none
Firewall - Possible to block communication between two processes over 127.0.0.1?

    Domanda

  • Scenario.

    A popular Antivirus program installs a transparent HTTP proxy that is used by browsers and any other application making connections via HTTP. Communication between processes is via localhost:

    process - 127.0.0.1:any ---> Proxy - 127.0.0.1:12080

    The problem is, this proxy opens a hole that allows any application using HTTP, to make outbound connections, even when the application has been explicitly denied.

    I have the firewall set to 'Outbound connections that do not match a rule are blocked' but with this proxy, applications don't even need a rule, they just connect.

    How can I better control these connections?

    Thanks.

    lunedì 12 marzo 2012 03:43

Tutte le risposte

  • So, is there anyway to control/block localhost connections on a per process basis?
    martedì 13 marzo 2012 23:20
  • Windows Firewall doesn't block the loopback communication. I dont see any other way to block the loopback traffic from Windows firewall. Even 2 local ips on the same hosts are treated as loopback and are not blocked.

    -CrDev Blogs: http://blogs.msdn.com/b/satyem

    mercoledì 14 marzo 2012 01:35
  • That would appear to be a sever limitation and in this case a bit of a security hole.
    sabato 17 marzo 2012 20:16
  • why do you think the communication between two process on the same host not blocked by firewall is a security hole?


    -CrDev Blogs: http://blogs.msdn.com/b/satyem

    martedì 20 marzo 2012 04:08
  • why do you think the communication between two process on the same host not blocked by firewall is a security hole?


    -CrDev Blogs: http://blogs.msdn.com/b/satyem


    In this case, any application can make outbound connections over HTTP, even when they are explicitly blocked or even when they have no rule at all. If I'm unable to control which applications are allow to make connections, there's not much point to the firewall.
    martedì 27 marzo 2012 08:04
  • Hi,

    127.0.0.1 is an IANA reserved loopback IP address, commonly known as localhost, or the local computer. It generally cannot be used by normal users. It is sometimes used by developers or administrators to do local tasks such as mass uploading of text or to test server software.

    For reference: http://en.wikipedia.org/wiki/Loopback


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    lunedì 2 aprile 2012 06:55
    Moderatore
  • Hi,

    127.0.0.1 is an IANA reserved loopback IP address, commonly known as localhost, or the local computer. It generally cannot be used by normal users. It is sometimes used by developers or administrators to do local tasks such as mass uploading of text or to test server software.

    For reference: http://en.wikipedia.org/wiki/Loopback


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Thanks for the reply, unfortunately it doesn't provide anything useful by way of an answer.
    giovedì 5 aprile 2012 08:49