Re: BlackICE config for Kazaa Lite / K++
From: Duane Arnold (notme_at_notme.com)
Date: Fri, 20 Feb 2004 00:00:43 GMT
"CBP!!!" <firstname.lastname@example.org> wrote in news:Di9Zb.97$m47.1@newsfe1-win:
> I use Kazaa Lite (K++) and always run it with sharing disabled,
> however, I noticed today that even after a reboot I could not remove a
> file I has downloaded from the "Shared" directory - as K++ was using
> it! Im assuming this is because the file was in fact being shared. I
> have never come accross this problem before - as normally I have my
> BlackICE set to paranoid which I guess has protected me in the past -
> but on this occasion it was set to trusting (as I was using video chat
> on Messenger) and on this setting it only hides ports with services on
> and other ports if it detects a hack attempt - so file sharing via K++
> (since it would be solocited traffic) would not be blocked. My
> question is.... What manual configurations do I need to make to
> BlackICE to ensure that no matter what setting I have BI on, that it
> will never allow any file to be shared via K++ - whilst allowing me
> to still download other users files? I would also welcome feedback
> from Look'n'Stop & Tiny users if they have specific answers how to
> configure their firewalls in this way.
Well, if you're using P2P's then I don't think anything is going to
protect the machine 100% on solicited traffic and you're going to have to
live with that fact, IMHO.
As for using BlackIce, what I like to do is make two Advanced FW rules
for normal operations.
Name: Reject All TCP ports
IP Address: All
Name: Reject ALL UDP Ports
IP Address: All
I do that so if I go into the DMZ of the router and I am not on Paranoid,
then this insures that BI is still rejecting unsolicited inbound traffic.
Now, for me since my machines are behind a router, I set a rule to ACCEPT
traffic on all ports for my DHCP IP range and (static IP). The ACCEPT in
the rule tells BI to turn on the IDS for the port(s) and start looking.
Name: Linksys DHCP IP(s)
IP Address: 192.168.1.100-192.168.1.110
That rule above is turning on the IDS and is looking at the solicited
traffic coming through the router.
So, you can do the same for the P2P inbound port(s) that are being used
by the P2P program, which you can search Google for the application's
inbound ports and/or use Active Ports (free).
Name: P2P port(s)
IP Address: ALL
Type: TCP or UDP
Duration: Forever then MODE: REJECT when you're done.
I think BI really kicks in when it's setting behind another FW
application or an appliance such as a router.
Also, Enable Auto Blocking and Paranoid are set (you may need to adjust
the level) and everything else is disabled on that screen.
You should enable Logging and use VisualIce to review the logs.
Good luck to you on the P2P and know that BlackIce is not a malware