Jump to content

IP block does not work


Go to solution Solved by itman,

Recommended Posts

Hi dear managers,

I did block an address in Eset Internet Security Latest version & Updated like below :  

1.png.42a1daff01802f29f273f514d7c5c53a.png

2.png.0bea7e75a3d1f568fd9883bb52a1e62e.png

I disabled all other rules to check this rule.

But still i can ping and i can open related domain to that ip in browser.

Also browse that ip is working still.

What did i do wrong?

Link to comment
Share on other sites

Posted (edited)

Marcos thanks for the answer.

I did it.

After that i rebooted windows.

Still can ping.

Still can surf ip in browser and open related domain in browser.

My eset is working well with other rules.

So what is the problem or what did i do wrong?

Is that the right way to block an ip totally in eset internet security?

Edited by Vortex_800
Link to comment
Share on other sites

I figured out what was wrong about it.

I am using proxifire + stunnel = soscks5 all the time to view youtube and facebook web sites that are filter by my ISP.

When proxifire + stunnel are open surf that ip is not block.

Also all blocked programs do n't act as deny and all of them connect to their server.

How can i prevent this action?

I thought by blocking a program it will block even using a VPN.

Link to comment
Share on other sites

For example i was blocking KMPlayer app for block ads inside it.

After connect to VPN KMPlayer deny does not work and it was showing all those adds.

How can i control it and block all desired apps even with VPN active.

Link to comment
Share on other sites

7 minutes ago, Vortex_800 said:

How can i control it and block all desired apps even with VPN active.

Open Eset GUI. Open Network Protection. Mouse click on Advanced Setup.

Open Known Networks settings. Mouse click on Edit. Verify that a Virtual network connection exists. See below screen shot:

Eset_Virtual.thumb.png.6c8f399ab44cbce59190a36f5935679c.png

Link to comment
Share on other sites

I did this.

I have two networks there :
 

Quote

 

1. Wi Fi Network

2. One Virtual Network related to vmware installed on my pc.

 

Because i am in interactive mode i chose those both networks as Unknown.

Mechanism of Proxifire + Stunnel is different from VPN.

So sorry about telling VPN in previous post.

When VPN is active programs are still blocked by firewall and this is normal and ok.

(For example OpenVPN or NordVPN)

In proxifire i chose 127.0.0.1 with socks5 port (1374).
So connection will go from proxifire to stunnel (Configured by my proxy server ip + stunnel server port) and traffic will be encrypted by stunnel and go to the internet.

So i did access to stunnel in firewall.

Example of stunnel config file :

Quote

[Filter&cl]
accept = 127.0.0.1:1374
connect = 178.20.202.13:1550
client = yes

So teach me how can i force encrypted socks5(Proxifire + Stunnel) act like VPN.

Means when it is active prevent blocked ips and softwares connect to internet even they are blocked by firewall.

Link to comment
Share on other sites

  • Solution
32 minutes ago, Vortex_800 said:

Example of stunnel config file :

Quote

[Filter&cl]
accept = 127.0.0.1:1374
connect = 178.20.202.13:1550
client = yes

So teach me how can i force encrypted socks5(Proxifire + Stunnel) act like VPN.

Means when it is active prevent blocked ips and softwares connect to internet even they are blocked by firewall.

Technically speaking, the following Eset default firewall rule should be blocking this since it only allows inbound/outbound localhost traffic to local subnet addresses:

Eset_Local.png.62e5b513318486f495aa851dfcb7fcfc.png

I therefore conclude that your encrypted socks5(Proxifire + Stunnel) setup is bypassing the Eset firewall entirely.

Sorry, I don't have a solution for this.

Link to comment
Share on other sites

BTW - are you aware that IP address, 178.20.202.13, tracks to a telecom in Serbia?

Eset_Serbia.png.b76307ed8f8c55dad85c73655aa6037e.png

Link to comment
Share on other sites

Dear i changed that ip to put it in public.

It was for test.

You know why am i trying to block apps connect to stunnel?   

Because i am certainly sure i have a FUD rootkit and keylogger and i am trying to prevent that keylogger send date out.

Even Eset could n't recognize that logger because it's changing it's signature repeatedly.

In interactive mode and when encrypted proxifire is run that logger will send data out without any notification.

I am trying to find all malicious ips and block them by power of eset.

But that proxifire + stunnel ruined this behavior.

In another topic i will explain about that logger and will ask for assistance.

But before that i should solve socks5 proxy issue.

 

Link to comment
Share on other sites

Posted (edited)
2 hours ago, Vortex_800 said:

When proxifire is run all apps can send data out through stunnel without ant notification from Eset.

Let's review Proxifier features>

Quote

Proxifier allows network applications that do not support working through proxy servers to operate through a SOCKS or HTTPS proxy or a chain of proxy servers.

With Proxifier, you can easily tunnel all a system’s TCP connections or only those you select.

Proxifier allows you to

  • run any network application through a proxy server. The software requires no special configuration, and the entire  process is completely transparent
  • access the internet from a restricted network through a proxy server gateway
  •  bypass firewall restrictions
  • "tunnel" the entire system (force all network connections, including system connections, to work through a proxy server)
  • resolve DNS names through a proxy server
  • use flexible Proxification Rules with hostname and application name wildcards
  • ensure privacy by hiding your IP address
  • work through a chain of proxy servers using diverse protocols
  • view real-time information on current network activities (connections, hosts, times, bandwidth usage, etc.)
  • maintain log files and traffic dumps    get detailed reports on network errors
  • and much more!

https://www.proxifier.com/

It is fairly obvious that when you use this product, Windows OS based firewall restrictions are non-applicable.

Edited by itman
Link to comment
Share on other sites

Posted (edited)

The beauty of this is proxifire shows all apps connected to it.

Sorry for mistyping itam > itman in previous post.

I never saw a powerful Internet Security Like Eset and this software is brilliant.

Edited by Vortex_800
Link to comment
Share on other sites

Posted (edited)

One last comment in reference to the following from the Proxifier web site:
 

Quote

Do I need to change the configuration of my applications when using Proxifier?

No, Proxifier works transparently for applications.
However, if you were using proxies before you started to use Proxifier, you should disable any built-in proxy settings. Your applications should then be configured to connect “directly” to the Internet (rather than through proxies).

Note that Eset Networking uses a hidden proxy sever. There is no way to control what it does or disable it.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...