Post Reply 
Norman Internet Control
Jul. 12, 2004, 02:25 PM
Post: #16
 
For the sake of posterity:

<script type="text/javascript"><!--
google_ad_client = "pub-8478328931373650";
google_alternate_ad_url = "http://www.tech-recipes.com/modules.php?name=Affiliates&op=psa";
google_ad_width = 120;
google_ad_height = 600;
google_ad_format = "120x600_as";
google_ad_channel ="3688695124";
google_ad_type = "text_image";
google_color_border = "FFFFFF";
google_color_bg = "FFFFFF";
google_color_link = "336699";
google_color_url = "225588";
google_color_text = "000000";
//--></script>

affiliates..ads..words that'll have you spluttering into your grits.

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 12, 2004, 04:44 PM
Post: #17
 
Jaded_Goth;

Obviously we just speak differently, that's all. You think I'm outta whack, and I won't repeat in polite company what I think. [lol] :o Big Teeth (Jes' kiddin'!)

A question isn't necessarily a complaint, agreed. But even a simple request is a subtle expression of an unhappiness, and that can be loosely translated into a complaint. Or so we think around these parts. Again, a difference not so much in language as in culture.

Quote:If cookies/active scripting/java etc is blocked in I.E.,Norman shouldn't be positioned in a manner which over-rides that.
Unfortunately, this deduction isn't quite spot-on. IE is the last stop in the data stream. If Norman sees data before IE, then of course it will see the script, etc., and display it - how could IE stop anything before it even sees it? However, if Proxo is first in the chain, and it has a filter in place to remove such scripts, then Norman should never spring into action. And BTW, in your original message, you never said that this behaviour was going on even before installing Proxo. You led us to assume that it had been going on only for as long as Proxo had been installed, and none of us picked up on that little factoid. Shame on me for not seeing that.

But I do have another idea about what might be happening. You said that you recently upgraded to XP, am I not correct? (Your first message.) In that upgrade, did XP's install routine reset IE's listening port? Is IE now using Port 80 instead of Proxo's output port (usually 8080)? What port is IE currently configured to listen to?

Here's my last clue. Can Norman be configured to listen to Port 8080 (or whatever port you assigned Proxo to use for output)? If not, then I rest my case - you simply need to ensure that Norman and Proxo are configured correctly, portwise. Should be simple enough, but I don't know for sure just what hoops you might have to jump through. But if you don't want to be constantly bombarded by these less-than-helpful messages, then you will need to put Proxo first in the chain. That way, Proxo filters the crap out, Norman doesn't see anything worth reporting, and IE just renders merrily on its way.

But wait, is Norman really a firewall? No, not in the above scenario. If Norman, or any other product, is to be an effective firewall, it must be the first proggie in the data stream. If Proxo is listening to Port 80, and Norman is configured to listen to Proxo, then it's merely another filter, and not a firewall. By definition, firewalls listen to every port, and for every service known to mankind and network engineers. When it's bound to something other than a network card, then it can't do a firewall's job, only a filter's job. I daresay that when it comes to filtering website content, Proxo runs rings around any other product on the market (or even off the market), including Norman.

If Norman is truly a firewall, then it belongs at the head of the data stream, not in the middle. 'Nuff said. Let's see what your friends in Norway have to say.

As usual, don't hesitate to ask. After all, I wasn't always this culturally literate - I had to learn by chatting it up with you blokes over there! Wink (I know, what a joker. Sigh.) None of us are gonna bite anyone's head off, that's for sure.

Thanks for putting up with us. (Well, me anyway. Smile!)


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jul. 12, 2004, 04:57 PM
Post: #18
 
Oddysey Wrote:You, my fine feathered friend, are doing it right.&nbsp; Take a bow.
When I took a bow I hit my head on the wall and got knocked unconsious for 30 minutes. Sad

Before: Banging Head ........After: Dead

LOL

�{=(~�::[Shea]::��~)=}�
How 'bout you sideburns, you want some of this milk?
This fading text is pretty cool, eh? I bet you wish you had some.
Add Thank You Quote this message in a reply
Jul. 12, 2004, 05:01 PM
Post: #19
 
Shea Wrote:
Oddysey Wrote:You, my fine feathered friend, are doing it right.&nbsp; Take a bow.
When I took a bow I hit my head on the wall and got knocked unconsious for 30 minutes. Sad

Before: Banging Head ........After: Dead

LOL
LOL!

Well, Dead looks much better than Banging Head
Visit this user's website
Add Thank You Quote this message in a reply
Jul. 12, 2004, 06:25 PM
Post: #20
 
Oddysey Wrote:A question isn't necessarily a complaint, agreed. But even a simple request is a subtle expression of an unhappiness, and that can be loosely translated into a complaint.
Which reminds me of an anecdote about the early days of the Freudian school of thought.
The psychoanalysts back then tended to interpret disbelief in their theory as psychic disharmony which needed to be analyzed. [lol]


Jaded_Goth:
That kind of script is part of every third newspage and gets filtered with the recent configs.

sidki
Add Thank You Quote this message in a reply
Jul. 13, 2004, 01:16 AM
Post: #21
 
A few points I'd like to add.

Kerio 2.xx not 4.xx is the version most prefer and there is no learning mode with it. It is still my favourite packet filter although I don't use it now.

Stealth is setting your firewall to drop packets. If all ports are not stealthed and/or you can be pinged you are not stealthed.

Being behind a router with NAT is safe from the outside, but from the inside is a totally different story. So it would be advisable to also have a software firewall for outbound protection.

Most firewalls are filters; they filter packets.

Layered protection is the way to go.

Stealth is not necessary, it is a marketing ploy. A closed port can't be opened from the outside.


These are my observations, others may vary.

Besafe
Add Thank You Quote this message in a reply
Jul. 14, 2004, 03:07 PM
Post: #22
 
Okey-dokey.

I've had a chat with Norman-who are used to explaining things to vegetables.

The long and short of it is this:Proxomitron filters webpages by requesting information from the server.It'll filter and re-arrange pages according to it's predefined rules.

The end result being that the page displayed by the browser looks infinately better than it would have done.No question.

Norman concedes with Shea's opinion that if Proxomitron deals with ads and peripheral rubbish with more finesse than Norman and as a result the pages are aesthetically more pleasing,defer to Proxomitron.Let Norman perform his firewalling duties.

Vis-a-vis over-riding I.E. security settings-this is not what is happening.In actual fact,it's more like a three-layer protection system.It hits Norman,but once the page reaches I.E. elements would be quashed anyway according to the security rules defined in I.E. e.g cookies/active scripting.

So,essentially,all I've been doing is perhaps interupting myself more than is necessary.

Norman says to turn-off the firewalls ad,pop-up,script-blocking capabilities.Leave all that to Proxomitron.The only thing that *might* happen is that I.E. makes a rogue port 80 request..
That,however,could happen sans Norman,sans Proxomitron-to expend energy fretting over that will send me spiralling into a paranoic nightmare.Y'know..I have enough to do,worrying about things I actually understand!

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 14, 2004, 04:02 PM
Post: #23
 
P.C.World-Proxomitron Stylie:

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 14, 2004, 04:06 PM
Post: #24
 
P.C.World-Norman Stylie:

Lots more blank spaces,where the ads would be.

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 14, 2004, 04:10 PM
Post: #25
 
~Sorry~

Kept getting SQL errors.I didn't think it'd been posted.

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 14, 2004, 04:11 PM
Post: #26
 
mySQL query error: SELECT id, member_id, running_time, location FROM ibf_sessions WHERE id='bc07a381a0dd936c4eabc0715d8baef2' and ip_address='*********'

mySQL error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
mySQL error code:
Date: Wednesday 14th of July 2004 12:09:44 PM

*Sigh*..what have I misconfigured this time?

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 14, 2004, 04:32 PM
Post: #27
 
Same here - the server seems to have hick-ups.
Add Thank You Quote this message in a reply
Jul. 14, 2004, 06:33 PM
Post: #28
 
Jaded_Goth;

First, don't worry 'bout those SQL errors - they bite us all in the butt, once in awhile. Except maybe for Kye-U his own self. <_<

Next, you said that you may be interrupting yourself. I don't really think so. Not until you have a firm picture in your mind of the order in which the data stream flows can you honestly say that. Did you ever resolve that question? Is it Proxo first, then Norman, or Norman first, then Proxo?

Quote:Norman says to turn-off the firewalls ad,pop-up,script-blocking capabilities.
Given the correct order of things (Norman before Proxo), I'm not so sure I'd turn off the firewall capabilities at all. That's something that Proxo simply can't handle. (Just ask JakBeNymble!)

Quote:The only thing that *might* happen is that I.E. makes a rogue port 80 request.
Define "rogue". Depends on the user's viewpoint, doesn't it? :o Big Teeth Wink

And finally, as you said, it's best to stay with the devil you do know, and try to avoid the devil you don't know (or something like that). Wink But be prepared to learn new things once in awhile - it makes for interesting conversation while sitting on the porch, gazing out at the sunset. [blink]


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jul. 14, 2004, 08:39 PM
Post: #29
 
No,no,Sweetie.

I haven't messed with the firewall.Only the componant that deals with filtering ads and pop-ups-as per Norman's instructions.It was an extra task that Norman did not need to be burdened with.

The sequence of data handling was thus:Norman,Proxo then I.E./Mozilla.Norman remains an all-encompassing capsule..Don't go confusing me again,ya meanie.
Bottom line is,according to Norman HQ,I haven't undermined security.All I've done is re-allocated the webpage filtering to Proxo.
Norman can concentrate on "blocking worms and Hackers".

Vis-a-vis rogue port 80 requests.I suppose,were the browser to be overthrown by a trojan,outgoing "calls" would be made...

*confused*....erm..is the browser now acting as both client AND server?...

And wont the hp HOSTS file play a part in protecting me against erroneously landing on any *known* bad sites?

????,??,????`????,? _J_G_ ????,??,????`????,?
Add Thank You Quote this message in a reply
Jul. 16, 2004, 05:41 AM
Post: #30
 
Jaded_Goth;

Lessee here, maybe I can keep everything in my mind at one time, and write a cohesive answer to all of your questions. But not necessarily in the order received. :P

1. It's good that Norman is the first thing in the data stream, for reasons already discussed. This also explains why, when their filtering was turned on, they showed you bits and pieces of javascript, etc. Turning it off was smart in your case, because you have Proxo. For those un-annointed souls who have yet to learn, then I imagine that Norman's filtering is better than nothing. At least you were happy with it for quite some time.

2. in re: Rogue outgoing requests..... Well, maybe I'm making a rash assumption here, and feel free to ignore me if I'm over-stepping my bounds, but I gotta take two seconds and re-hash some old ground.

Nothing gets into your browser that wasn't asked for. Bald statement, eh? But that's the truth of it. All of this so-called "push" technology is really a bunch of marketing hype that still doesn't circumvent the basic technology - in order for something to get to the browser from a server, the browser must first ask for it. That's an outgoing "call", in your parlance.

Now, be aware that most "infectious malware" gets in via bold-as-brass coding statements within the HTML code, but not all scheisse-ware is brought in that way. Moreover, when making an innocent request, say for an image file, the server may attach a hostile file along with it. Now were talking about a matter of trust, but don't worry! JD5000 and sidki3003 have both dealt with that issue quite nicely (mime types, etc.) in their config sets.

In summary, your browser is asking for stuff all the time. Open a Proxo Log window, and watch the fireworks. All those GET statements? They're coming from the browser, which in turn was told to issue them by the HTML code of the current page. Now, which one was rogue? That's the job of Proxo, first and foremost. However.....

3) The HOSTS file (no extenstion) is also of value here. The way things work, in the networking layer of your operating system, all outgoing calls are translated into IP addresses. If a HOSTS file is present, it is consulted, just as if it were a mini-Domain Name Server. If a match is found, the translated IP is supplied to the "socket" layer, and off goes the "step-and-fetchit" routine. Now, if the supplied IP is 127.0.0.1, then effectively, the file has told the "outgoing caller" (your browser) to use the localhost, which we all know is just a fancy way of saying "a big fat nothing". The browser is satisfied that the request was fulfilled, and it displays all the data it got back from that IP - namely, nada.

4) in re: Client vs. Server..... No confusion necessary. The browser is always a client. A server merely reacts to input from clients. Clients initiate requests, feed them to the server, receive the responses, and process them for display. As stated above, servers don't normally do anything except respond to requests in the appropriate manner. However, a server can be made to act maliciously, but it must still be triggered by a request from a client.

5) All of which leads to this statement. 99% of all mal-ware uses a different port than 80. That's why we use software firewalls as well as hardware ones. A good firewall monitors all ports for both incoming and outgoing traffic, for just his reason. A "rogue call" on Port 80 is unlikely, although not out of the question. It's just that many crap-ware authors know that if the browser is active, then their little craplet won't be able to use Port 80 for the nonce. (A feature of the socket layer in the OS). Waiting for the browser to close doesn't do them any good, so they just write their own clients, which then contact a significant server on some other port, and voila! you're hosed.

BTW, extra points if your firewall also monitors outgoing requests by program name. If you can authorize individual proggies on a given port, and block all others, then you are light-years ahead of the game. This is a good thing. Big Teeth

And last but not least, have I Welcome'ed you to the Forum yet? If not, then please accept my aplogies for being so remiss. Glad to have ya aboard! Hope you've stocked up on sea-sickness pills, because it's a roller-coaster of a ride! [lol]


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: