Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[anan321]

If I want to block network addresses with JPF, I select "Groups --> Blocked Addresses --> Edit --> Add" and enter the address range. This is ok. What is not ok, is that I can not comment the entry I just made. I have no option to name that network address, so next time I see it in the list I wonder what the heck might that address range be and why have I blocked it.

Request: Please add possibility to name or comment entries in the grous lists.

[egandt]

It would be nice if there was an option in the pop-up dialog box, when a process attempts to access the internet to do an NS lookup at least, since manually performing this operation is just annoying.

ERIC

[Tommy]

That's in the moment not possible with Jetcio v2 directly (but with some browser).
For Jetico you have to do that manualy, Find out the whole IP range by using IP Whois. This gives you the full IP-Range and add them into the 'Blocked Adresses' Group.

P.S. It's easier with Firefox, or Opera itself.

[Gerard]

I'd like to see a way to add DNS names to lists. For instance: I want do block all ads by doubleclick. Problem is, they use many servers, in many IP ranges, some seem totally unrelated.
It would therefore be great to be able to add *.doubleclick.net to the blocked addresses.

Or is it is already possible?

Kind regards,

  Geri

That is possible depending on the browser you are using.

Gerard

[Geri]

I'd like to see a way to add DNS names to lists. For instance: I want do block all ads by doubleclick. Problem is, they use many servers, in many IP ranges, some seem totally unrelated.
It would therefore be great to be able to add *.doubleclick.net to the blocked addresses.

Or is it is already possible?

Kind regards,

  Geri

[Manii as Guest]

Jetico should save the window layout. I always move the 'application' column to second position (since 'description' is useless here) but everytime system is restarted positions are reset.

[Geri]

I would like to see a way to monitor the firewall (things like currently opened connections, network throughputs, firewall statistics, etc.) exposed outside the UI, by means of an API or a WMI interface.

I know, this probably won't be a priority, and maybe not a very popular feature, but might help administrators, and semi-control freaks like me.
It never hurts to ask...

   Geri

[PeterPaul]

Whois/reverse DNS feature request

Often it is hard to identify who the connection comes from or goes to. Knowing who the app wants to communicate to is helpful in determining malicious intent.

When the requester pops up with a remote IP, it would be very good to have an option to display the IP together with a reverse DNS lookup which could also be logged.

Additionally it would be desirable to be able to search for the IP upon double-click with a configurable whois or other search.

Named Port Ranges in  Groups feature request
Similar to the named IP-Ranges in the Groups tab, it would be helpful to be able to define named ports and port rages to be used/displayed in rules and requesters instead of port numbers.

[anan321]

Feature request:

Colors used for various events in a log window should be clearly visible in the log_level drop down menu beside the name for that particular log_level. Also, colors representing different levels of logging should be user definabe.

Cosmetic, really, but helpful IMHO.

[PeterPaul]

Integration of an ipfilter blocklist:

Kind of you find here:
Tab 'Groups' -> IP adresses -> Blocked adresses (the right window)

The idea of the possibility to download and existing blocklist with update feature is not a bad idea.

I know, I have seen that feature, so in principle it should be easy to integrate a downloaded blocklist. The existing interface does not allow to enter tens of thousands of address ranges that a typical p2p blocklist contains.

Also some form of optimization will probably be necessary, if the firewall is not written to handle such large lists. Otherwise everything will slow down like when using the comparable Outpost-firewall blocklist plugin.

[Tommy]

Integration of an ipfilter blocklist:

Kind of you find here:
Tab 'Groups' -> IP adresses -> Blocked adresses (the right window)

The idea of the possibility to download and existing blocklist with update feature is not a bad idea.

[PeterPaul]

Integration of an ipfilter blocklist:

The firewall would certainly be the best place to integrate an ip-filter blocklist, rather than having a separate app such as PeerGuardian2. An auto-updater should be included, too.

This would be useful for anti-P2P blocklists as well as malware blocking from known sites.

[egressor]

Exactly!  So let's say you get a svchost receive datagram on local port 1026 (CAP, calendar access protocol),  for what service is this meant?  Hard to say.

So I have three rules now for it DNS CLient, w32Time, and a block rule where I block local 1024, 1026-1033, 1434,  1984 and 1986.  Kinda messy.

Also noticed a problem with the DNS client rule.  I just recently understood why it  periodically went invalid.   When i renew my IP (dialup disco )  the Group IP address/name server becomes empty.  As a result since it is empty the DNS Client rule fails and turns invalid.  Upon reconnect the rule remains invalid, and cannot be made valid again unless you manually click the checkboxes.

Sure hope this gets fixed since I have to keep an explicit rule set just so that the DNS doesn't fail.

BTW anyone up for sharing some cool rules?  Maybe a topic dedicated to just this?

[pcaca]

Recently I've made some rules for svchost after noticing that my computer clock was slow by more than 2 hours  

So I created a new table for w32time.  I specified an ip and a port (123).

However creating rules for svchost is a real pain since it runs so many services.

What i'd like to see is someting like the output from tasklist /svc, where the services run by svchost are clearly diferentiated.

I'd seen this in a firewall but I forget which, since i ran most of them at one time or another.

Good point. That would be very useful!

Creating rules for services instead of executable files would be much better, especially for svchost. So, if I create rule for Windows Update Service (HTTP/HTTPS), Jetico will allow HTTP/HTTPS connections only for svchost.exe instance which is runing Windows Update sevice and other istances like DNS Client should be denied from accessing HTTP/HTTPS. This way we will have better security and better organization of rules.

[egressor]

Recently I've made some rules for svchost after noticing that my computer clock was slow by more than 2 hours  

So I created a new table for w32time.  I specified an ip and a port (123).

However creating rules for svchost is a real pain since it runs so many services.

What i'd like to see is someting like the output from tasklist /svc, where the services run by svchost are clearly diferentiated.

I'd seen this in a firewall but I forget which, since i ran most of them at one time or another.