Re: Safety of local-loopback access rule

Post removed (X-No-Archive: yes)

Safety of local-loopback access rule

Hello,

I'm using Cygwin's Xwindows. When I launch applications that connect
to the windowing system, the Kerio Personal Firewall 2.1.5 catches it.
I launched a few Xwindows applications to characterize the accesses:

Local Remote
-------------
:1120 127.0.0.1:1034
:1122 127.0.0.1:1034
:1123 127.0.0.1:1023
:1124 127.0.0.1:1034
:1125 127.0.0.1:1125

Both TCP and UDP (outgoing) is required for most of the applications
tried. I created a single rule for any application and any port to
allow access for the plurality of applications:

Local_Loopback_for_Xwin
-----------------------
* Protocol: TCP and UDP
* Direction: Outgoing
* Local endpoint: Any port, any application
- Different applications use different ports
e.g. 1120, 1122, 1123, 1124, 1125
* Remote endpoint: 127.0.0.1, any port
- Different applications use different ports
e.g. 1034, 1034, 1023, 1034, 1125
* Always permit

Since it's a local connection, is it safe to have an open-ended port
specification and open-ended application specification?

The safer alternative is to specify exactly which application the rule
applies to, which is less convenient. I'd need a rule for each
application. Also, if some Xwindows activity or application doesn't
work in the future, it might take some troubleshooting before tracking
it back to the firewall.

Hopefully, the open-endedness in the rule specification sacrifices
very little safety, since it's much more convenient.

Re: Safety of local-loopback access rule

Dubious Dude wrote:
> I'm using Cygwin's Xwindows. When I launch applications that connect
> to the windowing system, the Kerio Personal Firewall 2.1.5 catches it.
> I launched a few Xwindows applications to characterize the accesses:
>
> Local Remote
> -------------
> :1120 127.0.0.1:1034
> :1122 127.0.0.1:1034
> :1123 127.0.0.1:1023
> :1124 127.0.0.1:1034
> :1125 127.0.0.1:1125
>
> Both TCP and UDP (outgoing) is required for most of the applications
> tried. I created a single rule for any application and any port to
> allow access for the plurality of applications:
>
> Local_Loopback_for_Xwin
> -----------------------
> * Protocol: TCP and UDP
> * Direction: Outgoing
> * Local endpoint: Any port, any application
> - Different applications use different ports
> e.g. 1120, 1122, 1123, 1124, 1125
> * Remote endpoint: 127.0.0.1, any port
> - Different applications use different ports
> e.g. 1034, 1034, 1023, 1034, 1125
> * Always permit
>
> Since it's a local connection, is it safe to have an open-ended port
> specification and open-ended application specification?

Why would it be unsafe? 127.0.0.0/8 is localhost, i.e. the local
computer. It's plain stupid of Kerio to filter/report connections to
127.0.0.1 unless packets with this address arrive on the external
interface.

Besides, you can't reliably restrict outbound connections anyway.

cu
59cobalt
--
"Personal Firewalls are crap. Throw away any personal firewall. Personal
Firewalls are bad[tm]."
--Malte von dem Hagen on security-basics

Re: Safety of local-loopback access rule

Post removed (X-No-Archive: yes)

Re: Safety of local-loopback access rule

Dubious Dude wrote:
> I'm using Cygwin's Xwindows. When I launch applications that connect
> to the windowing system, the Kerio Personal Firewall 2.1.5 catches it.
> I launched a few Xwindows applications to characterize the accesses:

> Local Remote
> -------------
> :1120 127.0.0.1:1034
> :1122 127.0.0.1:1034
> :1123 127.0.0.1:1023
> :1124 127.0.0.1:1034
> :1125 127.0.0.1:1125

You can see here, how idiotic Kerio seems to be. Maybe you want rethink,
if it would be better to just use the Windows firewall.

Beside that, AFAIK Windows does not support UNIX domain sockets, so this
is Ok.

Yours,
VB.
--
"Life was simple before World War II. After that, we had systems."
Grace Hopper