I’m using a local HTTP web-filtering proxy called Proxomitron.
My internet browsers connect through this proxy to access internet.
Proxomitron listen on port 8080, so the browser must establish a connection to 127.0.0.1:8080.
Here is my problem,
let’s say firefox.exe isn’t listed in the Application monitor.
When a launch firefox, CPF doesn’t ask me if I want to give it access to 127.0.0.1 on port 8080.
And the worst part is that firefox gets access to the internet.
It is possible that Firefox and IE was added to the safe applications list in CPF, although I am not positive. If this is the case then CPF automaticaly has rules in it to allow these programs connection.
Security tab - Advanced tab - Miscellaneous. The following option is probably off.
[b]Skip loopback (127.x.x.x) TCP connections[/b]
Loopback connections refer to the internal communications within your PC. Any message transmitted by your computer through a loopback connection is immediately also received by it. This involves no connection outside your computer to the internet or a local network. The TCP option is not checked by default because, in the case of someone using a proxy server, there is a higher chance of attacks being launched using a loopback connection.
Since everything is connecting through localhost, then I thought this might help.
Edit: Sorry what I meant was, do you have this option off?
I don’t remember adding any Trusted Application, but if I did, wouldn’t it be listed in the Application Monitor ? In my case, Firefox and IE doesn’t have any rule listed in the Application Monitor.
The option “Skip loopback (127.x.x.x) TCP connections” is OFF.
However, “Skip loopback (127.x.x.x) UDP connections” is ON.
I tried setting it OFF and launched Firefox.
I was asked for the UDP connection, which I allowed, and then the TCP connection.
However, still with “Skip loopback (127.x.x.x) UDP connections” OFF, if I create a rule for Firefox allowing only UDP connection, CPF still doesn’t ask permission for the TCP connection and Firefox gets access.
I did a few more tests and I will try to summarize the situation.
With the following settings:
“Skip loopback (127.x.x.x) TCP connections” OFF.
“Skip loopback (127.x.x.x) UDP connections” ON.
“Do not show any alerts for the applications certified by COMODO” OFF.
Local proxy described in my first post.
With absolutely no rule created for Firefox:
When I launch Firefox, CPF ask me for an input/output connection through TCP to localhost at a random port (for example 2350). This is, I think, because Firefox establish a connection to itself.
So I create a rule allowing TCP In/Out at port 2350 only. After that, Firefox gets access to internet without CPF asking about connection to localhost port 8080.
With absolutely no rule created for IE:
When I launch IE, it gets access to internet without CPF asking anything.
If anyone can shed light on this, it would be apreciated.
Thanks egemen, it all makes sense now.
However, isn’t there a way for CPF to catch this ?
I don’t like the fact that giving an application access to UDP gives it also access to TCP on any port …
Or am I missing something ?
Does this mean an application could connect to a specific port and then reuse the same socket to connect anywhere ??