Announcement

Collapse
No announcement yet.

Windows Vista Firewall; Block an application from using a specific port?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows Vista Firewall; Block an application from using a specific port?

    Hello all,

    I'm trying to configure a Vista Ultimate x64 machine. Ultimately I'd like to block a certain application from communicating on a certain port. Namely port 80. The app needs to communication over some ports, but not all of it's possible ports. Unfortunately, the app itself cannot be modified. I've been playing around with various rules within the LGPO editor but I think I'm asking too much from Windows Firewall. I know I can block a port and I also know that I can block an application, but I can't seem to block a combination of application and port. I've searched around and it seems that this isn't possible. Before I give up totally, does anyone know if you can do such a thing with Windows Firewall? Are there any other software firewalls out there that can do this? Does it seem unreasonably granular to want to do this? To me it seems to be a rather simple need.

    Thanks all! Happy New Year!
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

  • #2
    Re: Windows Vista Firewall; Block an application from using a specific port?

    More simpler is to block the destination IP addresses on your network firewall.
    The app simply can't access those addresses even when they are (or start using) a random port.
    Also an app will always use a random port, but it's destination is fixed. Therefor you need to block it's destination port and not it's source port.

    Simple example, run netstat -an after opening a few browser sessions to different websites.
    Wanna bet you have a different source port for each session

    Edit: I believe you can also specify the destination addresses with vista
    Last edited by Dumber; 1st January 2009, 22:41.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Windows Vista Firewall; Block an application from using a specific port?

      I thought I had drilled down far enough into the topic, but apparently I had not. Firstly, it does seem to be possible to block a certain application form using a certain port. Just not from within the "New Rule" wizard. Once the rule has been created, just go to the "protocols and ports" page and specify the port of interest for the local and remote connections.

      Second, thank you Dumber for schooling me on TCP/IP. I was reminded of how outbound requests use transient ports and not the same port that they send the traffic to (that caused me to slap my forhead and utter a hearty ďDuh!Ē). I guess what I'd like to do now is find a way of preventing the application from using HTTP based communication. Of course, thatís an application layer filter and I really donít think Windows Firewall can do that.

      Here are some more specifics about the app that Iím working with. It's those ornery kiosk machines again (if you recall me having complained about them in previous posts ). They are set up to use an HP proprietary program called "SmartCenter" which has its own built in browser. Being that its built-in, I canít use any kind of application hashing restriction (like I did to restrict any other program from being opened like IE) to keep the browser portion of it from running. I have to keep it from accessing the interwebs with some networking trickery. I'd like it to still be able to have some network access for the built-in weather and time plug-ins, but just not browse the web.

      But it gets worse. Just for giggles I create a new Windows Firewall rule that blocks the smartcenter.exe program from having any network connection whatsoever... and in spite of that it can still operate on the network browsing web pages, getting time for the custom clock and get RSS feeds. I checked for any firewall exceptions in the Firewall control panel and indeed I found a few that mentioned SmartCenter. I turned all of them off, made sure the LGPO firewall rule was enabled and even rebooted and SmartCenter still has network access.

      I think I'll go eat some cookies now.
      Wesley David
      LinkedIn | Careers 2.0
      -------------------------------
      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
      Vendor Neutral Certifications: CWNA
      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

      Comment


      • #4
        Re: Windows Vista Firewall; Block an application from using a specific port?

        I don't know what smartcenter is, but can't you simply uninstall it
        Or are those gadgets that important...
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Windows Vista Firewall; Block an application from using a specific port?

          Originally posted by Dumber View Post
          I don't know what smartcenter is, but can't you simply uninstall it
          SmartCenter is the one and only reason the two computers were purchased so uninstalling it would be a bit like taking the engine out of your new car (or the lens off of your new camera... did you get one for Christmas? ). You can do a YouTube search for "TouchSmart" to see what it's about. Hve a look at this rather rambling video review of the TouchSmart. Fast forward to :55 and you'll start seeing what SmartCenter is.


          P.S. Oddly enough, your beloved CheckPoint has some feature known as "SmartCenter"
          Wesley David
          LinkedIn | Careers 2.0
          -------------------------------
          Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
          Vendor Neutral Certifications: CWNA
          Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
          Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

          Comment


          • #6
            Re: Windows Vista Firewall; Block an application from using a specific port?

            LOL, yes I know what a SmartCenter server is when your talking about Check Point, but not from HP
            Cool video btw. Seems quite interesting. And no I didn't get a new Lens for my camera, I got a cooking book
            Ps, the Oliebollen and the Appelbeignets or also called apple fritters where great again

            ok, back on topic,
            Can't you start a sniffer to see what the destination IP addresses are and simply block them?
            Last edited by Dumber; 2nd January 2009, 16:38.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Windows Vista Firewall; Block an application from using a specific port?

              Originally posted by Dumber View Post
              ok, back on topic,
              Can't you start a sniffer to see what the destination IP addresses are and simply block them?
              Methinks I miscommunicated somewhere along the lines. SmartCenter has a web browser built into it and my desire is to block all access to web sites but keep the other components that use the network functioning. So I don't think it's really a matter of blocking destination IP addresses. Although, maybe I could find out what IP addresses the clock and weatherbug plug-in use and only allow traffic from those... and of course anything on the local subnet (I don't want to block myself from using DameWare / RDP ). Am I making sense? I wished Window's firewall could block a layer 7 traffic (and that for a specific application).

              Oh well, If I have to I'll just block all traffic coming from and going to the SmartCenter app. Those extra plug-ins that use the network aren't that important.
              Wesley David
              LinkedIn | Careers 2.0
              -------------------------------
              Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
              Vendor Neutral Certifications: CWNA
              Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
              Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

              Comment


              • #8
                Re: Windows Vista Firewall; Block an application from using a specific port?

                Well yeah, although it's the other way arround it still will work.
                Make an allow rule from client to clock ip on port 80 etcetc.
                Last rule, deny any any.

                you can even do it on the switch or firewall or.... you name it
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment

                Working...
                X