Welcome to the Comodo Forum
Welcome,
Guest
. Please
login
or
register
.
January 08, 2010, 02:16:16 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
348879
Posts
38569
Topics
87691
Members
Latest Member:
gismoz
more news...
Search:
Advanced search
|
Tag Cloud
Welcome to the Comodo Forum
Archived Boards
Comodo Firewall
Help for v2
Advanced rules for Proxomitron essential or not ?
« previous
next »
Pages:
1
[
2
]
Author
Topic: Advanced rules for Proxomitron essential or not ? (Read 4151 times)
hilmi
Comodo Family Member
Offline
Posts: 98
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #15 on:
February 25, 2007, 09:00:12 AM »
Toggie, I was not testing Proxomitron for leak test. But when I started using proxo it started getting thru, maybe I did stg wrong. That's what I was asking about. Sure I would like to use it, but if it is somehow insecure then I'd prefer to leave it out. FYI I had UDP and TCP skip loop-back unchecked all the time.
Hilmi
Logged
XP Pro SP2, cable modem, Nod32, SpyWall, COMODO
Mr. Bean
Legendary
Global Moderator
Comodo's Hero
Offline
Posts: 7709
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #16 on:
February 25, 2007, 09:16:12 AM »
Toggie, now that your other
thread
is marked resolved, do you think it would benefit proxomitron users to follow your specialized rules?
Logged
Quill
Volunteer
Global Moderator
Comodo's Hero
Offline
Posts: 2731
Follow the White Rabbit...
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #17 on:
February 25, 2007, 12:55:00 PM »
Quote from: hilmi on February 25, 2007, 09:00:12 AM
Toggie, I was not testing Proxomitron for leak test. But when I started using proxo it started getting thru, maybe I did stg wrong. That's what I was asking about. Sure I would like to use it, but if it is somehow insecure then I'd prefer to leave it out. FYI I had UDP and TCP skip loop-back unchecked all the time.
Hilmi
Hilmi, I'm not exactly sure what you mean by "But when I started using proxo it started getting thru"? Do you mean you were getting prompts from CPF to allow Proxomitron to connect?
If you had 'Skip Loopback' for TCP and UDP unchecked you will receive requests from any application that requires loopback, unless there are loopback rules defined for that application.
Toggie
Logged
"Well, I've wrestled with reality for 35 years, Doctor, and I'm happy to state I finally won out over it."
Forum Policy
Quill
Volunteer
Global Moderator
Comodo's Hero
Offline
Posts: 2731
Follow the White Rabbit...
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #18 on:
February 25, 2007, 01:01:01 PM »
Quote from: soyabeaner on February 25, 2007, 09:16:12 AM
Toggie, now that your other
thread
is marked resolved, do you think it would benefit proxomitron users to follow your specialized rules?
I can't take any credit for these rules, as most were found here on the forums. However, I am trying to put together, not just rules for Proxomitron, but for a series of applications. To that end I have started another thread here:
http://forums.comodo.com/index.php/topic,6720.0.html
Once I gather the information I require I'll gladly write a complete guide that may benefit other users.
Toggie
Logged
"Well, I've wrestled with reality for 35 years, Doctor, and I'm happy to state I finally won out over it."
Forum Policy
Quill
Volunteer
Global Moderator
Comodo's Hero
Offline
Posts: 2731
Follow the White Rabbit...
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #19 on:
February 25, 2007, 01:20:34 PM »
Quote from: ocky on February 25, 2007, 07:53:10 AM
Yup, it's difficult to decide. I have about 16 allow entries in AppMon only for IE (eg. launching from Opera and other 'Parents'). Making separate loopback rules for everything would be a grind.
I
think
however, that just disabling (unticking) the 'Skip loopback' for TCP option is sufficient, albeit not perfect, as the vast majority of outbound problems occur via the TCP protocol (as mentioned in Comodo user manual).
I only get alerts when some components have changed due to updating programs, patches to IE 7 etc.
I still don't know what to make of PC Flank leaktest. The tap drips but the url
does not
reflect what I typed ??
Proxomitron is too good/great an application to simply discard.
Not being a firewall expert, (more's the pity), tell me if I am talking nonsense.
I can appreciate that creating loopback rules is tiresome, but you may only need a few, dependant upon which applications you use. As I said in my other thread, the rules I have for Proxo are:
Proxomitron.exe 127.0.0.1 8080 TCP In Allow
Proxomitron.exe 127.0.0.1 1024-4999 TCP Out Allow
Proxomitron.exe ANY 80,443 TCP In Allow
Proxomitron.exe (MY ISP DNS1) 53 UDP Out Allow
Proxomitron.exe (MY ISP DNS2) 53 UDP Out Allow
In addition I have two rules in Network Monitor (still testing these though):
Allow TCP In/Out [ANY] 127.0.0.1 1024-4999 1024-4999
Allow UDP In/Out [ANY] 127.0.0.1 1024-4999 1024-4999
Personally I wouldn't use anything but Proxomitron with Sidki's filter set, plus a few personal mods. Its the cleanest way to surf that I have found. Of course Firefox helps too
Toggie
Logged
"Well, I've wrestled with reality for 35 years, Doctor, and I'm happy to state I finally won out over it."
Forum Policy
ocky
Guest
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #20 on:
February 25, 2007, 01:59:08 PM »
Quote from: Toggie on February 25, 2007, 12:55:00 PM
If you had 'Skip Loopback' for TCP and UDP unchecked
you will receive requests from any application that requires loopback
, unless there are loopback rules defined for that application.
Toggie
Yes, exactly. This is what I am confused about. In view of the above why then bother with the advanced loopback rules - unless one doesn't want to be bothered with alerts. In my case the occasional alert for a freshly installed or updated application wanting connectivity is no problem.
I guess I am looking for the lazy mans way of setting up Comodo PF.
Thanks for your detailed contributions Toggie !
«
Last Edit: February 26, 2007, 05:38:05 AM by ocky
»
Logged
Quill
Volunteer
Global Moderator
Comodo's Hero
Offline
Posts: 2731
Follow the White Rabbit...
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #21 on:
February 25, 2007, 02:15:26 PM »
Quote from: ocky on February 25, 2007, 01:59:08 PM
Yes, exactly. This is what I am confused about. In view of the above why then bother with the advanced loopback rules - unless one doesn't want to be bothered with alerts. In my case the occassional alert for a freshly installed or updated application wanting connectivity is no problem.
I guess I am looking for the lazy mans way of setting up Comodo PF.
There is nothing wrong with doing it your way. I guess I'm just a little bit of a control freak
I also like to keep things nice and neat.
Having been testing and analysing over the last few days, I now have 72 individual rules for Avast!!!
That really bugs me
Quote
Thanks for your detailed contributions Toggie !
Your welcome, I hope some of it helps.
Logged
"Well, I've wrestled with reality for 35 years, Doctor, and I'm happy to state I finally won out over it."
Forum Policy
hilmi
Comodo Family Member
Offline
Posts: 98
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #22 on:
February 25, 2007, 06:45:29 PM »
Toggie,
First instance I did the pcflank test I did get alerts. When I denied the first one i could not access the internet site for pcflank to see the test results. And then I tried again but i got confused with the alerts and allowed the alert which was asking for a connection 127.0.0.1:8080. After that every time i ran pcflank test, there were no alerts and pcflank test just kept running thru.
Reading thru here, I understand you run proxomitron and you don't fail the pcflank test. So I will install and try again and let you know.
Thanks
Hilmi
Logged
XP Pro SP2, cable modem, Nod32, SpyWall, COMODO
Quill
Volunteer
Global Moderator
Comodo's Hero
Offline
Posts: 2731
Follow the White Rabbit...
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #23 on:
February 25, 2007, 08:52:24 PM »
Quote from: hilmi on February 25, 2007, 06:45:29 PM
Toggie,
First instance I did the pcflank test I did get alerts. When I denied the first one i could not access the internet site for pcflank to see the test results. And then I tried again but i got confused with the alerts and allowed the alert which was asking for a connection 127.0.0.1:8080. After that every time i ran pcflank test, there were no alerts and pcflank test just kept running thru.
Reading thru here, I understand you run proxomitron and you don't fail the pcflank test. So I will install and try again and let you know.
Thanks
Hilmi
When you received the prompt for 127.0.0.1:8080 (that by the way is the default config for Proxomitron. It 'listens' on 8080 for connections from your browser.) I assume you told CPF to allow and remember. That being so, you will not receive any further prompts unless something changes.
Remember, Proxomitron is nothing more than way to block unwanted web nastyness, such as banners, ads, rogue scripts etc. It also allows one to change the way pages are viewed by inserting CSS into a page.
I have tried the PCFlank (and other) tests and from the results all seems well on my system whilst running CPF, Firefox and Proxomitron.
Toggie
Logged
"Well, I've wrestled with reality for 35 years, Doctor, and I'm happy to state I finally won out over it."
Forum Policy
ocky
Guest
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #24 on:
February 26, 2007, 03:11:13 AM »
Quote from: hilmi on February 25, 2007, 06:45:29 PM
Toggie,
First instance I did the pcflank test I did get alerts. When I denied the first one i could not access the internet site for pcflank to see the test results.
Hilmi
Exactly the same here. Does this not indicate that all is well ? after all CPF prevented the text being sent due to denying the connection. Are we missing something obvious ? I did the following after downloading the executable:-
1. Start IE as you normally would.
2. Enter some text. Click Next.
3. Deny the alert 'iexplore.exe wants to connect to 127.0.0.1 Port 8080 TCP' (Proxomitron localhost)
4. Dripping tap - Failed.
5. Paste supplied url into browser address bar for checking results.
6. Browser cannot display web page.
The leaktest is geared to be used with IE.
Anybody prepared to stick their neck out and assure us that despite the dripping tap, we are safe ??
«
Last Edit: February 26, 2007, 05:34:44 AM by ocky
»
Logged
Little Mac
Global Moderator
Comodo's Hero
Offline
Posts: 6257
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #25 on:
February 26, 2007, 10:18:46 AM »
Any time you do a leaktest, your firewall should prompt you to allow or deny the connection. Given that you are doing a leaktest, you must deny the connection, or else you will fail the test...
When you thus deny the connection, you will of course not be able to access the website to see the results. Before running another leaktest, you need to reboot your computer.
When you are doing a leaktest like this, you're not testing proxomitron, or your browser; you're testing your firewall against unauthorized outbound connections. Depending on the specific test, it will try to exploit
something
, whether that's your browser, email client, etc in order to connect. If you allow the connection in order to see the results, you will of course have failed the test. If you allow with remember, you will create a rule allowing the connection on a regular basis, and will need to manually remove that rule in order to restore your level of security.
LM
Logged
You read my sig block. That's enough personal interaction for one day.
ocky
Guest
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #26 on:
February 26, 2007, 11:27:39 AM »
Quote from: Little Mac on February 26, 2007, 10:18:46 AM
Any time you do a leaktest, your firewall should prompt you to allow or deny the connection. Given that you are doing a leaktest, you must deny the connection, or else you will fail the test...
When you thus deny the connection, you will of course not be able to access the website to see the results. LM
Thanks, LM, for setting minds at ease. I denied the connection (a no-brainer even for me
), and as stated in my previous post could not access the website, hence I surmised everything OK. Of course the leaktest should be rewritten to not show the dripping tap in this case, as it tends to confuse.
Regards.
Logged
Triplejolt
Global Moderator
Comodo's Hero
Offline
Posts: 426
If you are going through hell, keep going!
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #27 on:
February 26, 2007, 11:45:28 AM »
Just a friendly tip
Don't forget to sweep through your computer with your antivirus program and rootkit prevention program after using these test-tools. Some _may_ leave a nasty surprise for you, even though most tools are what they appear to be
Logged
Cheers
Triplejolt
"Human salvation lies in the hands of the creatively maladjusted."
ocky
Guest
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #28 on:
February 26, 2007, 12:41:23 PM »
Quote from: Triplejolt on February 26, 2007, 11:45:28 AM
Just a friendly tip
Don't forget to sweep through your computer with your antivirus program and rootkit prevention program after using these test-tools. Some _may_ leave a nasty surprise for you, even though most tools are what they appear to be
Now youv'e given me a helluva jolt, Triplejolt
A peaceful evening's testing of all available leaktests has been ruined.
From now on let the other forum members scramble to do the leaktests.
Seriously, have you ever had a problem, and if so doing which test and how
did the "surprise" manifest itself ? Should be of interest to us.
Go well, and thanks for your concern.
Logged
Triplejolt
Global Moderator
Comodo's Hero
Offline
Posts: 426
If you are going through hell, keep going!
Re: Advanced rules for Proxomitron essential or not ?
«
Reply #29 on:
February 27, 2007, 03:40:50 AM »
It was a while back, I gotta admit that. I think I was using ZApro at the time and thought I'd give it a real challenge. This Firewall test utility had no problem penetrating it, and left me a Subseven to play with afterwards. Didn't really know what it was so I left it there to see what happened. Didn't take very long before my drive spun up and the NIC utilization bar peaked. I immediately unplugged the computer and started removing the infernal thing. The tool came from Astalavista.net, so I should've seen it coming
Logged
Cheers
Triplejolt
"Human salvation lies in the hands of the creatively maladjusted."
Tags:
Pages:
1
[
2
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Want to Help Comodo?
-----------------------------
=> Help Spread the Word - Banners and Logos
=> How Can I Help Comodo? (Please We Need You!)
===> Help Spread the Word! (Please Read and Help)
===> Report Comodo Forum / Web Site Issues
=> Please Tell Us Your Views and Vote Here!
-----------------------------
General Category
-----------------------------
=> Melih's Corner - CEO Talk/Discussions/Blog
=> Comodo.TV - Our Internet Video Channel
===> Comodo.TV - News and Announcements
===> Comodo.TV - Program Lineup
===> Audience Feedback and Suggestions
=> Which Product do you want Comodo to develop next?
=> General Discussion (off topic) Anything and everything...
===> Member Confessions :-)
===> Funny Photos :-)
===> Cool Stuff
-----------------------------
Desktop Security Products
-----------------------------
=> Comodo Internet Security - CIS
===> Help - CIS
=====> AntiVirus Help
=====> Firewall Help
=====> Defense+ Help
=====> Install / Setup / Configuration Help
===> FAQ - CIS
=====> AntiVirus FAQ
=====> Firewall FAQ
=====> Defense+ FAQ
=====> Install / Setup / Configuration FAQ
===> Feedback/Comments/Announcements/News - CIS
===> Guides - CIS
=====> AntiVirus Guides
=====> Firewall Guides
=====> Defense+ Guides
=====> Install / Setup / Configuration Guides
=====> Video Guides
===> Wishlist - CIS
=====> AntiVirus Wishlist
=====> Firewall Wishlist
=====> Defense+ Wishlist
=====> Graphical User Interface (GUI) Wishlist
===> Bug Report - CIS
=====> AntiVirus Bugs
=====> Firewall Bugs
=====> Defense+ Bugs
=====> GUI / Miscellaneous / Other Bugs
=====> False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
===> Virus/Malware Removal Assistance
===> Leak Testing/Attacks/Vulnerability Research
=> Comodo Time Machine - CTM
===> Frequent Asked Questions (FAQ)
===> Help - CTM
===> Feedback/Comments/Announcements/News - CTM
===> Bug Reports - CTM
=> Comodo Dragon - CD
=> Comodo Instant Malware Analysis Online - CIMA
=> Comodo Disk Encryption - CDE
===> Help - CDE
===> FAQ - CDE
===> Feedback/Comments/Announcements/News - CDE
===> Wishlist - CDE
===> Beta Corner - CDE
===> BUG Reports - CDE
=> Comodo Secure Email - CSE
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about CSE
===> Bug Reports
===> Help for Comodo SecureEmail
=> Comodo TrustConnect - Securing the Wireless World!
=> Comodo EasyVPN - CEVPN
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about Comodo EasyVPN
===> Bug reports
===> Help for Comodo EasyVPN
=> HopSurf (Bringing Internet to You)
=> Comodo Online Backup - COB
=> Comodo Backup - CB
===> Comodo Backup - FAQ
===> Comodo Backup - Help
=> Verification Engine - CVE
=> Comodo Vulnerability Analyzer - CVA
=> Comodo AntiSpam - CAS
-----------------------------
Desktop Utilities
-----------------------------
=> Comodo System Cleaner - File/Registry/Privacy Cleaner
=> Comodo Cloud Scanner
=> Live PC Support (geeks ready to help 24/7/365)
-----------------------------
Enterprise Security
-----------------------------
=> Comodo Endpoint Security Manager
-----------------------------
Compliance
-----------------------------
=> PCI DSS Compliance
-----------------------------
Learn about Computer Security and Interact with Security Experts
-----------------------------
=> Other Security Products
=> Free Virus/Spyware/Trojan/Malware Removal by Comodo Experts
=> Digital Certificates, Encryption and Digital Signing
=> General Security Questions and Comments
-----------------------------
Free Services for End Users
-----------------------------
=> UserTrust - First Independent Website Rating - Empowering our users!
=> Hacker Guardian
=> Trustfax (free Trial) (online faxing)
-----------------------------
Free Products
-----------------------------
=> Link to Free Comodo Products
-----------------------------
International Comodo Forums
-----------------------------
=> International Comodo Forums
===> 汉语语言, 漢語語言 / Chinese Simplified, Traditional
===> Nederlands / Dutch
===> Francais / French
===> Deutsch / German
===> ελληνικά / Greek
===> Magyar / Hungarian
===> Italiano / Italian
===> Nihongo / Japanese
===> Norsk / Norwegian
===> Polski / Polish
===> Português/Portuguese
===> По-русски / Russian
===> Slovenský / Slovak
===> Slovenščina / Slovenian
===> Espanol / Spanish
===> Svenska / Swedish
===> Turkce / Turkish
===> Українська / Ukrainian
===> Việt / Vietnamese
-----------------------------
Digital Certificates
-----------------------------
=> Code Signing Certificate
=> Content Verification Certificate
=> Email Certificate
=> SSL Certificate
-----------------------------
Web Server Products
-----------------------------
=> Two Factor Authentication for Web Applications
=> Trustlogo
-----------------------------
Other
-----------------------------
=> Forum Policy Violation Board
-----------------------------
Archived Boards
-----------------------------
=> Comodo Diskshield
=> Comodo Firewall
===> Feedback/Comments/Announcements/News
===> Help for v3
===> Help for v2
===> Frequently Asked Questions (FAQ) for Comodo firewall
===> Comodo Firewall Translations
===> Bug Reports
=> Comodo Anti-Viruspyware (CAVS)
===> Help for Comodo AntiVirus
===> FAQ for Comodo Anti-ViruSpyware
===> Feedback/Comments/Announcements/News about CAVS
=> Launch Pad (Discontinued)
=> Trusttoolbar (Discontinued)
=> Comodo Meet (Web Conferencing Product) (Discontinued)
=> User Anywhere (Remote Access product) (Discontinued)
=> Trustix Enterprise Firewall
=> ZTL
=> Comodo BOClean Anti-Malware
===> Announcements
===> Comodo BOClean Anti-Malware FAQ
=> Comodo Memory Firewall(Buffer Overflow Protection)
===> Comodo Memory Firewall Beta Corner
===> Help
===> Frequently Asked Questions (Comodo Memory Firewall)
===> Feedback/Comments/Announcements/News
=> i-Vault
=> Safesurf
=> Other Firewalls
=> Host Intrusion Prevention Systems (HIPS)
=> AntiPhishing Solutions
Page created in 0.063 seconds with 20 queries.
Powered by SMF 1.1.11
|
SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by
7dana.com