CPF seems to not ask permission when destination is localhost

Hi all !

CPF 2.3.6.81

I’m using a local HTTP web-filtering proxy called Proxomitron.
My internet browsers connect through this proxy to access internet.
Proxomitron listen on port 8080, so the browser must establish a connection to 127.0.0.1:8080.

Here is my problem,
let’s say firefox.exe isn’t listed in the Application monitor.
When a launch firefox, CPF doesn’t ask me if I want to give it access to 127.0.0.1 on port 8080.
And the worst part is that firefox gets access to the internet.

Same thing for iexplorer.exe.

I don’t like this…

Guillaume.

Hi,

It is possible that Firefox and IE was added to the safe applications list in CPF, although I am not positive. If this is the case then CPF automaticaly has rules in it to allow these programs connection.

Security tab - Advanced tab - Miscellaneous. The following option is probably off.

[b]Skip loopback (127.x.x.x) TCP connections[/b] Loopback connections refer to the internal communications within your PC. Any message transmitted by your computer through a loopback connection is immediately also received by it. This involves no connection outside your computer to the internet or a local network. The TCP option is not checked by default because, in the case of someone using a proxy server, there is a higher chance of attacks being launched using a loopback connection.

Since everything is connecting through localhost, then I thought this might help.

Edit: Sorry what I meant was, do you have this option off?

I don’t remember adding any Trusted Application, but if I did, wouldn’t it be listed in the Application Monitor ? In my case, Firefox and IE doesn’t have any rule listed in the Application Monitor.

The option “Skip loopback (127.x.x.x) TCP connections” is OFF.

However, “Skip loopback (127.x.x.x) UDP connections” is ON.
I tried setting it OFF and launched Firefox.
I was asked for the UDP connection, which I allowed, and then the TCP connection.
However, still with “Skip loopback (127.x.x.x) UDP connections” OFF, if I create a rule for Firefox allowing only UDP connection, CPF still doesn’t ask permission for the TCP connection and Firefox gets access.
???

Sorry, about my last reply, the behavior I described is for IE.

With Firefox, without any rule created for it, it gain access to internet without CPF asking anything.
??? ???

And by the way, the option “Do not show any alerts for the applications certified by COMODO” is OFF.

I did a few more tests and I will try to summarize the situation.

With the following settings:
“Skip loopback (127.x.x.x) TCP connections” OFF.
“Skip loopback (127.x.x.x) UDP connections” ON.
“Do not show any alerts for the applications certified by COMODO” OFF.
Local proxy described in my first post.

With absolutely no rule created for Firefox:
When I launch Firefox, CPF ask me for an input/output connection through TCP to localhost at a random port (for example 2350). This is, I think, because Firefox establish a connection to itself.
So I create a rule allowing TCP In/Out at port 2350 only. After that, Firefox gets access to internet without CPF asking about connection to localhost port 8080.

With absolutely no rule created for IE:
When I launch IE, it gets access to internet without CPF asking anything.

If anyone can shed light on this, it would be apreciated.
Thanks.

Did CPF ever prompt for Proxomitron & is Proxomitron listed in the Application Monitor?

Also what is your Alert Frequency Level set at?

Hi,
Disable both Skip Loopback UDP and TCP connection options. Then it should ask.
Egemen

I have 2 rules created for Proxomitron:

  • Allow TCP In at port 8080
  • Allow TCP/UDP Out

Alert Frequency Level is set at High.

With both Skip Loopback UDP and TCP conecction options off, here what happens.
I did the test only with IE this time.

Without any rule created for IE:

  • Launch IE
  • CPF alert me that IE is trying to act as a server: IP: 127.0.0.1 Port: 1817 - UDP
  • Allow
  • CPF alert me that IE is trying to connect to the Internet: IP: 127.0.0.1 Port 8080 - Tcp
  • Allow
  • IE get Internet acess

Everything is ok in that case.

However, if I redo the previous test with one rule created for IE (Rule = Allow UDP In) which covers the first alert shown by CPF:

  • Launch IE
  • No alert from CPF and IE gets Internet access.

Why doesn’t CPF alert me of the TCP connection to localhost port 8080 ?

Because internet explorer uses the same UDP socket for TCP connections as well. This is a feature of IE according to Microsoft.

Thanks egemen, it all makes sense now.
However, isn’t there a way for CPF to catch this ?
I don’t like the fact that giving an application access to UDP gives it also access to TCP on any port …
Or am I missing something ?
Does this mean an application could connect to a specific port and then reuse the same socket to connect anywhere ??