Jetico making me crazy.

Discussion in 'other firewalls' started by aigle, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    I have never used a Dcc client but I would set them up in the handle as application trusted zone and only allow what needs to be allowed!


    I think you would need to make some rules in the system internet zone table in Jetico, one for TCP, and one for UDP? I'm sure Stem will be able to help with this? See these links below!


    See this guide here on dcc as it may help with setting it up and with a firewall!

    http://www.dc-resources.com/guide.htm



    The outpost thread has more info on setting up ports and TCP and UDP and using a router/firewall with a link to dslreports!


    http://www.outpostfirewall.com/forum/showthread.php?t=7900

    http://www.dslreports.com/faq/6518
     
    Last edited: Mar 17, 2006
  2. Fumens

    Fumens Registered Member

    Joined:
    May 5, 2005
    Posts:
    23
    Stem,
    exactly what I meant, but I confused where I have to put DNS server and do I still to put my IP address?

    I believe that for DNS (UDP) there is no need to set the direction, correct me if I'm wrong. And if I able to set the rule allow DNS resolve, do have to make one to block unnecessary DNS (UDP/TCP) traffic?

    thank's before
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Fumens,
    The rule I showed you in post #74 is for outbound DNS, the first rule having a destination of "Name server". The "Name server" is the stored addresses of your "DNS" servers that are issued via DHCP by your ISP, (or if you use a fixed IP then this is from the info you have entered yourself) Note that this is NOT your IP, but that of your ISP DNS servers. (If you are connected to the internet directly (and not via a router or proxy), you can call up this info by:- Go to windows "Start".....Run,...and type "CMD".... click o.k. This brings up a dos window, at the Dos prompt type... IPCONFIG /ALL ...(leave a gap between the G and /) and press enter/return key. This will bring up a list including your DNS server IPs (The info shown in this list is what Jetico uses)

    With most fiewalls, this is correct, as UDP is connectionless, but Jetico uses SPI (Pseudo state (a timeout for the reply to be made from the outbound packet)) for UDP so a direction is required (the inbound (DNS) is not required, unless there is a late reply from your servers, if a late reply is made, then the packets will be dropped, so the inbound is there by default to allow for this.)

    All packets are processed untill an "allow", "block" or "Ask" rule is found. The last rule in Jetico is to "block all non-processed packets" (so if you have not set an "allow" or "ask" rule for a packet, then the packet will be dropped.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hann, khazars,...
    I do not use DC++,... I have set up rules for this (for other users) in other firewalls, but cannot find my notes on this. I know that certain rules will depend on the users settings within DC++ for UDP and TCP. I have been to http://dcplusplus.sourceforge.net/ to find info on any other ports required, but as you will find from the link, the website is down for maintenance.
    When I have time,(later tonight I think), I will see what info I can find (as once I can confirm all udp/tcp ports used, a ruleset will be easy to create)
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hann (1/pt1)

    I have created 4 rules for DC++ (info taken from the DC++ help files)
    To enter these rules, open Jetico....configuration tab....select "ask user" then right click the blank area and select new_application rule (see pic) Do this to enter the 4 rules (see pic on next post for the 4 rules)_
    I have not created a new table etc. for these rules (to save confusion) just ensue that you place the application into the rule so only that App can use the rule.
    I did install DC++ to test the rules, and all o.k., but after logging on to an "Hub" I was informed I did not have enough file to share (well,.. I didnt set up any files to share) and I was disconnected.
    If you get any popups while using DC++ let me know (take a note of the connection request) and also check the log to see if any packets are lost.
     

    Attached Files:

    • top.jpg
      top.jpg
      File size:
      111.4 KB
      Views:
      4,623
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hann (1/pt2)
    Here are the 4 rules for DC++ (if you are behind a router, then you must forward the ports 1025-32000)
    These rules are created for the default setup of DC++, if you enter ports yourself outside this range of 1025-32000 then the rules will need adjustment
     

    Attached Files:

    • main.jpg
      main.jpg
      File size:
      157.7 KB
      Views:
      4,636
    Last edited: Mar 17, 2006
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hann (1/pt3)
    An edit on the rules (one to add). Have connected up to do full test on the rules, and outbound datagrams pops up now and again, so I am adding this rule. If anything else shows up,.... I will post the revision
    (I have connected for uploads/downloads to see if anything else is needed)
     

    Attached Files:

    • new.jpg
      new.jpg
      File size:
      60.6 KB
      Views:
      4,516
  8. DaveJJJ

    DaveJJJ Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    3
    Could someone take a moment to just explain the logical flow of the configuration menu? I mean I don't grasp it at all. For example there are three main entries; "Optimal protection", "Allow all", and "Block all." Would it be possible to add another main entry? Maybe "Block all but Log events?"

    Thanks!
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Take time to read the Jetico help files, which explain this.

    This is in the help file, but not explained very well.
    As you want to add a "block all with logging", you should re-load the block policy, and then add a rule (within the new poicy) to block applications with logging (and then re-name the policy)
     

    Attached Files:

  10. DaveJJJ

    DaveJJJ Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    3
    Ok, I admit that there is a lot in the help file when you fully expand all the hierarchy, but it isn't very readable to me. For example in the "Optimal protection" setup I see no need for the four trusted / blocked zone tables. Instead of simply issuing a decision they have these four tables which each contain only one unconditional entry -- accept or reject. Why bothero_O Also why end these tables with a continue?

    3/19 11am -- I did finally get a "blocked with IP logging" mode working -- but so far that is the only thing I have working.

    3/19 1pm -- I had a hard crash occur and had to uninstall and then reinstall Jetico. A few more crashes like that one and Jetico will be history.

    3/20 9am -- After cleaning Jetico out of the registry and then reinstalling it seems to be working, but attempts to get event logging have yielded erratic results in the log.
     
    Last edited: Mar 20, 2006
  11. controler

    controler Guest

    I am on the road alot with my laptop, so am using the motel router-cable modems. The thing I do noy like is when I have to use their unsecured wireless connections.

    My question is will Jetico drive me nuts with pop-ups everytime I switch motels?


    thankyou


    con
     
    Last edited by a moderator: Mar 21, 2006
  12. Hann

    Hann Registered Member

    Joined:
    Mar 14, 2006
    Posts:
    6
    Thank you all for help. I was away for a few days but I'll setup the new rules tonight and let you know how's going.
     
  13. DaveJJJ

    DaveJJJ Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    3
    So far my impression of Jetico is that it has two problems. #1 is that it seems to cause my pc to crash occasionally, or not shutdown or boot up cleanly. #2 is that it would be annoying to use if you want to manually grant permission to programs because of the multiple popups. For example if you want to manually approve your anti-virus each time it wanted to download an update. I also had to install Jetico twice before it issued its popups properly without a delay. For use on the road at hotels/motels I can't think why Jetico would be too different.
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,014
    The old Jetico that's available now has some quirks I think. I recently installed it to have another look after a long time and found that it sometimes gets stuck in infinite loops on the popups. At first I thought it was just asking a lot like it usually does, but after about the 12th time I realized it was just looping on one of the 'attacker' popups and the only way to exit was to shut down everything and reboot. Then it was ok, but I just can't live with that kind of nuisance stuff going on. It might be the best on leak tests, but it is also without a doubt the most annoying of them all. Still needs some work, hopefully version 2 upcoming will resolve some of the old standing problems.
     
  15. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    hi all.
    i just installed jetico and just wanted to say i love it to bits :eek: :eek: :eek: :eek:

    much better than my old zonealarm :ninja: :ninja:

    very easy to use and make rules very good software A++++++++++++++++++

    :thumb: :thumb:
     
  16. clansman77

    clansman77 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    234
    Location:
    kochi,kerala,india
    installed this firewall.i must say very good one indeed.this thread and the help file will help anyone to configure jetico properly.lightweight and rule based.looking forward to version2.this one is a keeper:thumb: thanks everyone who contributed to this thread..
     
  17. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Was about to install Jetico over Kerio 2.1.5, but I guess I will be waiting for v2.
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Just to go a little OT, this is not the case with Outpost - if a program is made a Blocked Application, it is not permitted access to loopback at all (unless a global rule is set with the High Priority/IgnoreCC option, see Outpost Rules Processing Order for more details).
    My experience has been that the only Windows programs that require network access are services.exe (for Windows 2000) and svchost.exe (for Windows XP). If you are using Windows' Internet Connection Sharing then alg.exe will need access also.

    Only if your PC is part of an Active Domain (this only applies to business users running Windows Server) should lsass.exe, etc need access as per Microsoft's Service overview and network port requirements for the Windows Server system guide - they can (and should) be blocked otherwise.
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I think just to clear up any possible confusion, when Jetico blocks an App, it blocks that App completely from the network and local sockets (this is possibly where it appears a number of O.S. Apps require net access, when they only need the ability to access local sockets) I have attached an image of a log from Jetico, (all system was on logging). I simply started up Firefox to a blank page. Now if any of these O.S. Apps where blocked in Jetico, then no access would be allowed to Firefox.
     

    Attached Files:

    Last edited by a moderator: Apr 15, 2006
  20. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If I block all O.S. Apps from access, then try to connect, (I attempted connection to here at Wilders), then the attached image shows the result. (csrss is the first O.S. app that is blocked, which as a knock on effect, and stops firefox from being allowed access.)
     

    Attached Files:

    Last edited by a moderator: Apr 15, 2006
  21. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Use application trusted zone more for programs you know are safe and you won't get nearly as many pop-ups.
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The error reported is consistent with a failed DNS lookup - DNS lookups are performed by svchost in Windows XP if you have the DNS Client Service running (disabling this should result in firefox itself makng the DNS request).

    As for the Client-Server Runtime Subsystem (csrss.exe) being reported as being blocked, this is Windows' process and thread manager so Jetico may be preventing it from accessing svchost (or any other connected process) resulting in this failure. Csrss.exe itself does not need network access and should never send or receive network traffic.
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    DNS client is disabled (always as been, due to using large hosts file).

    The O.S. Apps where blocked from net access only. I do not use Jetico process attack filter, as I use PG.
     
  24. Fumens

    Fumens Registered Member

    Joined:
    May 5, 2005
    Posts:
    23
    Hi Stem,
    I have some questions regarding Jetico ruleset. I tried to make a ruleset for bittorrent client and it works, feel great. But I don't know how to make a ruleset for Yahoo Messenger and MSN, tried to make one but everytime I start the application another pop up window. It seems I have to allow it everytime or put it in the application trusted zone. Is it save enough to do so?

    Another question is I can't find a way to make an IP range in the ruleset box. Does Jetico has this feature?


    Thank's before
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Fumens,
    This is more of an experiment to see if I can upload a config file for jetico, (and then it can be downloaded and used).

    I have created a ruleset for Yahoo messenger (not tested, as I do not use Yahoo), but if you want to try it, then please post back info on any blocked packets. (there is a rule to block all non-processed packets at the end of the ruleset, which will log).

    Download the attached yahoo.bcf.txt file, and place this in the Jetico / config directory. You will then need to remove the .txt extension. (you may need to go in explorer / tools / folder options / view .... and untick "hide extentions for known file types")


    More instructions to follow:-....
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.