outpost pro and aol...

Discussion in 'other firewalls' started by simonthetroubled, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. i am having some issues with outpost as everytime i check it with grc.com, 3-4 ports will be open that are in use by my brower - AOL. No matter what i try i cannot stealth these ports- they only appear as closed on grc. This is very frustrating as i updated from the free zone alarm which stealthed everything!! Please help someone...

    thanks,

    Simon.
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Simonthetroubled,

    To be able to offer specific advice, you need to indicate which ports are open and which applications are using them. AOL tends to be more of a problem than other ISPs since it includes an application (TopSpeed) that does accept incoming traffic, creating an open port and increasing your online visibility. If you gave this application "Trusted" status in Outpost, then it would certainly show up in online scans (as it should if you gave it server rights in ZA).

    Check the Outpost forum Aol connection rules in outpost thread for more details on configuring appropriate rules and the Online Scans - What to do with Open and Closed Ports FAQ for more general information.
     
  3. thanks for the respons paranoid2000,

    the ports used change but are usually 1030/1034, 1041-1042 and 1046. The programs are waol.exe and aolacsd.exe, i looked at the thread you recommended but there was no resolution to the issue...i deperately want to stealth these apps/ports but cannot find info anywhere and outpost support do not seem to acknowledge it as an issue.

    Simon.
     
  4. also, i have no issue with topspeed as it does not show up on the scans.

    simon
     
  5. I have sorted it. I followed paranoid200's link and on that page there is another link where someone tried disabling 'remote hosting'. I did this for all aol apps (and everything else for that matter) and now i am totally stealthed! The easiest way to do it is to remove apps from the list and then when you are prompted to create a rule - say when you connect to the net - click custom, uncheck remote host and check allow it. That solves the problem and stealthes AOL ports, its working great right now, if i have any problems ill post back.

    Simon
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Hmm...that's one way of tackling it but you may get further popups for other activities in the future since the rules you created will be quite narrow in scope. The Rules Wizard popup for Waol.exe should have offered a Browser preset as an option which would have been appropriate (you can either delete the WAOL entry in Options/Application to trigger another Rules Wizard popup or highlight the entry and choose Edit/Create Rules Using Preset/Browser to add those rules).

    Aolacsd.exe just restarts the connection if it is lost - most likely the browser preset will work for this too. Since the browser preset does not permit incoming connections, it should not affect your stealth results.
     
  7. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I also had the same problems, but here are the rules I use and all works well in block most mode and all ports show stealth at [www.grc.com].
    Picture 1

    Rule for waol.exe
     

    Attached Files:

  8. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Rule for waol.exe number two
     

    Attached Files:

  9. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Rule for aolacsd.exe
     

    Attached Files:

  10. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Rule number two for aolacsd.exe

    THE MUL
     

    Attached Files:

  11. yeah, choose browser for aol.exe, that would make sense, and maybe aolacsd.exe and all is perfect. I left aolacsd.exe without the browser setting and have had no problems so far, but i guess the safer option is to set 'browser' for it. Thanks again paranoid2000!

    Simon.
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Thanks also to The Mul for details on his settings... :)
     
  13. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    Aol is driving me crazy...

    I had set up the rules exactly as indicated by the mule ( i am using rules wizard ), windows xp sp2, aol 9.

    Every time i start aol i get messages from outlook and i am setting them to allow using the custom option ( no other option is present ), but then when i start aol next time i get another message from outlook... its frustrating. It seems that i have to allow new ips all the time?

    I have uploaded some images... the default settings of outlook did not stealth all the ports when using aol... won't pass any port stealth tests.
     

    Attached Files:

  14. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    So i allow it.. and next time i get a similar message when i start aol... this goes on and on and on...
     

    Attached Files:

  15. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Remove the ip address from your custom rule.
     
  16. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I was wondering also, have u set outpost to block most mode as well, If I am in rules wizard mode, I do get aol asking for certain rules to be made, even though I have the rules in place, but in block most mode, no more rules are asked to be made by outpost and as I said everything works well with outpost and aol and all ports are stealth.

    THE MUL ;)
     
  17. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I am still in rules wizard as i am still learning outpost.. however if the rules work in block most mode it doesnt make sense that in rules wizard mode they would not function the same.
     
  18. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    How would i do that?
    Sould i change the remote host to undefined?

    This is the custom rule as it comes up when i get the alerts.
     

    Attached Files:

  19. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    If u uncheck [where the specified remote host is] this will remove the ip address in the custom rule, but I have tried this to no avail.
    I have spent many hours and weeks trying to find the perfect rule to allow aol to work ok in rules wizard mode without asking for new rules to be set up,
    I have also asked this question on the outpost forum and searched as well in the outpost forum, but there just does not seem to be the perfect answer to this that I can find and as I have said my friend, I have spent lots of time on this, but the only answer that seems to work, is with the rules above, in block most mode.
    I already have outpost set up, so I know what u mean that u are still learning and have it in rules wizard mode at the moment, but if u find out the answer, please let me know and I will try it out.

    Your friend

    THE MUL ;)
     
  20. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    I know there is an aol rule set with look n stop... i wonder if it is possible to look at the way they did it and then use the same settings for outpost?

    Will the syntax of it be the same?
     
  21. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I am not really sure on that question, as I am not a firewall expert,u maybe able to use the rules in LNS, but u would have to have a close look at the rules first and with some help it might be possible, but It is just the time factor with me and the fact I dont get much time online and with having kids this was the easiest fix for me,
    I just could not afford to spend anymore time trying to find the answer than I already have, as my time is limited, but I do hope u find the answer soon and maybe try asking [Paranoid 2000] if he knows if u can use the LNS rules for aol in outpost, as his experience with outpost is vast.

    Your friend

    THE MUL
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    There are two possibilities here - either block this traffic or allow it to all addresses in the 172.x.x.x network. I would suggest starting with the first option with the following rule (go to Options/Application and select the WAOL program to alter its ruleset):

    Protocol TCP, Outgoing, Remote Port 7, Block

    If you find this causes problems with AOL then replace it with:

    Protocol TCP, Outgoing, Remote Port 7, Remote Address 172.*.*.*, Allow

    If you are unfamiliar with creating rules in Outpost, please review either the Web-Hiker's Guide (while it covers Outpost v1, most of it applies to v2 also) or the Outpost documentation from Agnitum's download page. You should remove the rules created by the Rules Wizard previously (they will be named WAOL Rule #1,2,3, etc by default).

    If you are failing stealth tests, then this will be because you have an Outpost rule allowing incoming traffic (most likely this will be for AOL's TopSpeed which uses port 443). You can either disable TopSpeed (and remove the rule) or restrict the rule by adding a remote address (you will need to check the Outpost Allowed logs to see if there is a specific address or address range that TopSpeed uses).
     
  23. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Here is the rule I use for Aol Topspeed and I have passed all stealth tests including port 443.
     

    Attached Files:

  24. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i have aol installed and outpost is passing the stealth test. i am confused as to what is differnt between my config and that of the poster.
     
  25. timnicebutdim

    timnicebutdim Registered Member

    Joined:
    Jan 24, 2005
    Posts:
    66
    Hello friend, i now have aol working fine in rules wizard mode, no more pop ups and all ports stealthed.. aol works fine also. The rules need checking over by Paranoid to make sure they are secure and maybe need to be refinded.. they might be overkill.

    The rules are here - http://outpostfirewall.com/forum/showthread.php?p=95098#post95098
     
Loading...
Similar Threads
  1. jhr76
    Replies:
    20
    Views:
    1,496
Thread Status:
Not open for further replies.