Threaded Mode | Linear Mode

***ProxRocks*** · Jan. 05, 2009, 11:27 PM

eureka! (i guess this qualifies)...

i've finally bumped into one of these "exception errors"...
only thing is, it was while running Proxo from USB on my parents' computer...

this is a complete stab in the dark, as i'm wholly, from top to bottom, unable to get this error on my own machine...

the "only" difference i can 'think' of is that mom & dad's PC allows DNS Port 53 activity for "other" software and on my machine, the ONLY program allowed to access Port 53 is Proxo and anti-virus... period... not even "svchost.exe" (WinXP) is allowed to drug-traffic across Highway 53...

i know that's grabbing at straws, but i can't think of anything else...
other than CONFIRMING, finally, that these "exception errors" are not the Mythic Unicorn i firstly perceived, lol...

Oddysey · Jan. 06, 2009, 04:53 AM

ProxRocks;

(Jan. 05, 2009 11:27 PM)ProxRocks Wrote: .........
the "only" difference i can 'think' of is that mom & dad's PC allows DNS Port 53 activity for "other" software and on my machine, the ONLY program allowed to access Port 53 is Proxo and anti-virus....

Please tell us how you get Proxo to access Port 53. I'm still laboring under the (hopefully correct) impression that Proxo only monitors Port 80 for normal HTTP traffic, and Port 443 when the SSL stuff has been activated. Having it otherwise would lead one to believe that he/she could then initiate monitoring on Port 110, the incoming SNMP port, meaning email could then be filtered. Scott said no way, and I don't recall seeing anyone successfully refute him on that point.

Oddysey

Momnewbie · Jan. 06, 2009, 11:20 AM

Hi All,
First of all, Happy New Year!
I've been following this thread since I first posted the topic - tho' to be honest, much of it is beyond my understanding D'oh!

I *have* been able to navigate around the site which initially crashed by changing the files, but I also occasionally get the ssl error at the login screen. This time when it happened, I made a note of the explanatory text about the error and it said ":443/registration/images/help_btn.gif"
Don't know if that makes any sense to anyone, but just thought I'd post it. I seem to recall that whenever this ssl error is raised, there is always something in the text about images or gifs. Could it be something to do with a combination of filters of ssl and image suppression? Have tried to check thru' my config filters but can't see one which might be activated by the site in question.
Just a thought,
Momnewbie

***ProxRocks*** · Jan. 06, 2009, 11:24 AM

Quote:Please tell us how you get Proxo to access Port 53.

Comodo Firewall Pro, version 2.4.18.184...
the "newer" Comodo is a POC...

trust me, when you DENY ALL of your other apps access to Highway 53, then PROXO does your DNS lookup...

bear in mind that WinXP's "DNS Client" (another POC) is not merely 'disabled' on my machine, it is NOT INSTALLED (removed via nLite 1.4.5 - there are newer versions of nLite, but this version seems to work best with my Adobe Reader AutoIt install script)...

bottom line, if NOTHING else is allowed access to the entrance of Highway 53, and i can't speak for any other OS, but WinXP "finds an entrance" through PROXO and my PROXO does my DNS lookup...

ps - fyi, by doing it this way, i also see a Comodo "alert" if any 30-day trialware tries to "phone home" because the "alert" informs me that "something other than PROXO" is attempting to gain access to Highway 53...

lnminente · Jan. 06, 2009, 01:46 PM

Momnewbie, maybe the problems could be related with the animations and the "freeze gif" feature, if you have enabled it, disable it and try.

***ProxRocks*** · Jan. 06, 2009, 01:55 PM

i always freeze gif's and have never ran into the "exception error" here at the office or on two machines at home...

at mom & dad's is the only place i've seen that "exception error"...

and it was when NO web browser of ANY kind was open, MS Excel and Intuit Quicken were the ONLY two programs open, neither of which was accessing the internet at the time of the "exception error"... was very strange indeed, there was NO internet traffic at all when the "exception error" popped up, nothing pointing to an image or anything either, just an "exception error raised" error dialog, click OK and all was normal...

it only happened ONCE...
and again, there was NO internet traffic at the time...
was very strange indeed...

and was also NOT "repeatable"...
it happened, i saw it happen, i clicked OK...
it never returned...
odd indeed...

**whenever** · Jan. 06, 2009, 02:14 PM

I don't freeze gifs.

In deed, I came cross three types of ssl error so far.
1. ssl start error
2. ssl close error, always related to some images/gifs, the image url will be prompted in the message box
3. ssl shutdown error, usually after I tried to exit Proxomitron when I met above errors

BTW, the only https site I filtered uses a self-signed certificate. I am not sure if that has something do with this.

***sidki3003*** · Jan. 06, 2009, 11:39 PM

I noticed the same since i switched to a new machine a year ago. With the old one (P3 600) i only saw it once every two months or so. I thought it might be a timing issue while initializing the SSL libraries, because the new machine is around 10 times faster.

After reading ProxRocks' post i remembered that i also installed a caching DNS client (TreeWalk), which listens on local_router_address:53 (UDP and TCP). IIRC only Proxomitron and Firefox are allowed to access it directly. I'm tunneling my AV (Symantec Corporate) requests through Prox.

Now i get the error with around 1 in 50 SSL connects. Randomly. However, it seems that there are some sites where i get it more often. Like https://developer.mozilla.org/ and https://bugzilla.mozilla.org/ .

Most of my other SSL connects are non-HTML docs (e.g. badge images, uncaught Flash cookies), so it's logical that such an error becomes evident there first.

***ProxRocks*** · Jan. 06, 2009, 11:53 PM

(Jan. 06, 2009 11:39 PM)sidki3003 Wrote: Now i get the error with around 1 in 50 SSL connects.

so by "tunneling" MORE Port 53 activity through Proxo, the error becomes more frequent?

my AV 53's aren't going through Proxo (i wouldn't know "how", lol)...

***sidki3003*** · Jan. 07, 2009, 12:01 AM

I don't know. Maybe an increased error rate if name lookup becomes the bottleneck while trying to initiate an SSL handshake. Maybe something entirely different.

lnminente · Jan. 07, 2009, 12:39 AM

Could it be an Event Id 4226??

<<EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts>>

http://www.lvllord.de/?url=tools

(Enabling SSL filtering to do some research... i didn't use to filter them. My SP3 system has an increased limit of 50 or 100, not sure, for events 4226)

***ProxRocks*** · Jan. 07, 2009, 12:45 AM

keep in mind, the ONLY time i've seen this error is when NO web browser is even open...
when Proxo sat "idle" for 'at least' an HOUR...
bam, out of the blue, no 'net activity at all, Proxo throws up the error...

ergo, ZERO "connections"...
ergo, not during run/exit of Proxo...
ergo, not during load/reload of a config...
Proxo running in the background, just "sitting there", bam, an error...

that's the thing that is throwing me for a loop (or would that be a 127.x.x.x "loopback", lol)...

**whenever** · Jan. 07, 2009, 03:20 AM

Quoted from sidki's openssl-0.9.8-mod-rev1.zip:

Quote:OpenSSL 0.9.8a braught a major change in the way SSL_METHOD is initialized,
apparently breaking backwards compatibility again, see:
http://www.openssl.org/news/changelog.html

For this reason the included DLLs stick to 0.9.8, but include two security
patches, implemented in the official 0.9.8c revision and above:

...

In case of future major vulnerabilies, if you found a patch from a trusted
source, or even a way to make DLL initialization backwards compatible again,
you can reach me at configbugs at gmail dot com. Asking someone with profound
C++ knowledge may be the better choice tho. ;-)

Maybe it is the time for us to upgrade to the latest openssl build?

Oddysey · Jan. 07, 2009, 03:57 AM

ProxRocks;

I guess I never really paid any attention to that one..... I always thought that the browser just went straight to the OS to resolve a URL request. The OS first consults the HOSTS file (if such exists), then any DNS caching table, then it goes for Port 53, if not resolved locally. This is usually handled on Layer 3 of the transport protocol.

However, upon reflection, I think that the browser must be reassuming the duty of going out on Port 53, if the OS can't resolve the address locally. Otherwise, how would a given Proxo filter be able to modify an outgoing URL request? I'm still not absodamnlutely sure that this is "how it all works", you understand, but it seems to stand to reason, no? Wink

Given the above, Proxo can indeed be said to be accessing, and filtering on, another port besides 80/443. A bit strange that Scott never mentioned this, nor even alluded to it when answering questions from users about how Proxo can only filter HTTP(S) requests......

Thanks.

Oddysey

***ProxRocks*** · Jan. 07, 2009, 11:31 AM

(Jan. 07, 2009 03:57 AM)Oddysey Wrote: Given the above, Proxo can indeed be said to be accessing, and filtering on, another port besides 80/443. A bit strange that Scott never mentioned this...

to clarify, Proxo does perform DNS Port 53 lookups, however, that does NOT mean that Proxo can FILTER DNS Port 53 lookups...

perhaps it is "that" that Scott was addressing more directly...

ps - my Proxo "filters" Ports 80, 443, AND 8383 (a webmail site whose URL ends in :8383)...
now, find a way for your WEB BROWSER to "access" Port 25/110 and we'll see if those "pass through" Proxo like Port 53 does...
they will NOT be "filterable", just as Proxo can NOT "filter" DNS lookups, even if it itself is performing that lookup...