Shareaza, µTorrent + ESS advanced rules

Discussion in 'ESET Smart Security' started by brunos, Jan 26, 2008.

Thread Status:
Not open for further replies.
  1. brunos

    brunos Registered Member

    Joined:
    Jan 5, 2008
    Posts:
    20
    Few people asking me to create them ESS more safer rules for:

    a) Shareaza
    b) µTorrent


    Some of them for Shareaza use previous rules with Agnitum Outpost Firewall Pro 3.5 and 4.0 as you can all read about it via: http://www.outpostfirewall.com/forum/showthread.php?t=6256

    That rules was showing quite OK for working in Shareaza + Agnitum OFP all this years as you can see here in details:

    1. Allow Outbound TCP for shareaza.exe to 80-83, 443, 1080, 3128, 8080, 8088, 11523:

    - Where the PROTOCOL is: TCP
    - and where the DIRECTION is: Outbound
    - and where the REMOTE PORT is: 80-83, HTTPS, SOCKS, PROXY: 3128, PROXY: 8080, PROXY: 8088, AOL_4
    - Allow it

    2. Allow Outbound TCP for shareaza.exe:

    - Where the PROTOCOL is: TCP
    - and where the DIRECTION is: Outbound
    - Allow it

    3. Allow Outbound UDP for shareaza.exe:

    - Where the PROTOCOL is: UDP
    - and where the DIRECTION is: Outbound
    - Allow it

    4. Allow Inbound TCP for shareaza.exe to 4661-4663, 6346-6348: (This is for share your files, so you can pick up Allow it / Not Allow)

    - Where the PROTOCOL is: TCP
    - and where the DIRECTION is: Inbound
    - and where the LOCAL PORT is: 4661-4663, 6346-6348
    - Allow it

    5. Allow Inbound UDP for shareaza.exe to 1025-65536:

    - Where the PROTOCOL is: UDP
    - and where the DIRECTION is: Inbound
    - and where the LOCAL PORT is: 1025-65535
    - Allow it

    6. Block Inbound TCP for shareaza.exe to 1-1024:

    - Where the PROTOCOL is: TCP
    - and where the DIRECTION is: Inbound
    - and where the LOCAL PORT is: 1-1024
    - Block it

    7. Block Inbound UDP for shareaza.exe to 1-1024:

    - Where the PROTOCOL is: UDP
    - and where the DIRECTION is: Inbound
    - and where the LOCAL PORT is: 1-1024
    - Block it

    ---------------------

    Now, the same need to be modified for ESS...

    On the other hand for µTorrent they just use automatic rules in Agnitum OFP...

    --------------------

    What I need now is opened suggestions, advice or finished rules that will suites in whole new ESS but for Shareaza, and on the other hand, for µTorrent Software...
    Of course, connotation is on more safety using of this Software that will be more grater, than using just the automatic ESS rules here...

    If you have any advice, suggestion, rules, smart idea, please post it here.

    THANK YOU IN ADVANCED!

    CHEERS!
     
    Last edited: Jan 26, 2008
  2. brunos

    brunos Registered Member

    Joined:
    Jan 5, 2008
    Posts:
    20
    Re: Shareaza, µTorrent + ESS advanced rules 2

    Well, I think that I found something at least concerning µTorrent Software..
    It might help somebody, because its works on my test machine...



    As a general rule basically for all torrents, you should allow Inbound Connection (both for UDP and TCP Ports) but with Restrictions to those ONLY ports that your Torrent Software uses and in the same time, your Router...
    On the other hand it is advisable to use any ports available for Outbound Connection (both UDP and TCP Ports), and that means a range from 0 to 65535.


    In the same time, concerning the particularly µTorrent Software right now, it is generally recommended to not use any Local Port for it in the range
    6881-6889!
    In the same time also, µTorrent Software luckily use only one single port for Inbound Connections!
    You can setup in µTorrent Software Properties / Preferences any number for that only one and single Inbound Connection port, but it is advisable
    that the number of that port will be above 10000 and some refer the number even more than 20000...
    According that, for Security reasons, it is also advisable to block all Inbound connections on UDP & TCP Ports, from Local Port 0 to 1024.


    --------------------------------------------------------------------

    So the tasks are:

    1. First open µTorrent Software Properties / Preferences and setup (for just example here), Inbound Port number: 20145. You can locate this section in µTorrent Properties / Preferences - Connection - Listening Port: Port used for incoming connections window...
    After that modification, close the µTorrent Software that changes made effect!!!

    2. After that open your Eset Smart Security (ESS).
    Go to Advanced Setup (F5) - Personal Firewall - Rules and Zones - lower Setup button on the right when it writes "Zone and rule editor (setup)"
    Now here you can locate your "µTorrent.exe" file...
    There is a little arrow sign on the left side by the name µTorrent.exe file, so click on that arrow sign and the extender will show all the settings for µTorrent.exe file here.
    Right click on that µTorrent.exe file and you will get 2 options (that will be visible ONLY if you are in Interactive ESS Mode / User and predefined rules):
    a) Create - New rule
    b) Create - Rule for the given application

    I do not know why Eset create the a) option at all here, but the b) option mentioned just here is definitely what we need now...

    If you previous engage µTorrent Software on your PC before all of this settings, probably you will be seen a two rules for that application here:

    a) Allow communication for µTorrent.exe:

    Rule name: Allow communication for µTorrent.exe
    General: Direction: Out Action: Allow Protocol TCP _UDP
    Remote side: For every
    Local side: For every port
    Application: C:\Program files\uTorrent\uTorrent.exe


    b) Allow communication for µTorrent.exe(2):

    Rule name: Allow communication for µTorrent.exe
    General: Direction: In Action: Allow Protocol TCP _UDP
    Remote side: For every
    Local side: For every port
    Application: C:\Program files\uTorrent\uTorrent.exe


    If we closely see this, the b) rules here is not OK - meaning that everything is open in Inbound section!!! That is not OK for security reasons, and especially with the ironic fact that the µTorrent Software use only one and single Inbound Port number (in this example here, already mentioned: 20145)!


    On the other hand, here in a) and b) rules we cannot found any rule that specifically says that any Inbound ports from value 0 to value 1024 will be completely blocked from entering into our computers...

    So we will now create definitely and finally the rules for everything here:

    a) Allow communication for µTorrent.exe: (EXACTLY AS BEFORE)

    Rule name: Allow communication for µTorrent.exe
    General: Direction: Out Action: Allow Protocol: TCP _UDP
    Remote side: For every
    Local side: For every port
    Application: C:\Program files\uTorrent\uTorrent.exe


    b) Allow communication for µTorrent.exe(2):

    Rule name: Allow communication for µTorrent.exe
    General: Direction: In Action: Allow Protocol: TCP
    Remote side: For every
    Local side: 20145
    Application: C:\Program files\uTorrent\uTorrent.exe


    c) Allow communication for µTorrent.exe(3):

    Rule name: Allow communication for µTorrent.exe
    General: Direction: In Action: Allow Protocol: UDP
    Remote side: For every
    Local side: 20145
    Application: C:\Program files\uTorrent\uTorrent.exe


    d) Allow communication for µTorrent.exe(4):

    Rule name: Allow communication for µTorrent.exe
    General: Direction: In Action: Deny Protocol: TCP _UDP
    Remote side: For every
    Port range: 0-1024
    Application: C:\Program files\uTorrent\uTorrent.exe

    -----------------------------------------------------------------

    HOW I CREATE THIS RULES IN ESS?:

    Well, it was simple, although this is completely new Suite's Firewall, you cannot found any useful instructions, and I read all official manuals for it...

    Let just go back into the upper text where I wrote the:

    a) Create - New rule
    b) Create - Rule for the given application

    We will pick here the b) option. That will instantly leads as via "New rule" window. The "General" and the "Local" label here what is interesting for all the µTorrent Software concerned now... You can figured easily that you can pick up:
    - Direction in any way: Inbound / Outbound / Both.
    - Action is Allow / Deny.
    - Protocol is TCP (only) / UDP (only), TCP & UDP / ........
    With all of this just mentioned options, just modified the above a), b) c) d) rules...

    Now, "Local" label is more interesting here....
    Press here the "Add Port" button, and type here in the "Number" window the above example number for uTorrent Software Inbound connection: 20145 (do not select any port value here, just type the number and press "OK" here).


    So, finally, how to block a range of Inbound ports from 0-1024?
    In that same "Local label, just press the "Add port range" button. You will see an upper "Number" window and bellow "Number" window. On upper type "0" and on bellow window type "1024" and press "OK", than again press "OK" and bingo, you create a new rule :)

    ---------------------------------------------------------------

    Of course, in all that you must respect the procedure from a) b) c) d) rules above, and not doing the rules on any other way, for example first create the b) rule here, than a) , than d) and c) the last... That can lead in some problems in many Firewalls on the market, yet I am not sure that it is also with ESS here...


    Finally I am still not sure what it means by:
    Remote side: For every

    ---------------------------------------------------------------

    I am a quite quick writer...
    I always put my self in front of the totally unexperienced readers...
    It is pretty much that the Professional can understand all of this instructions and put in less than 5 sentences... Yet, the professional might accommodate on this very detailed and huge explanation, than vice versa, to totally unexperienced users... In that case, the unexperienced users is on first place of my priority and this text is suitable mostly for them :)
    The Professionals would not mind that :)
     
Thread Status:
Not open for further replies.