| Author |
Message |
Dave McAuliffe
Guest
|
 Posted:
Mon Jan 17, 2005 11:19 pm Post subject:
Firewalls and Proxies |
|
|
System: XP Home SP1, 2200 megahertz AMD.
I'd like some understanding of what's going on and if I'm doing something
wrong.
1) I put a stop on IE via Sygate-7Free, but it gets through.
I have ATT as an ISP via a dial-up using their Accelerator program which
(is/uses?) a proxy. My browsers, Firefox / IE, are configured to use a
proxy. The entries in the Sygate log under Application Name reflect the
name of the ATT proxy (not the browser). If I use IE through the proxy it
gets through, If I configure IE to not use the proxy Sygate will block IE.
Is this the way it should work? If any program is configured to use a
proxy, and the proxy itself is allowed, will firewalls let them all pass?
2) I first had a rule putting a block on port 135 / TCP / Remote / Both
ways, when I noticed that I was allowing inbound TCP to Local 135. I edited
the rule to include Local 135 as well. I refreshed the log then some time
later (minutes) after another refresh the log noted inbound TCP traffic to
Local 135 was allowed. The Application name was
C:\WINDOWS\system32\svchost.exe. I then put a block on svchost.exe which
seems to have worked thus far. (However that blocks Windows update - and
allowing that program before the block on svchost.exe doesn't work.)
Is the operation of a rule absolute or can there be circumstances whereby
some will get by the rule?
(There is no malware on my system)
3) I installed Netscape.com as ISP which also has an accelerator proxy
although the program names differ. When I connect using Netscape the first
entry in the Sygate log was Netscape connecting, all other entries under
Application Name were ATT/Proxy.
Why?
Will Sygate Pro address any of the above?
Any insight appreciated.
--
Dave
Central Mass. USA
To email: Replace
mailinator.com with email.com |
|
| Back to top |
|
 |
abspc
Guest
|
| Posted:
Tue Jan 18, 2005 12:02 am Post subject:
Re: Firewalls and Proxies |
|
|
Dave McAuliffe wrote:
| Quote: | System: XP Home SP1, 2200 megahertz AMD.
I'd like some understanding of what's going on and if I'm doing something
wrong.
1) I put a stop on IE via Sygate-7Free, but it gets through.
I have ATT as an ISP via a dial-up using their Accelerator program which
(is/uses?) a proxy. My browsers, Firefox / IE, are configured to use a
proxy. The entries in the Sygate log under Application Name reflect the
name of the ATT proxy (not the browser). If I use IE through the proxy it
gets through, If I configure IE to not use the proxy Sygate will block IE.
Is this the way it should work? If any program is configured to use a
proxy, and the proxy itself is allowed, will firewalls let them all pass?
2) I first had a rule putting a block on port 135 / TCP / Remote / Both
ways, when I noticed that I was allowing inbound TCP to Local 135. I edited
the rule to include Local 135 as well. I refreshed the log then some time
later (minutes) after another refresh the log noted inbound TCP traffic to
Local 135 was allowed. The Application name was
C:\WINDOWS\system32\svchost.exe. I then put a block on svchost.exe which
seems to have worked thus far. (However that blocks Windows update - and
allowing that program before the block on svchost.exe doesn't work.)
Is the operation of a rule absolute or can there be circumstances whereby
some will get by the rule?
(There is no malware on my system)
3) I installed Netscape.com as ISP which also has an accelerator proxy
although the program names differ. When I connect using Netscape the first
entry in the Sygate log was Netscape connecting, all other entries under
Application Name were ATT/Proxy.
Why?
Will Sygate Pro address any of the above?
Any insight appreciated.
|
I just read at a software web site company that sells a software
firewall/router program and they said in their FAQ that for a proxy
server thing on an isp you need to find out what the proxy port is and
then tell the firewall to block it or allow it ro whatever the user
needs to do. So try to find the proxy port number the isp uses and see
if you can do what you need. Please also report back in here what
happens. To find the proxy port you need to according to the faq i read,
open dos or some sort of program or whatever to see the connections and
what it might be. yer firewall might show it and you'll be able to see.
I'm not sure. |
|
| Back to top |
|
|
Dave McAuliffe
Guest
|
| Posted:
Tue Jan 18, 2005 4:21 am Post subject:
Re: Firewalls and Proxies |
|
|
"abspc" <l@l.com> wrote in message
news:20050117140241.210$Q1@news.newsreader.com...
| Quote: | Dave McAuliffe wrote:
I'd like some understanding of what's going on and if I'm doing
something
wrong.
1) I put a stop on IE via Sygate-7Free, but it gets through.
I have ATT as an ISP via a dial-up using their Accelerator program which
(is/uses?) a proxy. My browsers, Firefox / IE, are configured to use a
proxy. The entries in the Sygate log under Application Name reflect the
name of the ATT proxy (not the browser). If I use IE through the proxy
it
gets through, If I configure IE to not use the proxy Sygate will block
IE.
Is this the way it should work? If any program is configured to use a
proxy, and the proxy itself is allowed, will firewalls let them all
pass? |
<snip>
| Quote: |
I just read at a software web site company that sells a software
firewall/router program and they said in their FAQ that for a proxy
server thing on an isp you need to find out what the proxy port is and
then tell the firewall to block it or allow it ro whatever the user
needs to do. So try to find the proxy port number the isp uses and see
if you can do what you need. Please also report back in here what
happens. To find the proxy port you need to according to the faq i read,
open dos or some sort of program or whatever to see the connections and
what it might be. yer firewall might show it and you'll be able to see.
I'm not sure.
|
The proxy port is 8080. So I'd have to create a rule that prevents IE from
using 8080 for TCP in/out remote/local. As I've uninstalled the proxy, I
tested this using port 80, should render same results, blocking IE while
having Firefox get through, and it worked. Thanks.
I'll reinstall the proxy and test again.
--
Dave
Central Mass. USA
To email: Replace
mailinator.com with email.com |
|
| Back to top |
|
|
Casey
Guest
|
| Posted:
Tue Jan 18, 2005 4:57 am Post subject:
Re: Firewalls and Proxies |
|
|
In article <352dteF4f2db8U1@individual.net>, DaveMcA@mailinator.com says...
| Quote: |
I have ATT as an ISP via a dial-up using their Accelerator program which
(is/uses?) a proxy. My browsers, Firefox / IE, are configured to use a
proxy. The entries in the Sygate log under Application Name reflect the
name of the ATT proxy (not the browser). If I use IE through the proxy it
gets through, If I configure IE to not use the proxy Sygate will block IE.
Is this the way it should work? If any program is configured to use a
proxy, and the proxy itself is allowed, will firewalls let them all pass?
Yes, this is normal operation. When the browser is set to connect |
directly to internet, a Sygate application rule is required to Allow
the browser. The browser connection is logged into the traffic log.
When the Browser is set to work into local host (typically 127.0.0.1,
port 8080), then a sygate application rule is required to Allow the
local proxy. The local proxy connection is logged into the traffic
log--not the browser. This applies to Sygate free and pro and
most firewalls.
Some firewalls have control of (1)local ports, (2)remote ports,
and (3)local host ports. Sygate only has control of local and
remote ports. Without local host port control, some trojans
can phone home through the local proxy and it will not be detected
by the firewall.
Casey |
|
| Back to top |
|
|
Casey
Guest
|
| Posted:
Tue Jan 18, 2005 5:11 am Post subject:
Re: Firewalls and Proxies |
|
|
| Quote: |
The proxy port is 8080. So I'd have to create a rule that prevents IE from
using 8080 for TCP in/out remote/local.
No, the local host 127.0.0.1, port 8080 is an address within |
your computer. The TCP in/out, remote/local only deal with
connections between your computer and internet--not inside
your computer. Sygate cannot control 127.0.0.1, port xxxx.
Casey |
|
| Back to top |
|
|
abspc
Guest
|
| Posted:
Tue Jan 18, 2005 5:35 pm Post subject:
Re: Firewalls and Proxies |
|
|
Casey wrote:
| Quote: | The proxy port is 8080. So I'd have to create a rule that prevents IE from
using 8080 for TCP in/out remote/local.
No, the local host 127.0.0.1, port 8080 is an address within
your computer. The TCP in/out, remote/local only deal with
connections between your computer and internet--not inside
your computer. Sygate cannot control 127.0.0.1, port xxxx.
Casey
|
The more I read in this group about sygate the more I think that
software sucks compared to others, :( |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in