Practical problems with jetico v1

Discussion in 'other firewalls' started by bonedriven, Jan 15, 2007.

Thread Status:
Not open for further replies.
  1. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I have just dropped ZA for it's too big for me and turned into jetico v1.But I find it really hard to set.Here I have 2 questions:
    1.I 'm using Itunes as my audio player but I don't need its ipodservice which loads everytime the player starts.I have to close its process by myself.Can jetico possibly stop it from loading?I have tried to set the rule in the process attack table which reject it in any event but it still failed to block it.

    2.ARP attack happens a lot in my internet environment.How do I set the firewall to defend this kind of attack as I see it accept all ARP requests by default.

    Thanks a lot in advance!
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello bonedriven,
    1]There is no "Execution Prevention" within Jetico (it cannot block a program from starting).

    2] JPF1 does not have defineable ARP rules (only inbound/outbound). These have been added in JPF2(mac address entry), which is currently in Beta.
     
  3. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Thank you,Stem!

    Now I'm clear with the two questions.I tried Jetico v2 before but I couldn't stop its pop-ups because those pop-ups didn't even give a choice to be remembered.Maybe it's my settings problem but anyway I gave up on it.

    So do you have any other firewall to recommend?I think I need one which can defend ARP attacks and it is light.I don't need those ad block functions because firefox has done a good job on it(I tried LnS too but it couldn't function properly on my computer).Any advice?
     
  4. vhick

    vhick Registered Member

    Joined:
    Jan 21, 2006
    Posts:
    224
    Location:
    Noypi.........


    sir, you can use services.msc



    click start->run->type services.msc



    find the ipod service there...
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This problem would possibly be due to either:
    The version you had installed, the evaluation period had expired.
    OR
    You where logged on without full Admin rights, (there is "Access control" in JPF2, and you would need to change the settings to be given the correct access for rule creation for limited accounts)

    You could still use JPF1 in combination with Netcut (ARP spoof / Attack prevention)
     
  6. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Thanks for your help,vhich. I tired that before actually.It couldn't stop it from running either.I have never seen such an official rogue.Maybe it's time to find another player.
     
  7. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I remember its popup boxes are all about "network activity detected".After I oked one or two dozens of boxes,I gave up coz I was not sure if it would end if I continue my stupid ok....
    I am the only admin and there is only one account on my pc.



    I'm very impressed with its cut-off function.Hahaha..For me it's kind of a revenge tool....
    Thanks a lot,Stem!
     
  8. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    If the service is using its own executable you can use Software Restriction Policies to block it
    For Windows XP Home
    https://www.wilderssecurity.com/showpost.php?p=814484&postcount=31
    https://www.wilderssecurity.com/showpost.php?p=817473&postcount=60
    For Windows XP Professional
    https://www.wilderssecurity.com/showpost.php?p=747463&postcount=26

    Replace avnotify.exe with the executable used by the ipodservice.

    If you are interested read this guide about Group Policies http://www.dedoimedo.com/computers/policies.html
     
  9. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Thanks a lot ggf31416!
    It works!I never tried group policies to do sth.I also saved the link page.:)
     
  10. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I don't wanna open a new tread but I do have new problem with it.Recently,I was forced to reply jetico's pop-ups when playing Warcraft3 several times.It said that "system is sending datagrams with TCP/IP protocol to 169.254.219.12 or some different IPs,and the remote port is 137.
    Anyone know what's that??Do you need further information?If that's normal what should I do to make jetico quiet about it?
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi bonedriven,
    Port 137 is one of the ports used for netBIOS
    You should disable this when connected directly to the internet.
     
  12. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Thanks Stem!
    That's very clear and I've disabled netBIOS(even in the service part).I don't quite understand "connected directly to the internet" because I think I'm connected through our school's LAN first,but it seems that everything still works fine at present.:rolleyes:
     
Loading...
Thread Status:
Not open for further replies.