Outpost default rules

B

BVV

1
A newly installed programs had access to the internet, although Outpost was in 'Block most mode'. Solution: disable Allow loopback option. Isn't it strange that this can happen with the default settings?
It didn't do any harm because it was a normal program, but it seems to be very risky.
 
L

LTR12101B

1
Was it the "local proxy leak" scenario?

If you use a HTTP local proxy (such as proxomitron) - and also allow loopback, any program will be able to use the local proxy to get out. When using local proxy, you must disable global loopback - and then the application may be granted loopback to allow access - and to WHAT might need to be in the rules for the proxy.

I do not know of that option causing vulnerabilities in any other circumstance.

You may also like to disallow gloabal DNS access, and set a rule for that (to port 53) for each program that needs it.
 
Last edited:
B

BVV

1
That must be it, I do use the proxomitron.

"You may also like to disallow gloabal DNS access"

I just did.

LTR12101B, thanks for your advice. It was really helpful.

Just out of curiosity, why would 'allow loopback' be enabled by default? As I know now potentially it leaves a hole in a firewall. There must be some advantage to accepting this risk and enabling it by default.
 
L

LTR12101B

1
There are things which might uses local connections (loopback), so allowing it globally reduces the number of ordinary users with complaints - but it's a ticking bomb if you use any kind of local proxy.

Don't be too relaxed though
h**p://www.pcflank.com/art21.htm

Malicious misuse of Internet Explorer as an outging service seems damn near impossible to prevent.

TooLeaky - a simple test, but probably the hardest to block.
 
FortiTude

FortiTude

1
i heard about that type of outbound and it's a really good, if you are a ie user, you won't detect it, but if you always use other browsers and don't have a rule for ie (like me) kerio for example will detect it
but the new Kerio 3 will detect it even if you have a rule for ie set up because it detects that the leak application tries to start a IE window and you can prohibit that
kerio rules all traffic :)
FortiTude
 
B

BVV

1
I just did a test with Firehole. Outpost did nothing at all, damn.

I think I just might give Kerio a try.....(notoriously difficult to make good, secure rules for it ?!?!?!)
 
You must log in or register to reply here.
Top