What does CHX-I do and where can i download it?

Discussion in 'other firewalls' started by tom772, Aug 7, 2005.

Thread Status:
Not open for further replies.
  1. tom772

    tom772 Guest

    hey,

    Ive been looking for a packet filter to go along my firewall, and while looking through threrads at Wilders i came across 'CHX-I. Some of what i have read is very interesting and i would really like to download this program and test it.

    I do have a couple of question though;

    >Does it work with most firewalls?

    >Is it easy to configure?

    Thank you for all the replys i receive

    Tom
     
  2. dog

    dog Guest

    Here's their site - http://www.idrci.net/ ... I can't answer any of your questions because I haven't ever used it. :doubt: It's free for presonal use, but it looks like you need to register it. ;)
     
  3. Tom772

    Tom772 Guest

    Cheers Dog!!-man ;)
     
  4. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    if u use CHX-I + a firewall for applicaiton control, there is a good chance you will need to disable some componenets of the firewall for everything to run smoothly.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    for LnS its pretty easy, just disable internet filtering.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Tom - CHX-I works fine with every other firewall I have used it with, and there have been many, trust me. :) Never had one conflict of any kind whatsoever. If you have internet filtering enabled on both firewalls, then the other firewall will usually get the incoming traffic first, with CHX-I catching anything the first firewall allows thru. Most of the time this will just be misc packets that the first firewall allows, but CHX blocks due to slightly stricter SPI in CHX. So this means you will see most of the blocked activity in the other firewall's logs, with a few misc packets in the CHX logs.

    Best thing is to install CHX and then run another firewall just for the app control, with internet filtering disabled if possible. You can disable it in ZA and LnS, so those 2 would work well with CHX. You can also use Jammer (from Agnitum/Outpost people), which would just give you basic app control, however Jammer is no longer supported and you'd have to find a cracked copy of it to use it past the 30 day trial period (and of course I would not recommend that :) ). I think they have it on their site mostly in hopes that people will try it and then buy Outpost.

    You can (if you want) also run any other firewall with CHX and have both of them filtering internet traffic, however, this is slightly wasteful and would basically be double filtering all your port 80 browsing traffic and so on. Not as efficient, but still possible without problems nevertheless.

    Is CHX easy to set up? It's fairly simple if you spend a little time and read thru the Online Docs to get a quick overview of how it works. First time I tried it, I just downloaded the sample rule set and then modified it for a few dhcp oddities I had here. Make sure to turn on SPI for all protocols in the Properties menu of the Interface Filters. Just read the docs and that will help a lot.
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Your current firewall does not do packet filtering?

    Any particular reason you feel you need more than one software firewall?

    The way rules work/are applied in CHX-I takes a little different approach than some other rule based firewalls so reading the help file and understanding this is important.

    Regards,

    CrazyM
     
  8. Tom772

    Tom772 Guest

    I am behind a router, but some times packets seem to slip through and get caught by my software firewall, so i was looking for a packet filter to stop this from happening. Not sure why this happens, as a result i dont totally trust the router - seems to be a result of a firmware upgrade.

    I have looked at the instruction and help files, at first it does look at to get my head around, but i think i could probably figure it out.

    http://www.idrci.net

    I also noticed they do a CHX-I NAT filter, has anyone used this or should i just stick to the regular one?

    Thank you all,

    Tom
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,780
    Tom, if you already have another software firewall running and it catches what your router let's thru, then I don't think you really need anything else there.. CHX-I is great, but it would just be duplicating what your other software firewall is already doing. No need for 2 programs.
     
  10. Kreator

    Kreator Guest

    [QUOT]I am behind a router, but some times packets seem to slip through and get caught by my software firewall, so i was looking for a packet filter to stop this from happening. Not sure why this happens, as a result i dont totally trust the router - seems to be a result of a firmware upgrade.[/QUOTE]

    No software firewall will catch inbound traffic from behind a ROUTER. Unless, you are set up from behind a DMZ... If you don't trust your router (or need a better one!) Set your private ip up to a DMZ. Then have a good SPI packet filter or an adequate software firewall that does simulated spi like Outpost....
     
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you have any samples from your logs as to what is showing up at the software firewall? Unsolicited inbound packets should not be making it past the router.

    By all means check it out if you want to replace your current software firewall. I just don't recommend running more than one.

    With a router in place which is doing NAT there would be no need to run this on a system behind it.

    Regards,

    CrazyM
     
  12. Tom772

    Tom772 Guest

    It does happen when i update programs but i think that kinda normal. It also happens when i browse some sites and the pages take along time to load, which results in my software firewall catching or stopping the dropped packets.

    These are some unsolicated packets stopped by my firewall>(removed my Ip and last part of the incoming Ip)

    2005/08/06 20:08:51 67.15.82.*:80 ****:3071 Port 3071 (TCP)
    2005/08/06 20:07:46 67.15.82.*:80 ****:3071 Port 3071 (TCP)
    2005/08/06 20:07:02 66.201.*.145:80 ****:3146 Port 3146 (TCP)
    2005/08/06 20:05:42 67.15.82.*:80 ****:3071 Port 3071 (TCP)
    2005/08/06 19:51:59 204.11.*:80 ****:2518 Willy
     
    Last edited by a moderator: Aug 9, 2005
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Those would appear to be valid return traffic permitted by your router that your software firewall is denying (possibly because it considers them late/out of state). What suggests this in the logs is the source port 80 (HTTP - web browsing) and the destination port being within the normal ephemeral port range (1024-5000 - the local ports used by your OS when initiating outbound connections).

    Without the full source IP's I could not say for certain, but you should be able to confirm by looking up the source IP's (Who Is or RDNS) and they will likely come back to a site you visited online. Or if you router and/or firewall logs outbound connections, you should see the outbound connections prior to those entries.

    Short answer: Those are not unsolicited inbounds and nothing appears to be getting past your router ;)

    Regards,

    CrazyM
     
  14. tomm772

    tomm772 Guest

    Thank for your help CrazyM, i did a Whois at samspade.org and the web address that relate to the IPs i have never been to, good thing is though is my firewall is block these packets:)

    Cheers for your help,
     
    Last edited by a moderator: Aug 9, 2005
  15. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Keep in mind that when you visit web sites that the content on the page(s) could be coming from multiple servers, not just the one you used to get there. So when doing a WhoIs or RDNS they may not always come back to the actual site (URL) you are familiar with.

    Example: connecting to something like yahoo.com and checking my router logs showed a total of 8 outbound HTTP connections. Two of the IP's came back to Yahoo, but the remainder were to other carriers and associated to Akamai servers providing content.

    I still doubt if unsolicited inbound packets are getting past your router, but you would need complete logging ability to trouble shoot this and would depend on whether your router and/or software firewall provide this.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.