Network – Windows Firewall Inbound and Outbound Rules Do Not Work

I have a programmable Logitech mouse (G600), which requires the complete installation of Logitech software. With Process Explorer, I recently noticed that some "LCore.exe" files contain a lot of network submissions. For example, after letting the process explorer run for a few minutes, I see this (542 network submissions):

enter the description of the image here

All I use with the software, is to program the extra buttons on the mouse, so that it is totally useless to have access to the network. I have therefore created inbound and outbound rules in Windows Firewall (which is enabled), supposed to block LCore.exe on all types of networks (public and private) from sending or receiving information on the Internet.

More precisely, for this file:
C:Program FilesLogitech Gaming SoftwareLCore.exe
The action is to "block the connection" on domain profiles, public and private for incoming and outgoing transfers. However, after creating the firewall rule and restarting the computer, I checked the process explorer to find:

enter the description of the image here

So, it is clear that he is still accessing the network despite my firewall rules. Can someone explain why? I do not understand how the Windows Firewall works, is Process Explorer wrong, or does Logitech find a way around this problem? What should I do to completely prevent this program from accessing the Internet?

aws – custom header – difficult to guess & # 39; (or similar) to the whitelist via a firewall

My organization adds a firewall to our test stacks, with the help of AWS WAF. We would like to whitelist all the traffic from the SDKs we have created to facilitate requests between our services.

We considered using a request header "X". custom, then matching AWS AWAF regexp terms to compare it to a non-trivial model to guess.

I understand that it would give a very minimal level of protection; The idea is to prevent random browsing from search engines or easy access for anyone knowing the URLs. In other words, we do not need protection or expect to protect it from informed or motivated attackers.

I can not find a precedent for this posting. Are there similar examples or better ways to achieve something similar to our goals? (Not significant security, but first degree of confidence in the origin of demand)

firewall – How to close port 445 (Apple Time Capsule smbd)

My default Apple Time Capsule configuration has port 445 (Apple Time Capsule smbd) open to the world. Online port scanners (shodan / detectify.com) show me that. What is a bit worrisome is the version "SMB Version: 1" and I do not need to share files with the world via SMB.

Is it possible to disable this and how could I do it?

Can Airport Utility do it?

What machine learning algorithms are used for zero day attack detection by firewall companies such as Fortinet?

  • How do firewall companies like Fortinet use artificial intelligence algorithms to detect malicious traffic and zero day attacks?
  • Which machine / deep learning algorithms are used for this purpose?

Networking – No connection with an open port in a single firewall (UFW) on a local network

My settings on a small server are like that

 $ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere                  
22                         ALLOW       192.168.100.0/24          
90                         ALLOW       192.168.100.0/24          
31337                      ALLOW       192.168.100.0/24          
3438                       ALLOW       192.168.100.0/24          
9000                       ALLOW       192.168.100.0/24          
9090                       ALLOW       192.168.100.0/24          
445                        ALLOW       192.168.100.0/24          
8200                       ALLOW       192.168.100.0/24          
1900                       ALLOW       192.168.100.0/24          
22/tcp (v6)                LIMIT       Anywhere (v6)          

The device I want to connect to the server uses port 3438 and has the IP address 192.168.100.69. The server has the IP address 192.168.100.169. I run a second server that is almost identical and there are no problems connecting the device with the same settings.

I can connect to the server using a graphical user interface with port 9000. The service on the server I want to connect to is active and running. (This is a logitechmediaserver.) So, it's just port 3438 that still seems stuck.

/var/log/ufw.log looks like this:

Sep 10 08:43:22 RPi3 kernel: (59546.635454) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:00:04:20:1e:1e:98:08:00:45:00:00:2c:2d:ea:00:00:40:06:02:4$
Sep 10 08:43:33 RPi3 kernel: (59557.638106) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:00:04:20:1e:1e:98:08:00:45:00:00:28:2d:fb:00:00:40:06:02:3$
Sep 10 09:13:32 RPi3 kernel: (61356.620129) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:00:04:20:1e:1e:98:08:00:45:00:00:65:32:c5:00:00:40:06:fd:2$
Sep 10 09:13:32 RPi3 kernel: (61356.739031) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:00:04:20:1e:db:e6:08:00:45:00:00:65:b9:26:00:00:40:06:77:2$
Sep 10 09:13:53 RPi3 kernel: (61377.373901) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:80:2a:a8:df:d3:b3:08:00:45:00:00:34:61:65:40:00:32:06:dd:7$
Sep 10 09:13:54 RPi3 kernel: (61378.622169) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:80:2a:a8:df:d3:b3:08:00:45:00:00:34:61:66:40:00:32:06:dd:7$
Sep 10 09:13:55 RPi3 kernel: (61380.059084) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:80:2a:a8:df:d3:b3:08:00:45:00:00:34:43:a3:40:00:33:06:32:9$
Sep 10 09:13:57 RPi3 kernel: (61381.185812) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:80:2a:a8:df:d3:b3:08:00:45:00:00:34:61:67:40:00:32:06:dd:7$
Sep 10 09:14:10 RPi3 kernel: (61394.395071) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:80:2a:a8:df:d3:b3:08:00:45:00:00:34:43:a4:40:00:33:06:32:9$
Sep 10 09:14:12 RPi3 kernel: (61396.287604) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:80:2a:a8:df:d3:b3:08:00:45:00:00:34:61:69:40:00:32:06:dd:6$
Sep 10 09:14:38 RPi3 kernel: (61423.067216) (UFW BLOCK) IN=eth0 OUT= MAC=b8:27:eb:3d:f7:ef:80:2a:a8:df:d3:b3:08:00:45:00:00:34:43:a5:40:00:33:06:32:9$

Ideas?

[Cloud Firewall] Proxy detection, VPN, Tor, Spam & Bot.

FireMason (https://firemason.io) is an IP search website offering proxy, VPN, spam, Tor and bot detection. With the help of our data, you can easily check fraud on your online store, detect malicious players in your online game and much more!

Currently in beta, but the product works very well. Looking for feedback so we can improve :)
SEMrush

integrations

We are happy to help you integrate FireMason with your service or product. Just contact by private message here.

Discounts

We are pleased to offer discounts to DigitalPoint members. Send me a message and we can discuss your specific needs :)

centos – How to configure the firewall connection in debian?

I know debian well, so I want to build my vps server with debian instead of centos.
There is a log file /var/log/firewalld both in centos and debian.
To enable the logging function of the firewall, it is easy to add the line below in /etc/sysconfig/firewalld in centos

FIREWALLD_ARGS=--debug=10

and restart the service with sudo systemctl restart firewalld.

I found that there is no directory /etc/sysconfig , should I create a directory and a file in my Debian?

mkmdir  /etc/sysconfig
touch   /etc/sysconfig/firewalld

And as in centos, this is the standard way to configure firewalld log in debian?

Blocking IPs by the firewall | Talk Web Hosting

I use a CSF firewall and the firewall constantly blocks more than 1,000 IP addresses per day, which represents 5 unsuccessful connection attempts per block. You wonder what kind of volume this type of other people are experiencing daily. Is this normal? Example:

Time: Sat August 31 02:03:57 2019 +0000
IP: 23.129.64.215 (US / United States / -)
Chess: 5 (sshd)
Range: 3600 seconds
Blocked: Permanent Block (LF_SSHD)

Enter the newspaper:

31 Aug 02:03:43 dns2 sshd (31566): pam_unix (sshd: auth): failed authentication; logname = uid = 0 euid = 0 tty = ssh user = rhost = 23,129,64,215 user = root
31 Aug 02:03:45 dns2 sshd (31566): Failed password for root from port 41921 ssh2 of 23.129.64.215
31 Aug 02:03:49 dns2 sshd (31566): Failed password for root from port 41921 ssh2 of 23.129.64.215
31 Aug 02:03:52 dns2 sshd (31566): Failed password for root from port 41921 ssh2 of 23.129.64.215
31 Aug 02:03:54 dns2 sshd (31566): Password failed for root from port 41921 ssh2 of 23.129.64.215

Thank you for your feedback!

Internet – application-based firewall application for Linux

I have a big problem. I want to block the Internet access of some applications installed on my Fedora Linux.
I can not install Douane. and OpenSnitch said in his github page:

THIS SOFTWARE IS IN PROGRESS, DO NOT WAIT FOR YOU
DO NOT RELY ON THIS FOR ANY TYPE OF SECURITY.

but I need a reliable solution, is there a solution?

penetration test – How is it possible to analyze the internal network to perform lateral movement without being detected by a firewall?

How is it possible to analyze the internal network to perform lateral movement without being detected by a firewall? I'm trying to do a proper analysis of the internal network for days. I have a Meterpreter shell, add a subnet, set the proxychains port 1080 and do a slow scan with nmap. I would like to know what other effective techniques the Pentesters use everyday.

WebServer is an ubuntu, but the internal network is full of Windows and Linux machines, providing a realistic environment for training.
I am doing these studies in a controlled environment.