Jump to content

Recommended Posts

Does ESET recognize this protocol can I block it I do not use Google chrome so no need for it? 

Here is a link about QUIC Protocol:  https://nordvpn.com/blog/what-is-quic-protocol/

 

"There are few downsides to the QUIC protocol. It improves web communications and reduces latency, but it’s still in its experimental stages. It’s not widely adopted by other websites or web servers, nor is it supported by cybersecurity tools such as firewalls. Because of this, experimental QUIC protocol can currently open a security loophole."

Link to post
Share on other sites
Quote

An application that uses the QUIC protocol sends and receives packets using UDP port 443.

https://blog.apnic.net/2019/03/04/a-quick-look-at-quic/

As I see it a malware app would have to be installed on a device that uses the QUIC protocol. So in reality it is no different from a malware app using TCP. Bottom line - if no malware app is installed in the first place, their is nothing to be worried about. As you mentioned I believe browser-wise, Chrome is the only one using QUIC and its an experimental feature there that can be disabled.

I also believe older routers with firewalls will have an issue with this protocol since they will block external UDP traffic on port 443.  

Link to post
Share on other sites
12 minutes ago, itman said:

https://blog.apnic.net/2019/03/04/a-quick-look-at-quic/

As I see it a malware app would have to be installed on a device that uses the QUIC protocol. So in reality it is no different from a malware app using TCP. Bottom line - if no malware app is installed in the first place, their is nothing to be worried about. As you mentioned I believe browser-wise, Chrome is the only one using QUIC and its an experimental feature there that can be disabled.

I also believe older routers with firewalls will have an issue with this protocol since they will block external incoming UDP traffic on port 443.  

Of note is the following:

Quote

For those clients and servers that do not support QUIC, or for network paths where UDP port 443 is not supported, the common fallback is TCP.

This implies that the router must also support incoming QUIC traffic.

Edited by itman
Link to post
Share on other sites

When I was using Windows Firewall Control 10 (Sphinx) and Windscribe VPN, I would see Windscribe was trying to use QUIC UDP-443, Sphinx has the option of blocking QUIC in-out. Also of course, has the option regular TCP-UPD.

Windscribe VPN did not like it at first but after a couple re-starts it was normal. Gave me a more secure feeling.

QUIC can do pretty much what it wants to do behind the firewalls back since it is not recognized.

I do like the option, wish ESET had it.

Link to post
Share on other sites
1 hour ago, pipes said:

I would see Windscribe was trying to use QUIC UDP-443,

Creating an Eset firewall rule for WindscribeService.exe to block any inbound/outbound traffic for UDP port 443 should do the trick.

On the other hand, I believe Eset's SSL/TLS protocol scanning is monitoring all inbound TCP/UDP traffic regardless of port used. Assumed here is QUIC traffic has to pass through the Windows Filtering Platform. The point to be determined is if Eset can decrypt QUIC packets.

Edited by itman
Link to post
Share on other sites
21 hours ago, itman said:

Creating an Eset firewall rule for WindscribeService.exe to block any inbound/outbound traffic for UDP port 443 should do the trick.

It needs UDP port 443. It will fall back to UDP port 443 when QUIC is blocked.

It will use QUIC when a firewall does not recognize it, to me that's not good.

 

21 hours ago, itman said:

The point to be determined is if Eset can decrypt QUIC packets.

That is the million dollar question!

Thanks.😉

Link to post
Share on other sites

I did a bit more research QUIC. Appears a firewall rule to block any inbound UDP traffic from remote ports 80, 443 will shut it down completely. Created such an Eset firewall rule w/o any alerts to date. The port 80 inclusion is to block HTTP/3 traffic.

Note that anything Google based appears to be using QUIC such as G-mail. Also wonder about new Edge browser since it is Chromium based.

Also UDP is not a statefull protocol. As such, I don't see how this traffic can get through a statefull router firewall regardless of the NAT baloney it is doing.

Edited by itman
Link to post
Share on other sites

BTW - I did verify that Edge Chromium does use QUIC.

Opening it up, not "a peep" from the Eset UDP rule I added. This validates my previous assumption that this UDP traffic is being blocked by my router's firewall. Only Edge incoming traffic was TCP and I didn't observe any noticeable slowdown in Edge web page rendering.

Link to post
Share on other sites
1 hour ago, pipes said:

Just to show how WFC10 works, 

Personally, I don't care about outbound QUIC  Internet traffic. If any malware tried to connect that way, any of its corresponding UDP inbound traffic would be blocked as I noted previously.

Also Eset's TLS/SSL protocol processing only examines inbound network traffic.

Finally, I don't use a VPN. I do concede that QUIC traffic via a VPN could be problematic since a pinhole would have been created in the router firewall to allow that traffic through unimpeded. Therefore an Eset firewall rule will be needed to block that inbound traffic.

Link to post
Share on other sites

when i make an inbound block rule it will not connect to VPN (protocol any)
what would you suggest short of not using a VPN?
thanks

 

Sorry about the mess above.

2020-09-27 16_36_39-ESET Desktop view.png

2020-09-27 16_38_47-Window.png

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...