Accedi
 
HomeLibraryRisorseFormazioneDownloadSupportoCommunityForumBlog
Risorse per professionisti IT >
Firewall - Possible to block communication between two processes over 127.0.0.1?

Unanswered Firewall - Possible to block communication between two processes over 127.0.0.1?

  • lunedì 12 marzo 2012 03:43
     
     
    Registrati per votare
    0

    Scenario.

    A popular Antivirus program installs a transparent HTTP proxy that is used by browsers and any other application making connections via HTTP. Communication between processes is via localhost:

    process - 127.0.0.1:any ---> Proxy - 127.0.0.1:12080

    The problem is, this proxy opens a hole that allows any application using HTTP, to make outbound connections, even when the application has been explicitly denied.

    I have the firewall set to 'Outbound connections that do not match a rule are blocked' but with this proxy, applications don't even need a rule, they just connect.

    How can I better control these connections?

    Thanks.

     

Tutte le risposte

  • martedì 13 marzo 2012 23:20
     
     
    Registrati per votare
    0
    So, is there anyway to control/block localhost connections on a per process basis?
     
  • mercoledì 14 marzo 2012 01:35
     
     
    Registrati per votare
    0
    Windows Firewall doesn't block the loopback communication. I dont see any other way to block the loopback traffic from Windows firewall. Even 2 local ips on the same hosts are treated as loopback and are not blocked.

    -CrDev Blogs: http://blogs.msdn.com/b/satyem

     
  • sabato 17 marzo 2012 20:16
     
     
    Registrati per votare
    0
    That would appear to be a sever limitation and in this case a bit of a security hole.
     
  • martedì 20 marzo 2012 04:08
     
     
    Registrati per votare
    0

    why do you think the communication between two process on the same host not blocked by firewall is a security hole?

    -CrDev Blogs: http://blogs.msdn.com/b/satyem

     
  • martedì 27 marzo 2012 08:04
     
     
    Registrati per votare
    0

    why do you think the communication between two process on the same host not blocked by firewall is a security hole?

    -CrDev Blogs: http://blogs.msdn.com/b/satyem


    In this case, any application can make outbound connections over HTTP, even when they are explicitly blocked or even when they have no rule at all. If I'm unable to control which applications are allow to make connections, there's not much point to the firewall.
     
  • lunedì 2 aprile 2012 06:55
    Moderatore
     
     
    Registrati per votare
    1

    Hi,

    127.0.0.1 is an IANA reserved loopback IP address, commonly known as localhost, or the local computer. It generally cannot be used by normal users. It is sometimes used by developers or administrators to do local tasks such as mass uploading of text or to test server software.

    For reference: http://en.wikipedia.org/wiki/Loopback

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     
  • giovedì 5 aprile 2012 08:49
     
     
    Registrati per votare
    0

    Hi,

    127.0.0.1 is an IANA reserved loopback IP address, commonly known as localhost, or the local computer. It generally cannot be used by normal users. It is sometimes used by developers or administrators to do local tasks such as mass uploading of text or to test server software.

    For reference: http://en.wikipedia.org/wiki/Loopback

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Thanks for the reply, unfortunately it doesn't provide anything useful by way of an answer.
    • Modificato Vanderpoole giovedì 5 aprile 2012 08:49
    •