Rule for Weather Monitor parsing?

Discussion in 'LnS English Forum' started by Q Section, Oct 30, 2003.

Thread Status:
Not open for further replies.
  1. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello Everyone
    Just trying out L&S for a bit.

    We are using a program/application that parses weather information from a weather page and reports it to an interface on our screen. Under the default rules it does not have access to obtain the data. How can we find the manner to make a rule so it will work? BTW - the app parses the weather site every 5 minutes.

    Also there is no xxx.exe to add or enable in the Application Filtering section. Right now the app uses Windows Explorer to obtain the data which is enabled. When we try to manually obtain the data the log file says "TCP: Authorize most common Internet services" and "UDP:Stop NetBIOS". If we enable UDP NetBIOS and save the change it still does not work.

    Any ideas?
    Thank you
     
  2. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Not knowing which program it is, i can't check it out, but do this :
    clear the log and fire your app. This will fill new logs of entries and this way you will know what it bing blocked. From there, you will be able to make the needed rules (s)
     
  3. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello MickeyTheMan

    The program is True Launch Bar / Weather Monitor plugin. Upon trying your suggestion we get:

    UDP: Stop NetBIOS

    By the way - why is Look and Stop trying to access the net and why do we see all these:

    ARP: Authorize all ARP pcakets


    Thank you for your help.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey QSection

    Look ‘n’ Stop checks for updates when "Check if a new version available" is checked in Options screen or whenever you manually click “Check now” button.

    You are seeing “ARP : Authorize all ARP packets” because you enabled warning flag on that rule in Look ‘n’ Stop Internet Filtering screen. I wouldn’t recommend leaving that warning flag on though.

    Please E-mail me the most recent Look ‘n’ Stop Log file located in \Soft4ever\looknstop\logs\ just after attempting to use that program, my e-mail is in my wilders profile…
     
  5. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Ahaaa! After trying a few more settings we found that the "Windows 32-bit VxD Message Server" was the one used to connect to obtain the weather data. We enabled this so now it works just fine. Are there any security reasons to not have this enabled usually?

    BTW - thank you for the assistance.
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey QSection

    This makes since considering you said “We are using a program/application that parses weather information from a weather page”, wouldn’t that be over port 80tcp?!?!? And I definitely knew the rule "UDP:Stop NetBIOS" didn’t correspond with your anomaly.

    To answer your question, the answer is no…
     
  7. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Thank you so much. :D
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Anytime. ;)
     
Thread Status:
Not open for further replies.