Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Smokey's Security Forums is now able to help Spanish customers in their native language.

Los Foros de Seguridad de Smokey están ahora ofreciendo ayuda a clientes cuyo lenguaje natal es el español.

Análisis de registros utilizando OTL - Eliminación de Programas Maliciosos, Programas de Mercadeo y Popups & Limpieza del Sistema Operacional




Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: Jetico firewall ~Basic popups  (Read 1731 times)

0 Members and 1 Guest are viewing this topic.

TommyTopic starter

  • Jetico Forums Team Leader
  • Administrator
  • *
  • Offline Offline
  • location: Buenos Aires - München
  • Posts: 1101
  • .: Stranger in the night
    • WWW
(No subject)
« Reply #2 on: December 29, 2006, 03:13:33 PM »
When you first start your browser to connect to the internet, you will receive a popup from Jetico to inform you that your browser requests "Access to Network". To save the number of rules created, you can use the preset "Web Browser" rules. These rules are only the basics needed, but will allow you to connect to the internet. So from the popup, you would select "Handle as" -> "Web Browser"



In my example, I am using Firefox, but the "Web Browser" rules are o.k. for any browser you are using.
You can also use this ruleset for most of your updaters, as example for you AV updater.

TommyTopic starter

  • Jetico Forums Team Leader
  • Administrator
  • *
  • Offline Offline
  • location: Buenos Aires - München
  • Posts: 1101
  • .: Stranger in the night
    • WWW
Jetico firewall ~Basic popups
« Reply #1 on: December 27, 2006, 05:51:17 AM »
Here we will show some of the popups you will see after installing Jetico. These may not be all you will see, as it will depend on your own setup and applications on your PC that may require internet access. This is simply to give you an idea of what to expect, and how to handle the basics.





The above pic shows one of the popups to expect for DHCP, the remote IP in the pic is actually my router. If you are connected directly to the internet, then this would be the IP of your ISP DHCP severs, and you need to allow these, or you will lose internet connection.

Dhcp client
Service Name: Dhcp
Process Name: svchost.exe -k netsvcs
Microsoft Service Description: Manages network configuration by registering and updating IP addresses and DNS names
(This is how your computer gets a Dynamic IP address so you can connect to the internet. If Internet Connection Sharing is enabled, you need DHCP Client. Also required for most DSL/Cable connections.)

UDP Ports 67:68
Allow UDP Local port 68 Remote port 67
_________________________________





Windows Time Service
Service Name: W32Time
Process Name: svchost.exe -k Netsvcs
Microsoft Service Description:  Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
(If you like to synchronize your PC clock to a time server, this is one way to go)

UDP Port 123
Allow UDP Remote/local ports 123 (time.windows.com)
_____________________________________________



Help and Support Service
Service Name: helpsvc
Process Name: svchost.exe
Microsoft Service Description:  Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
(some like this service, and its ability to connect out to microsoft for help, but please note, this does not need to connect to the internet to work correctly, and is optional)

TCP outbound, Ports 80:443
Allow TCP (outbound connection): Local ports 1024-4999: Remote Ports 80:443
___________________________________________________________



SSDP Discovery Service (UPnP)
Service Name:  SSDPSRV
Process Name: svchost.exe -k LocalService
Microsoft Service Description:  Enables discovery of UPnP devices on your home network.
(This is NOT the Plug`n`play as you may at first think, this is used for finding external devices. Example is a Router which can be UPnP, applications can, by using UPnP open inbound ports (port forward), this was possibly a good idea for ease of use, but can also be used by Trojans etc)
I have alway advised that this service should be disabled, if you are not sure how to disable this, then ask, but you should block these comms.

_________________________________________________________


Now, this is just one of the popups you would receive for netBIOS, this is used mainly for filesharing. This is o.k. if you are sharing files on a home network(LAN), if not, or if you are connected directly to the internet, then you should block these comms. (you would actually be better to disable netBIOS in the Advanced TCP/IP setting.)

The range of ports used for netBIOS are:-
IN/OUT datagrams on local/remote ports 137/138
IN/OUT connections on local/remote port 139
Port 445 is also used for "Microsoft Directory Services"(or SMB)
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved

Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    

  

Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services in English, German and Spanish language
OTL (OldTimer ListIt) is a flexible, multipurpose, diagnostic, and malware removal tool, it also has some curative ability

Microsoft Security Info & Alert Center: all released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities, in real-time