which may be linked, is that I get blocks of TCP non syn/non ack packets on invalid connection, in blocks,all the time and understand that these could be TCP ping packets. I ignore them.
    I always get one single TCP non syn/ack packet when the folding@home port 8080 download is requested. Could this be the problem ?
    I have no special rules, I block all cookies and referrers except to selected sites, I have all my programs ruled and don't use auto.
    Removing these restrictions makes no defference to the problem.
    Any ideas ?

    Sweeney
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The ports entered, or do you mean you have the remote IP(s) entered in the trusted zone?

    That is my understanding of the trusted zone as well: "Trusted zone: Computers not regulated by Norton Personal Firewall."

    These "TCP non-syn/non-ack packet on invalid connection. Packet has been dropped" log entries can be a few different things. Usually they are just late packets that NIS no longer considers part of valid connection. These entries are where you will also see certain types of stealth scans being dropped that the firewall previously could not stealth and were not part of the IDS signatures (the message flags are the key here). This stateful filtering was introduced in NIS/NPF2003, and I am uncertain exactly which component of NIS/NPF is actually doing it. It is not something that is configurable.

    This is something that could be timing out your connections from remote systems.

    If you are going to use the trusted zone, make sure all required remote IP's for the remote systems are entered.

    You could also make some custom rules for these same IP's in your General rules allowing the required communication inbound and outbound and place them at or near the top.

    Regards,

    CrazyM
     
  3. Sweeney

    Sweeney Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    2
    Thanks for the help CrazyM.
    Yes, quite right, I meant that I entered the IP address' in trusted as a range; there are around 70 possible servers that could be selected for download on port 8080.
    I'll try a specific rule to get more logging. I may get lucky early.
    The tcp syn/acck looks like it may be red herring then.
    I'll post back when I get more to go on.

    Regards,

    Sweeney
     
Loading...
Thread Status:
Not open for further replies.