EIS v10 & v11 - Not Blocking 0-65535

[iWarren]

Hello,

 

I've posted this issue a few times already (Since August), and I hate to keep

bugging you about it, but I really need this feature to work.

 

putting a port block of 0-65535 underneath your allowed port, blocks the allowed port.

 

it was working before August, then it stopped.

Without this feature, certain applications will bombard you with port allowance requests.

(because i have it set up to "ask" to allow a port)

 

Thanks

[GT500]

If you're blocking everything except allowed ports, then is it necessary to set it to ask whether to allow connections? Or do you only do this for specific programs?

[iWarren]

Yeah thats what I eventually ended up doing, was set the "Ask to block", to "Block" automatically.

it is a specific program though, its a game server, and when it goes to refresh the server listings,

it gets flooded with port requests until it eventually has too many and blocks 0-65535 on its own.

which because 0-65535 is over-riding everything, it then blocks that 1 port i wanted to use.

so i have to delete that entry to get it to work again.

also firefox has issues with it as well, trying to connect to a random local port on startup.

right now its inconvenient, but i still think should be moved up on the priority list.

[Peter2150]

Hi Iwarren

 

you have to remember that the EIS firewall is designed for the average user who just wants to be protected without having to fool with the details.   As such that may make the priority for your request very low

[iWarren]

Our goal is to allow only whats necessary and block everything that's not.

I consider getting the Firewall back on track to be a relatively high priority.

Right now, I can't run my application, without opening up all of the ports up.

[GT500]

Has anything changed in the latest beta version of Emsisoft Internet Security? Here's instructions for installing it if you haven't already done so:

• Open Emsisoft Internet Security.
• Click on Settings in the menu at the top.
• Click on Updates in the menu at the top.
• On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list.
• Click on the Update now button on the right side.

[iWarren]

Okay, well I believe we're making progress

Using Firefox to test this. I might try something else more thorough later.
EIS V11.0.0.5935

a1.
 Blocking was not real-time when using [Remove Rule]
  I had to restart the application for the changes to take effect when removing the rule.

 Blocking was however real-time when adding a rule.

a2.
 Blocking 0-65535 TCP
  Instead of blocking all ports, i believe it is instead "allowing" all ports.

 Blocking 1-65535 TCP
  This actually works successfully, so we can pin-point it as 0 being the culprit.

 Blocking 0 TCP
  "Allowed" all ports.

 Blocking (blank, no text) TCP
  Blocked all ports

 

 

I think that clears things up substantially.

[GT500]

That's probably because port 0 is an invalid port number, and doesn't officially exist. Supposedly data can still be sent over that port, and from what I am reading it can help in identifying the operating system on the computer being probed since different operating systems will respond to probes on port 0 differently.

I've forwarded this to one of our developers.

[iWarren]

I thought of that as well that 0 might not be a valid port, however I did recall v10 didn't have an issue with 0-65535

 

though as you said, if it can be probed in such a manner, it should probably be an option to be blocked.

[GT500]

Technically the firewall should block that port if configured for default settings with the network set up as "Private". If you want to make sure that it is being blocked, then you can create a rule in the global firewall rules to block that port for all addresses and then move it above the Applications Rules in the list.