Jump to content

Search the Community

Showing results for tags 'firewall'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 57 results

  1. Good news for existing users of the firewall enhancing software Windows Firewall Control; the most recent update of the application released today unlocked the donation-only functionality for all users of the application. Windows Firewall Control is a security software for Windows that gives users more control over the built-in firewall of the operating system. We reviewed Windows Firewall Control 5.0 and Windows Firewall Control 5.1 recently. Among the many features that the program supports are better options to manage firewall rules, better protection against rule tampering, or a learning mode that keeps user interaction to a minimum. Windows Firewall Control was available as a free version that was feature limited. The core functionality that was missing from the free version was notifications support. Notifications are an essential feature of the application for many users. The application displays a prompt each time a software program or process attempts to make an outbound connection. It is up to the user to allow or block the connection temporarily or permanently, or use built-in options to find out more about the process, port and other information before making a decision. Malwarebytes, makers of the popular anti-malware software of the same name, acquired Windows Firewall Control in June of 2018. It was not the first acquisition of the company in the past three years; it acquired the popular adware remover AdwCleaner in 2016 and Junkware Removal Tool, another program to clean up potentially unwanted applications in 2015. Malwarebytes revealed in the official press release back in June that it had plans to integrate the solution in its core products. The company reassured users of the product that the program would be kept as a standalone program but that it would fly under the Malwarebytes branding in the future. It appears that one outcome of the acquisition is that Malwarebytes dropped the donation-only requirement to use Windows Firewall Control to the fullest. The official release notes of version 5.4.0.0 confirm that: Nothing will change for users who donated in the past. Users who did not donate get access to the same functionality as supporters, however. You may need to select Notifications > Display notifications to enable the feature. It should not be locked anymore so that the functionality can be enabled right after installation of the new version. Windows Firewall Control comes with signed installer and files in the new release, another welcome change that should improve the program's standing with other security tools and Windows' own anti-malware protections. Ghacks.net
  2. Jime234

    Changing my AV

    Hi, I have been using ESET SS since half a decade now, Now I'm thinking about changing my security setup for a change. I was thinking about MSE with WFC and MBAM, will it be good enough ? In the past I have tried out Nortan, Kaspersky, Avast, Avira but they had huge update size or/and I just found them to be annoying... And then I found ESET I just want an AV with small sized update definitions, just like ESET has. If you guys have tried and experienced or know about such an av, then kindly suggest ! Thanks in Advance !!
  3. vissha

    simplewall 2.3.1 Stable

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.3.1 (25 Juny 2018) fixed loopback rules (added more reserved ip addresses) fixed sometimes system cannot be going to sleep fixed applying rules for services (appcrash) fixed update sometimes cannot be installed fixed services enumeration fixed system rules Homepage: https://www.henrypp.org/product/simplewall Downloads - v2.3.1 stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.3.1/simplewall-2.3.1-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.3.1/simplewall-2.3.1-bin.zip
  4. vissha

    simplewall 2.3.0 Stable

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.3.0 (19 Juny 2018) Maintenance release. added allowed connections monitoring in dropped packets log (win8+) added inbound multicast and broadcast connections logging (win8+) added outbound redirection filter layer (win7+) added separation for remote/local address/port in rules editor added hotkeys for import/export profile added win10 rs5 support prevent memory overflow for singly linked lists (win7+) (issue #193) do not load icons for processes if icons displaying are disabled improved multiple rules applying speed in settings window increased time limit for displaying same notification (win7+) search loading dlls in system directories only (safety) check for correct xml data type before loading store last notification timestamp for apps removed proxy support (win8+) fixed dropped events callback crash (win7+) fixed applying services filters fixed alphanumeric sorting improved port scanning defense improved loopback connections improved boot-time filters stability improvements cleanup xml atributes updated system rules cosmetics fixes fixed ui bugs fixed bugs Homepage: https://www.henrypp.org/product/simplewall Downloads - v2.3.0 stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.3/simplewall-2.3-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.3/simplewall-2.3-bin.zip
  5. Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.2.12 (6 Juny 2018) fixed win10rs4 netevents subscription (win10rs4+) fixed double race condition lock (critical) v2.2.10 (6 Juny 2018) added feature to disable special rules group (issue #181) revert special rules highlighting fixed listview focusing (maybe?) (issue #164) fixed switching modes fixed reported bugs code cleanup fixed bugs Homepage: https://www.henrypp.org/product/simplewall Downloads - v2.2.12 stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2.12/simplewall-2.2.12-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2.12/simplewall-2.2.12-bin.zip Downloads - v2.2.10: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2.10/simplewall-2.2.10-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2.10/simplewall-2.2.10-bin.zip
  6. https://www.binisoft.orgSharecode: /download/wfc5setup.exe What's new in version 5.3.1.0 (24.04.2018) - New: Added a confirmation dialog before enabling Secure Rules and Secure Profile, informing the users that they should consult the user manual to understand the effects and the side effects of enabling these features. - Fixed: The status of Secure Rules and Secure Profile are incorrectly reported in the Security tab in Windows 10 version 1803.
  7. Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.2.1 Beta (14 March 2018) instant apps list sorting notifications: added information about blocked protocol notifications: replaced "disable notifications for this app" icon notifications: changed default timeout between same notifications notifications: tray popup sometimes won't shown on some systems notifications: ignore button combined with block button notifications: changed texts for remote/local addresses timer does not removed when user manually uncheck apps removed font boldening for itself (issue #135) changed minimal width of main window fixed timers formatting fixed ui bugs fixed bugs v2.2 Beta (4 March 2018) new notification ui now simplewall added to the apps list automatically (issue #106) added windows services support [beta] (issue #88) added profile timestamping new localization engine (single .lng file) more sensitive notifications (issue #107) lock-free dropped events callback (win7+) added group total items count indication added block action for notifications (issue #123) automatic profile backup (issue #110) added network address resolution make internal apps undeletable menu bitmap transparent icons app paths case correction added timers (issue #96) set process high priority ipsec dropped packets logging (win8+) removed wow64 redirection (use simplewall 64-bit binaries for win64) revert "purge unused apps" feature optimized apps types recognition improved tray context menu (issue #103) improved memory allocation changed verify signatures algorithm (issue #94) changed "purge invalid apps" hotkey changed default font cosmetics for filter names cosmetic fixes (issue #108) stability improvements updated default colors updated localization fixed dropped events callback failure (win10 rs3 and above) fixed steal focus at startup and when notification displaying fixed working under blacklist mode fixed multi-monitor support fixed ui bugs fixed bugs v2.1.4 (27 November 2017) do not verify signatures for store apps (win8+) optimized digital signatures verification (issue #94) fixed appcontainers listing (removed firewallapi.dll dependence) (win8+) (issue #104) fixed notifications race conditions (it may fix issue #73) fixed status does not changed when app deleted fixed "system" process marked as pico updated blocklist code cleanup fixed bugs v2.1.3 (22 November 2017) disabled loopback and digital signatures config by default fixed displaying name of store apps (win8+) (issue #98) fixed network paths rules (issue #102) v2.1.2 RC (21 November 2017) added option to disable apps signature checking set selected apps when you are open rules editor from main window reworked special rules (minimized memory usage and speed improvements, also removed limit in apps selection for special rules) removed ocsp signature verification (issue #94) improved apps version receiving renamed "filters" into "rules" fixed various rules editor crashes (issue #89) fixed notifications race conditions (it may fix issue #73) fixed blocklist incorrect check state fixed restoring after hibernation updated localization fixed ui bugs fixed bugs v2.1.1 Beta (17 November 2017) reworked filter settings page added option to disable hosts support for rules added option to load blocklist extra rules cosmetic fixes for ipv6 address format fixed dns resolutions where it does not required (issue #94) fixed various rules editor crashes (issue #89) fixed windows store icon destroying removed filters configuration from menu (use settings dialog instead) removed internal rules files from distro updated internal rules updated localization fixed ui bugs fixed bugs v2.1 Beta (12 November 2017) added windows store apps support (win8+) revert allowing loopback connection feature converted log limit unit to kilobytes dropped packets log cosmetic fixes improved confirmation dialogs updated localization fixed settings will not be applied for main menu fixed displaying icons for some processes fixed rules editor crash (issue #89) fixed color items reorganization fixed ui bugs fixed bugs v2.0.20 (6 November 2017) now custom rules will overwrite system rules added warning message for listen connections option apply filters on demand in settings dialog added port support for ip ranges removed rules configuration from menu (use settings dialog instead) fixed rule apps does not saved when checkbox are checked fixed rule generation from notification window fixed listen connections does not blocked fixed highlighting special rules for apps fixed running under non-admin account fixed skip-uac working directory fixed listview sorting fixed ui bugs fixed bugs Homepage: https://www.henrypp.org/product/simplewall Downloads - stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.1.4/simplewall-2.1.4-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.1.4/simplewall-2.1.4-bin.zip Downloads - 2.2 beta: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2/simplewall-2.2-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2/simplewall-2.2-bin.zip Downloads - 2.2.1 beta: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2.1/simplewall-2.2.1-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2.1/simplewall-2.2.1-bin.zip
  8. Dr.Web Security Space PRO v12.1.1 + Keys Requirements: 4.0+ Overview: Complex protection from all kinds of threats for mobile devices, Anti-virus for TV sets, media players, and game consoles based on Android TV. Complex protection from all kinds of threats for mobile devices, Anti-virus for TV sets, media players, and game consoles based on Android TV. The product is free for 14 days; after that you need to purchase a commercial license valid for a year or more. Use Dr.Web Security Space for Android for free with the purchase of Dr.Web Security Space or Dr.Web Anti-virus for PC/Mac. Features and Advantages • Quick and full file system scanning; scanning of individual files and folders upon a request. Real-time scanning of a file system. Unlocking of data from ransomware Trojans and data safety with no need to pay a ransom to cybercriminals. Even when a phone is fully blocked, even by blockers unknown to the Dr.Web virus databases. • Detection of new, unknown malicious programs using the unique Origins Tracing™ technology. • Moving of detected threats to the quarantine; restoration of files. Password protection of the Anti-virus settings and access to applications Minimal load on the operating system. • Discreet use of battery resources. • Traffic saving due to a small size of the virus database updates. • Detailed statistics. A convenient and informative widget on a device home screen. Call and SMS Filter Protection from unwanted calls and SMS messages. • Selection of filtration modes. - Personal filtering profiles. • Black list. • Review of blocked calls and messages. Caution: The Call and SMS Filter does not operate on devices without a SIM card. Anti-theft It will help in locating a device in case of its loss or theft; its data can be remotely deleted if necessary. • Blocking of a device after a restart • Blocking of a device with a request to enter a password for unlocking • Unlocking using SMS/via the website https://asc.drweb.com • GPS coordinates of a device • Possibility to remotely delete data from a device memory and its SD card. • Audio alarm • Possibility to display a text on a screen of a blocked device • Possibility to create a list of contacts that will receive a notification on a change of a SIM card on the lost device with the number of the new SIM card, which can be used when appealing to police. These numbers can be used to unlock a phone, if you forget a password. Caution: Anti-theft does not operate on devices without a SIM card. URL filter Restricts access to unwanted Internet resources. Blocking of websites that distribute viruses. Blocking according to subject categories (drugs, violence, etc.). White and black lists of websites Access only to websites from the White list Parental Control Protects application from an unauthorized access and the Anti-virus settings—from unwanted changes by outsiders and children. Blocking of access to applications. Blocking of Dr.Web settings modification. Password protection Security Auditor • Runs diagnostics, exposes security issues and proposes their solutions. Firewall Controls network activity of applications. • Filtering of external network traffic of applications, that are installed on a device, and system applications—according to a user choice (Wi-Fi, network) and configurable rules (according to IP addresses and/or ports, entire networks, address ranges); • Monitoring of current and already transferred traffic—with information on addresses/ports connected by applications and on incoming and outgoing traffic; • Detailed logs. Features of Dr.Web removal when Anti-theft is installed If Dr.Web Anti-theft is enabled on your device, disable it before the application removal. This app uses the Device Administrator permission. This app uses Accessibility services. What's New * Fixed an issue of an emergency application shutdown that occurred on some devices. * Introduced minor interface changes. 1) Install Dr.Web 2) Unzip key 3) Open Dr.Web 4) Select "Use existing license" 5) Select "Copy from file" then OK 6) Browser for the key and select it 7) It shows "The key file is received" This app has no advertisements More Info: https://play.google.com/store/apps/details?id=com.drweb.pro&hl=en Download Instructions https://uploadocean.com http://turbobit.net
  9. vissha

    simplewall 2.0.19

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.0.19 (1 November 2017) new rules editor ui added highlighting rules with errors automatically sorting rules after changing added feature to set custom dns ipv4 server ("DnsServerV4" in .ini) added option to exclude blocklist rules from notifications show process information in statusbar on menu item hover optimized signature information retrieving from binaries updated localization fixed saving profile in some cases fixed parsing rules types (issue #70) fixed dns queries fixed ui bugs fixed bugs Downloads: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.0.19/simplewall-2.0.19-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.0.19/simplewall-2.0.19-bin.zip 566 Bytes simplewall-2.0.19-setup.sig 372 Bytes simplewall-2.0.19.sha256 Source code (zip) Source code (tar.gz)
  10. NetGuard - no-root firewall v2.143 [Pro] Requirements: 5.0+ Overview: NetGuard provides simple and advanced ways to block access to the internet - no root required. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection. Blocking access to the internet can help: • reduce your data usage • save your battery • increase your privacy Features: • Simple to use • No root required • 100% open source • No calling home • No tracking or analytics • Actively developed and supported • Android 4.0 and later supported • IPv4/IPv6 TCP/UDP supported • Tethering supported • Multiple device users supported • Optionally allow when screen on • Optionally block when roaming • Optionally block system applications • Optionally notify when an application accesses the internet • Optionally record network usage per application per address • Material design theme with light and dark theme PRO features: • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic • Allow/block individual addresses per application • New application notifications; configure NetGuard directly from the notification • Display network speed graph in a status bar notification • Select from five additional themes in both light and dark version There is no other no-root firewall offering all these features. WHAT'S NEW Updated for Android 8.1 Updated build tools and libraries Discontinued support for Android KitKat Small improvements and minor bug fixes This app has no advertisements https://play.google.com/store/apps/details?id=eu.faircode.netguard Download Instructions: PRO features Unlocked
  11. vissha

    simplewall 2.0.18

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.0.18 added setting to disable proxy support (win8 and above only) prevent notifications duplicate fixed windows firewall disabling on win10 fixed notifications sound configuration does not saved fixed notifications sound does not played on some systems cosmetic fixes about notifications cross button updated localization updated blocklist fixed dpi support fixed ui bugs Downloads: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.0.18/simplewall-2.0.18-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.0.18/simplewall-2.0.18-bin.zip 566 Bytes simplewall-2.0.18-setup.sig 372 Bytes simplewall-2.0.18.sha256 Source code (zip) Source code (tar.gz)
  12. Windows Firewall Control 5.0.0.0 Changelog: https://www.binisoft.org/changelog.txt Download: https://www.binisoft.org/download/wfc4setup.exe Changes: What's new in version 5.0.0.0 (04.10.2017) - New: Connections Log contains now an "Auto refresh on open" check box which will automatically trigger Refresh when the window is opened. - New: Connections Log contains now an "Auto receive updates" check box which will automatically add the newest entries on top of the list. More info can be found in the user manual. - New: Main Panel displays now the currently connected location of Windows Firewall. - New: Added "Open the website" functionality in the About tab. - Fixed: Duplicate notifications may be displayed if the location of Windows Firewall changes after WFC service start-up and there are rules defined for specific locations. - Fixed: Merge rules functionality from Rules Panel does create the merged rule, but does not remove anymore the old rules. - Fixed: Import policy displays a successful operation result, even if the import has failed due to a file access denied error. - Fixed: Refresh does not work anymore in Connections Log after using the search. The window must be closed and reopened to be able to refresh again the data grid. - Fixed: Some group names from Windows 10 are not recognized. - Fixed: 'mDNS' keyword is not valid in Properties dialog as local port when opening such an inbound rule for UDP protocol. - Updated: The user manual was updated with new screenshots and updated topics.
  13. Scientists have developed an innovative firewall programme that can protect smartphones from malicious codes and security threats. Earlier this year, researchers from the Ben-Gurion University of the Negev (BGU) in Israel discovered a security vulnerability in the internal communications between Android cellphone components and a phone's central processing unit (CPU). They alerted Android developer Google and helped the company address the problem. "Our technology doesn't require device manufacturers to understand or modify any new code," said Yossi Oren from BGU. "It's a firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU," said Oren. Some 400 million people change their phone's components, such as touchscreens, chargers, and battery or sensor assemblies, which are all susceptible to significant security breaches and attacks. These components, referred to as "field replaceable units (FRUs)," communicate with the phone CPU over simple interfaces with no authentication mechanisms or error detection capabilities. A malicious vendor could add a compromised FRU to a phone, leaving it vulnerable to password and financial theft, fraud, malicious photo or video distribution, and unauthorised app downloads. "This problem is especially acute in the Android market with many manufacturers that operate independently," researchers said. "An attack of this type occurs outside the phone's storage area; it can survive phone factory resets, remote wipes and firmware updates. Existing security solutions cannot prevent this specific security issue," they said. "There is no way for the phone itself to discover that it's under this type of an attack. Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication," said Omer Schwartz from BGU. The research team uses machine learning algorithms to monitor the phones' internal communications for anomalies that may indicate malicious code. The software allowed them to identify and prevent hardware-generated data leaks and hacks. The researchers are seeking to further test the patent-pending technology with phone manufacturers. Article source
  14. vissha

    GlassWire Elite v.1.2.102

    Firewall for monitoring the network activity, viewing bandwidth usage statistics and preventing apps from connecting to the Internet Although you may not always be notified about it, processes and applications sometimes connect to the Internet to send or receive data. Because of this, your computer can get hijacked or infected by malware, especially if you are not aware of the vulnerability and you do not take any measures to protect the system against unauthorized access. Monitor applications and network activity GlassWire is a software utility that provides you with around-the-clock security when it comes to your Internet connection, by monitoring the incoming and outgoing network traffic. Hence, it is able to detect and display information about every service or process that is currently making use of your bandwidth, as well as the IP addresses of each third party connection. Version 1.2.102 - (May 25, 2017) Hash # FD976333A81AA58DF592CEBD118A00C5599A13B915C6EFFC857BB3B64E939789 Fixed a problem that caused some executables to have no description in unusual situations. IP sorting is now correct with the "Network" tab. Other bug fixes and resource usage enhancements. Homepage: https://www.glasswire.com Download: https://download.glasswire.com/GlassWireSetup.exe Medicine only by Popeyes~XU / URET - shared by Recruit: Site: https://www.upload.ee Sharecode[?]: /files/7077000/crack.rar.html or Site: https://www.mirrorcreator.com Sharecode[?]: /files/FAHSCFH2/crack_0.rar_links Installer + Fix: Site: https://cloud.mail.ru Sharecode: /public/3KZs/FhGripCoo
  15. The following is not contained in an article but is common knowledge among security professionals that ALL malware that uses SMB (starting with the Blaster worm in 2000) can be blocked using a firewall. Initially Blaster was stopped by blocking TCP ports 139 and 445. We have been blocking those ports permanently since that time. Additionally, for WannaCry, you should block TCP port 137 and UDP ports 137 and 138.
  16. igorca

    GlassWire Elite v.1.2.100

    Firewall for monitoring the network activity, viewing bandwidth usage statistics and preventing apps from connecting to the Internet Although you may not always be notified about it, processes and applications sometimes connect to the Internet to send or receive data. Because of this, your computer can get hijacked or infected by malware, especially if you are not aware of the vulnerability and you do not take any measures to protect the system against unauthorized access. Monitor applications and network activity GlassWire is a software utility that provides you with around-the-clock security when it comes to your Internet connection, by monitoring the incoming and outgoing network traffic. Hence, it is able to detect and display information about every service or process that is currently making use of your bandwidth, as well as the IP addresses of each third party connection. Homepage:https://www.glasswire.com Download setup+crack from URET TEAM: Site: https://cloud.mail.ru Sharecode[?]: /public/9UCJ/MEMRYxStj All credits goes to my friend Popeyes ~ XU
  17. SimpleWall 1.4.6 (x86/x64) + Portable Description Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support You can download either the installer or portable version. For correct working, need administrator rights. Settings To activate portable mode, create "simplewall.ini" in application folder, or move it from "%APPDATA%\Henry++\simplewall". ===================================== Changelog: v1.4.6 - (2017-04-04): added write error logs into a file feature fixed process list does not recognize pico applications on win10 updated translations fixed bugs ===================================== Version: 1.4.6 Author: Henry++ Last release: 4 April 2017 Changelog: https://raw.githubusercontent.com/henrypp/simplewall/master/CHANGELOG.md Released: 26 July 2016 License: GPL v3 Language: C/C++ Supported OS: Vista, 7, 8, 8.1, 10 Platform architecture: 32-bit/64-bit ====================================== Homepage: http://www.henrypp.org/product/simplewall Downloads: Latest Version from GitHub(1) / Latest Version from GitHub(2) Localization from GitHub Downloads 422 KB simplewall-1.4.6-bin.zip Source code (zip) Source code (tar.gz)
  18. This Device Works as a Firewall for Your USB Ports USG v1.0 (via Robert Fisk) The USG is an USB attachment that allows users to connect USB flash drives and other USB devices to their computer without any of the risks. Attacks like BadUSB have shown how a rogue device can mimic a benign USB interface, but secretly send malicious low-level commands and take over a computer via its USB port. USG works like a firewall for USB connections USG, created by New Zealander Robert Fisk, works as an intermediary between the computer and the USB device (flash drive, USB keyboard, USB mouse) and behaves similar to a firewall, inspecting the data that passes through it. USG, which runs on custom firmware, only lets data pass, ignoring any kind of low-level interactions between the USB device and computer. Furthermore, USG protection goes both ways, meaning you can use USG to protect USB flash drives when connecting to unknown computers. USG designed to thwart BadUSB attacks BadUSB attacks work because computers inherently trust anything connected via an USB port. If it's a mouse or a device such as PoisonTap, which can alter DNS settings and dump passwords, the computer behaves the same. It doesn't care. Fisk says he developed USG after realizing he also couldn't trust the vendors of USB-based components. "Do you know who developed your flash drive's firmware" Fisk asks, "It's probably not the company name printed on the packaging." "Has the firmware been audited for backdoors and malicious functionality? Can you confirm that the firmware running on your drive hasn't been maliciously modified during or after manufacture?" These questions drove him to create USG using off-the-shelf development boards. He then wrote custom firmware to power these boards and make USG work as USB devices should, only focusing on the data transfer, and nothing else. Fisk open-sourced USG's firmware on GitHub. USG drawbacks Of course, this has its drawbacks. A lot of the noise traffic on USB devices is the firmware negotiating connections and improving data transfer speeds. These things are not included in USG, as they are the attack vectors for BadUSB. As such, the recently released USG v1.0 only supports a data transfer speed of up to 1 MB/s, much inferior to commercial USB devices that work in the range of tens of MB/s. In addition, USG only supports USB mass storage (flash drives), keyboards, and mice, but Fisk promises to add support for other types of USB devices in the future. People can buy or make their own USG Fisk says that anyone can make their own USG devices using off-the-shelf development boards, but if they don't have the skills, he's also selling USG devices for around $60 + shipping. "My reputation hinges on the integrity of this project," Fisk explains. "This includes the integrity of the hardware I am offering for sale. This is why I will never outsource the manufacture of USG hardware to another country." "The USG is assembled in New Zealand under my direct supervision, and the firmware is programmed from a secure device by yours truly," the developer adds. "USG devices delivered by post have tamper-evident seals placed around the case, so any attempt to reprogram the firmware is visible." Fisk recommends USG for companies and people who want to protect crucial workstations, or for people who travel a lot and have an USB flash drive they often connect to many untrusted computers. The only downside to USG (by design) is that it doesn't distinguish between good data and bad data. Malware stored on an USB flash drive can pass through USG without any warnings since the malware is just a random blob of data to USG. For malware attacks, you'll have to rely on an antivirus. Source
  19. The vendors were told about the problem and have yet to patch things up, leaving the door open to attackers It seems that security researchers have found some bugs in Java and Python which allow attackers to go around any firewall defenses. Over the past few days, two different researchers - Alexander Klink and Timothy Morgan of Blindspot Security - expressed their concern over a new vulnerability they say occurred because Java does not verify the syntax of user names in its FTP protocol. Despite the fact that connecting to FTP servers can be done with authentication, Java's XML eXternal Entity (XEE) doesn't check for the present of carriage returns or line feeds in usernames, which poses a security threat. Attackers can terminate "user" or "pass" commands, inject new commands into the FTP session and connect remotely to servers in order to send unauthorized email. "FTP protocol injection allows one to fool a victim's firewall into allowing TCP connections from the Internet to the vulnerable host's system on any "high" port (1024-65535). A nearly identical vulnerability exists in Python's urllib2 and urllib libraries. In the case of Java, this attack can be carried out against desktop users even if those desktop users do not have the Java browser plugin enabled," Morgan writes. The vulnerability can be exploited in several ways, including to parse malicious JNLP files, conduct man-in-the-middle attacks or engage in server-side request forgery campaigns. Delayed response The vendors have yet to patch the bug, despite the security teams of both companies being notified. Python was informed of the issues in January 2016, while Oracle was told about it in November 2016, indicating just how long the researchers waited before exposing the problem to the world. Hopefully, now that it's all public, the two vendors will actually patch things up in order to avoid a wave of attacks using these particular bugs. The recommendation, until then, is for both enterprise players and the general public to disable classic mode FTP by default. Source
  20. SAN FRANCISCO—Google may have sent the tired castle analogy of network security’s soft center protected by a tough exterior out to pasture for good. On Tuesday at RSA Conference, Google shared the seven-year journey of its internal BeyondCorp rollout where it affirms trust based on what it knows about its users and devices connecting to its networks. And all of this is done at the expense—or lack thereof—of firewalls and traditional network security gear. Director of security Heather Adkins said the company’s security engineers had their Eureka moment seven years ago, envisioning a world without walls and daring to challenge the assumption that existing walls were working as advertised. “We acknowledged that we had to identify [users] because of their device, and had to move all authentication to the device,” Adkins said. Google, probably quicker than most enterprises, understood how mobility was going to change productivity and employee satisfaction. It also knew that connecting to corporate resources living behind the firewall via a VPN wasn’t a longterm solution, especially for those connecting on low-speed mobile networks where reliability quickly became an issue. The solution was to flip the problem on its head and treat every network as untrusted, and grant access to services based on what was known about users and their device. All access to services, Adkins said, must then be authenticated, authorized and on encrypted connections. “This was the mission six years ago, to work successfully from untrusted networks without the use of a VPN,” Adkins said. Implementing BeyondCorp required a new architecture, said Rory Ward, a site reliability engineering manager at Google, with a sharp focus on collecting quality data for analysis. The first step was to inventory users and their roles as their careers at Google progress, essentially re-inventing job hierarchies, and assessing how and why they need to access internal services. The same intimacy was needed with respect to device information, requiring construction of a similar inventory system that tracks all devices connecting to services through its lifecycle. For the time being, Ward said, this applies to managed devices only, though in the future he hopes to extend this capability to user-owned private devices. With that in place, Ward said Google engineers went to work building a dynamic trust repository that ingested data from more than two dozen data sources feeding it information about what devices were doing on the network. Policy files would describe how to define trust for a device and that would be done dynamically. “The trust definition of a device can go up or down dynamically depending on what was done and what the policy says,” Ward said. “We have complete knowledge of users, devices and an indication of trust of every device accessing Google systems.” Next, an access control engine was developed to enforce policy; it has the capability to ingest service requests along with user and device information and apply and enforce policy rules for accessing resources. For example, Ward said, to access source code systems, one would have to be a full-time Google employee in engineering and using a fully trusted desktop. This part of the rollout, Ward said, took two to three years to implement and brought Google closer to its goal of enabling access from anywhere. The final part of the rollout, Adkins and Ward said, was the implementation phase. While the project had executive support, there was a caveat: Don’t break anything or anybody. This was a tall order given Google’s tens of thousands of internal users and devices and 15 years of assertions about a privileged network. Ward said the expensive first step was to deploy an unprivileged and untrusted network in every one of Google’s approximately 200 buildings. Engineers grabbed samples of traffic from its trusted network and replayed it on the new untrusted network in order to analyze how workloads would behave. An agent was installed on every device in its inventory and every packet from those devices was also replayed on the new network to see what would fail as unqualified. This was a two-year process as well, and as it turned out, the project successfully chugged ahead to its full implementation. “We managed to move the vast majority of devices, tens of thousands of devices and users, onto the new network and did not manage to break anybody,” Ward said. Adkins said that earning executive support required making convincing arguments about this initiative making IT simpler, less expensive, more secure and employees happier and more productive. “Clear business objectives are compelling to executives,” Adkins said. “We went from location-based authentication and knowledge-based authentication that relies on quality data. Accurate data was the key to be able to make this thing work.” Article source
  21. Firewall App Blocker 1.5: Easier Windows Application Blocking Firewall App Blocker 1.5 is the latest version of the popular third-party program for Windows to block applications from accessing the Internet. While you can block any process from connecting to the Internet using the built-in firewall on Windows machines, the process is not overly comfortable as it involves several steps to complete. That's one of the main reasons why programs such as Windows Firewall Control and Firewall App Blocker are popular. Firewall App Blocker 1.5 Firewall App Blocker was designed to improve the process of allowing or blocking applications in Windows Firewall. The portable program extends Windows Firewall in this regard. To use it, download the latest version of the firewall program from the developer website (linked in the summary box below this article), and extract the archive that it is provided in. The program is provided as a 32-bit and 64-bit application in the program folder after extraction. The 64-bit version of the application is a new feature of this release. If you have used the last version of the program, released in 2014, you may notice differences immediately. The outbound and inbound rules are now separated, so that it is easier to keep an overview. All existing rules are listed in the interface. Each entry is listed with its name (usually program name and filename), the location on the disk, whether the rule is enabled, and the action (allow, block). You can sort the data with a click on a column header, for instance to display all active rules, or all rules that block connections. Add process is another new feature of Firewall App Blocker 1.5. You had to select programs on the disk in previous versions to add rules for them. With the new add process option, it is now possible to pick running processes as well which makes it easier as you don't have to browse the system for the file location anymore. Another feature that adds to the comfort level of the program is the add a folder option. It blocks all executable files in the selected folder automatically. This is useful if there are multiple executable files in a folder that you want to block. Instead of selecting each executable file individually, you'd simply block the whole folder using the program. How that is done? Simple: click on File > Add Folder Contents, and select the folder using the file browser that opens. This adds all executable files of that folder to the block list. Please note that this is a one-time process. The folder is not monitored for new executable files. So, any executable file placed in the folder after you run the operation is still allowed to run. You need to re-run the add folder option in this case or add the new executable file manually. Firewall App Blocker supports a new and handy "block all Internet" feature which you can toggle with a click on Firewall > Block Internet. You may use the same Firewall menu to disable the firewall as well. What else? The program window is resizable now, and you may change the font used by the application to display the firewall rules in the list. Last but not least, there is a new whitelist mode feature which blocks all processes from connecting to the Internet except for those on the whitelist. You switch between default mode and whitelist mode in the firewall menu. Closing Words The Firewall App Blocker 1.5 update improves the program in several significant ways: 64-bit program support, the new whitelist and folder blocking features, and the new handy process blocking options. Now You: Which firewall, and program, do you use on your machines? Source
  22. Sphinx Windows Firewall Control A guest post from Noel Carboni: Firewall software is responsible for blocking or allowing network communications. A lot of folks who care about security and privacy visit AskWoody.com, so I want to let everyone here know about a good piece of 3rd party firewall software that’s just been released: Sphinx Windows Firewall Control version 8 http://www.sphinx-soft.com/Vista/index.html Essentially Sphinx Windows Firewall Control offers, for Win 7, 8, and 10 users, the practical ability to set up and manage a “deny outgoing connections by default” configuration. The Sphinx Windows Firewall Control application works with the Microsoft-provided Windows Filtering Platform / Base Filtering Engine, where the “dirty work” of actually gating network connections is done. The filtering platform is a mature, working system component that has been around for a while now. Out of the box, Windows of course provides the Windows Advanced Firewall, but in its default configuration it really doesn’t do much to enhance users’ privacy and security, since it allows all outgoing communications by default. That made some sense when we actually trusted the OS maker to have our backs. Now… Think of the Sphinx Windows Firewall Control software package as a different, better, user interface for managing the firewall configuration on the PC, and in fact it CAN run alongside the Windows Advanced Firewall – there is no coupling between the two – though in practice you really want to just shut off the Windows Advanced Firewall and manage firewall operations entirely with the Sphinx software. Having both active would just lead to confusion. But the really neat part – the thing that’s really special about this new version 8 release – is that the firewall configuration can now be managed using names, not addresses. That’s very significant. It changes the effort in setting up and maintaining a firewall configuration from impractical to almost trivial, given today’s networking that’s rich with server banks and content delivery networks (where a given host name can resolve to many different addresses). It means, in layman’s terms, that if you want to allow site svc.anksvn.net to be contacted you just enter the name svc.anksvn.net into a zone rule and you’re done. You don’t have to figure out that this name can resolve to any of multiple different network addresses and enter them all. And you don’t have to try to figure out when a new server at a different address is added or one of them is taken offline in the future. I can’t stress enough how much managing the firewall configuration by name simplifies the setup and greatly reduces ongoing maintenance. It literally changes it from practically impossible to something that can be taken to a very detailed level and still kept up. I personally am a control aficionado and have what some would call quite a pedantic setup, where EVERYTHING is controlled to the finest point. The Sphinx software sets up a workable default configuration, but I’ve developed my own configs completely from scratch. I’m quite willing to share them if it can be helpful to others to see what I’ve set up. I have literally not had to make any changes to my Sphinx firewall configuration in weeks. It really is possible to develop a practically “set it and forget it” configuration that lets you do normal things without exposing you to new threats. Some observations, after using this software for quite a while: Seeing what Windows tries to contact in the Events pane of this software gives one a warm feeling of knowing what’s happening on your system. Logging can be managed by application – meaning you can, for example, log everything your services do online but suppress logging of sites you visit with your browser. There’s a UI panel for the events (that you can, for example, clear or filter for certain things), and there’s a bona fide geek level log put in a file as well. It offers complex-enough configuration capabilities to set up most of the system to run in a deny-by-default mode, yet some applications (e.g., your browser or Skype) can be set to allow-by-default – with exceptions to both of course. So, for example, no newly installed program will be allowed to contact online servers until you add a rule to allow it, and conversely your browser can contact previously unvisited websites without any pop-up, yet still be blocked from contacting certain bad ones. New / unexpected attempts to make network connections are blocked with a pop-up that has a “horror movie” violin sound effect (which you can change if you like), at which point you can choose to either allow future such attempts or continue to deny them. What this means is that once you’ve got things initially set up, ongoing maintenance because of changes e.g., installing new software is essentially reactionary. In this day and age, knowing communications you have NOT allowed ahead of time will NOT succeed is comforting. This software has your back. There is a rich configuration interface. A change, for example, to allow or disallow Windows Updates is trivial for me. I just change the zone assigned to the Host Process for Windows Services (svchost) and it’s done. Thus no update will occur unless I specifically set the system up to do it. Through the Domain Names tab you can set up a list of security servers that are always allowed system-wide (e.g., machines serving the ocsp protocol that your system contacts when verifying code signing certificates, etc.). You can also set up a list of servers that are never allowed system-wide. Getting an indication of when an unapproved connection is attempted, by what application, and to what server, is very valuable in learning what needs to be reconfigured or tweaked via registry settings to make a system more private. Do that for a while and you end up with a Windows system that doesn’t even try to spill the beans. No matter what rules a software installer (e.g., a telemetry update) might try to add to the Windows Advanced Firewall they don’t affect the Sphinx Windows Firewall Control configuration, so you’re still in complete charge of what is being allowed or denied. I have been working closely with the author all through the beta testing period of the name-based software, and I have run the package through all kinds of harsh tests. He’s a smart, careful engineer who has been very responsive to feedback. As a result, the software really works. I use the Network/Cloud edition on all my systems. I am not associated commercially with this product in any way. The only connection I have is that I have been a beta tester all through the development of version 8 and some time before that. Noel Carboni Source
  23. Show of hands—How many of you have heard someone say something like this: “You don’t need an extra firewall. The one that comes with Windows is sufficient for home users”. While this may be true for the default settings when it comes to protection, how many who have heard this remark are able to check which programs have added themselves to the list of allowed programs? Find the settings Let’s take a look. You can find the settings for the Windows firewall under Control Panel > System and Security > Windows Firewall > Allow a program or feature through Windows Firewall. Despite the title “Allow a program or feature …”, this is also the place where you can remove them from the list of allowed programs and features. Changing the settings To get started, click the “Change settings” button. This requires Administrator rights and, after execution, you will see that the tick boxes are no longer grayed out. Effectively, you can check here if everything that has permissions to connect are programs you trust, or whether you actually feel that they need to have these permissions. Some programs can be trusted to run on your computer, but there might be no real reason for them to make outside connections. The method above can be rather painstaking, especially if you have a large amount of programs installed. Not to mention all the (undoubtedly) confusing names. Malware authors are sometimes counting on our reluctance to disable anything made to look like it’s related to Microsoft, Windows, or Internet Explorer. “Who knows what will stop working if I disable that?” An easier way to check To make it a little easier, you can use a program that makes a log and uses whitelisting, so all you have to do is take a look at the remaining entries. One such program which is very popular at many tech help forums is FRST. If you download FRST (make sure to get the right version) and run it, make sure there is a tick in the “Addition.txt” field if you want to look at the firewall section. Once “FRST.txt” and “Addition.txt” are ready, you will be prompted. Click OK on both prompts, and the logs will be saved in the same folder as “FRST(64).exe”. A typical firewall related section of FRST will look like this: ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3297B962-0770-4831-890E-FEF6510610E4}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe FirewallRules: [{8D2A05D2-99CF-487E-A1B9-F8564A86F6A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{E5055742-8397-4AFB-BDD9-DF9CFB3B2C4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{64DC59A3-D99D-4926-8010-A4006CC83EC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{AD102C3A-3D40-4A47-9483-AB5C8FC40D25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{06100084-A816-405E-B3E8-965FD63E1B8F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{8B8C1A5C-20E0-4B64-BC6B-705C4B002763}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [UDP Query User{1D2F5D5C-673D-4480-A385-C362D7BE39F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{16301F9C-A2E7-4758-894D-18B300A6E0F9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{47F0B7D0-D0EA-403F-9D8B-0A1F92E5E84E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{88724164-66B1-4D9B-97BD-76BDBD486E3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2A926726-D200-4CAD-9A56-7D6B10516B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{CAE1A4B8-4C29-4929-A508-D2B2D89AFEAA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{1AB7A511-8CC3-4032-936D-6E6121445CF5}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{5B7AD292-902A-44BE-A6F1-E276DC1E4E89}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{854E69F5-896D-4BF9-A5EB-F1C645E8EBD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{006610CB-49E1-4F19-BB70-783191B21F91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe If you need help analyzing one of these logs, we recommend asking for help on our forums. Malware adding allowed programs So, if it’s so difficult to find and get rid of unwanted entries, it must be really hard to add one, you might think. Unfortunately, that’s not true. If a program is run elevated—with Administrator privileges—all it has to do is run a command like the example below: netsh firewall add allowedprogram "C:\Users\{username}\AppData\Roaming\Tr.exe" "Tr.exe" ENABLE This example is taken from a Trojan that runs this command to grant itself internet access. After which, it downloads additional malware. Of course, this is not only true for malware. Every program and installer that runs elevated has the ability to add programs to the “Allowed” list, which is exactly the reason why we recommend regular checks to see which programs are allowed if you are relying on the Windows firewall alone. Some might argue that this is true for every firewall, and they would be right in my book. It never hurts to check your firewall settings, certainly not after cleaning up an infection. Conclusion While the built-in Windows firewall may offer adequate protection, this is only true if you check the settings on a regular basis, and certainly immediately after removing an infection. Links Netsh Commands for Windows Firewall Article source
  24. werty12345

    NetBalancer 9.5.6

    NetBalancer is an internet traffic control and monitoring tool designed for Microsoft Windows XP, 2003, Vista, 7, 8 with native x64 support. With NetBalancer you can: Set a download and/or upload network priority or limit for any process Manage priorities and limits for each network adapter separately Define detailed network traffic rules Group local network computers and balance their traffic synchronised Set global traffic limits Get detailed statistics and totals about your data usage Show network traffic in system tray and much more! Homepage: https://netbalancer.com Release Date: 21-Sep-2016 Update 9.5.2 - 9.5.6: Bug fixing and stability improvements. Features: https://netbalancer.com/features Download: https://netbalancer.com/downloads/NetBalancerSetup.exe
  25. A type of denial of service attack relevant in the 1990s has resurfaced with surprising potency against modern-day firewalls. Dubbed a BlackNurse attack, the technique leverages a low-volume Internet Control Message Protocol (ICMP) -based attack on vulnerable firewalls made by Cisco, Palo Alto, SonicWall and others, according to researchers. TDC Security Operations Center, a security firm that published a technical report (PDF) on BlackNurse this week, said the attack is more traditionally called a “ping flood attack.” In this type of assault, traffic volume doesn’t matter as much as the type of packets sent, researchers said. In a description of BlackNurse, an attacker causes a Denial of Service (DoS) state by overloading the firewall’s host CPU. “When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet,” according to TDC. It’s unclear why the ICMP Type 3 Code 3 requests overload firewall’s CPU. However, researchers at SANS Internet Storm Center believe it’s tied to firewall logging. It’s a theory bolstered by TDC’s own description of the impact of the attack. “Firewall logging during the attack can increase the impact from the attack, which means that the firewall gets even more exhausted,” TDC wrote. BlackNurse attacks are similar to, but not to be confused with, related ICMP Type 8 Code 0 attacks, also called a ping flood attack, according to TDC. “ICMP based attacks in general are a well-known attack type used by some DDoS attackers,” TDC wrote. Researchers explain: “The BlackNurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers’ operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack.” Noteworthy, BlackNurse DoS attack volume intensity hovers between a paltry 15 to 18 Mbps (or 40 to 50K packets per second), according to researchers. That’s in stark contrast to the 1 Tbps DDoS attack recorded against DNS provider Dyn last month. The low volume DDoS attack is effective because the goal is not to flood the firewall with useless traffic, but rather to drive high CPU loads. To that end many firewall vendors protect against ICMP-based attacks. But blocking all ICMP types and codes isn’t an option, for fear that something will likely to break down, TDC said. In fact, security firm NetreseC points out in an analysis of BlackNurse that Cisco warns: “We recommend that you grant permission for the ICMP unreachable message type (type 3). Denying ICMP unreachable messages disables ICMP Path MTU discovery, which can halt IPSec and PPTP traffic.” As for vulnerable firewalls, TDC singles out some Cisco ASA firewalls. According to a SANS Internet Storm Center report on BlackNurse, Cisco firewalls that are newer, larger and are multi-core appear to be fine. However, SonicWall and some Palo Alto firewalls appear to be vulnerable, according to Johannes Ullrich, dean of research at SANS Technology Institute and author of the SANS ISC post. Cisco, SonicWall and Palo Alto were contacted for this report, but did not reply. Testing for BlackNurse, suggests TDC, includes allowing ICMP on the WAN side of a firewall and conducting tests with the tool Hping3, a free packet generator and analyzer for the TCP/IP protocol. Detection includes adopting SNORT IDS/IPS rules to spot the attack, according TDC which outlines its own rules. Mitigation includes creating a “list of trusted sources for which ICMP is allowed and could be configured” and “disabling ICMP Type 3 Code 3 on the WAN interface,” TDC said. Article source
×