I had typed up a large post explaining my issue in detail, but lost it. I will be concise.
I am not trusting Local Area Network #1. D+ is in Paranoid mode, Firewall is set on Very High alert frequency level with Enable alerts for loopback requests checked. Despite this, I can ping and telnet into the host machine from a guest VM inside a Virtualbox NAT. I can telnet into port 139, be connected and this connection does not show up on the connections list, nor am I prompted for it. I can ping the host machine (10.0.1.2) as well, from inside the guest VM. This issue does not occur on my Mac OS X machine, also running virtualbox. IPFW blocks a connection attempt from localhost to 10.0.1.6 (that machine’s ip on the network) when I attempt to ping the host from inside the guest. On my Windows 7 x64 machine running CIS (proactive security mode, if that is important), the connection is silently allowed. Very alarming.
Any suggestions?
I am running the latest version of CIS, which another user in a different thread claimed to have fixed his problem. This leads me to believe that a reinstall may fix my problem, however, the lack of an apparent cause concerns me, even if a reinstall would fix this.
I’m also attaching screenshots of my Defense + log, showing it successfully blocking or allowing Firefox localhost to localhost traffic. It prompted me for this after I deleted the existing Outgoing Only rule and opened it. It prompts me correctly upon attempting to initiate a connection to http://localhost as well. The issues with ping, telnet and the VM still persist though. So CIS is correctly identifying some localhost traffic!
However, if I check Block and Remember, no entry shows up in Firefox’s network security policy section for localhost traffic, but does for normal traffic.
EDIT: On another try, it does appear to remember and store localhost traffic for Firefox. I must have simply forgotten to check the remember box. So, the issue now is why is it failing to alert on specific programs? I double checked and I have no rule set up for Virtualbox, nor ping.exe.
Sun Virtualbox 3.1.2. Sorry for any confusion, when I say VM I mean the virtual machine, not any VMware application. Host OS is Windows 7 x64 Home Premium, guest OS is Ubuntu 9.10 x64. I’m using NAT. For some reason the bridged adapter option is not allowing me to select an adapter, I will do a clean install of Virtualbox 3.1.4 today and let you know if there is any change.
As I expected, bridged networking does not have the same problem. CIS sees a connection from another computer on the network and prompts for it. The downside is that CIS cannot be used to monitor the network connections made by the VM. I double-checked NAT again with the new version of Virtualbox and CIS still silently allows connections made from guest to host.
I also installed a fedora VM and the same issues are present.
I don’t have this with VMWare if i use NAT and try to telnet to my 445 port i receive a firewall alert for vmnat.exe trying to connect to 127.0.0.1 on port 445…
The ping walks straight trough, even global rule block doesn’t work for this… but if i have a look at the IP’s used by VMware there is no logic, there must be some software level in between
The Guest and Host are absolutely not in the same subnets and as seen above CIS alerts for Loopback traffic coming from the Guest OS. So VMWare must be acting like a software router in between…
Are you running CIS v4 latest beta or the stable 3.14.x ?
I’m running the latest stable version, 3.14.130099.587.
I can telnet to any listening port and a connection will be established. I get an alert for using telnet to connect to 127.0.0.1 at 445 in Windows, but not from a guest VM. I will try VMWare soon.