Firewall Configuration

LisaAJohnson

I have been unsuccessful, in properly configuring my Firewall to block individual IP addresses.

I am running Bit Defender Internet Security v10.

I tested this failure, by intentionally blocking a static IP address on my local network.

To attempt to configure the block of this static IP address ..I did the following:

SELECT FIREWALL TAB

SELECT ADD RULE

APPLICATION INFO, elected the default setting of "ANY"

ACTION INFO, selected DENY

NETWORK EVENTS, elected the default of "ALL"

ADDRESSES INFO

DIRECTION = BOTH

PROTOCOL = ANY

SOURCE ADDRESS = The IP address that I want to block

TYPE = HOST

What am I configuring wrong?

In the above configuration, I intentionally DID NOT INCLUDE information relating to the "DESTINATION ADDRESS" because I already have DENY MULTICAST TRAFFIC enabled.

This is extremely maddening ..and any response to this forum post, would be greatly appreciated!

Find more posts tagged with

Comments

Apache2k

I have been unsuccessful, in properly configuring my Firewall to block individual IP addresses.

I am running Bit Defender Internet Security v10.

I tested this failure, by intentionally blocking a static IP address on my local network.

To attempt to configure the block of this static IP address ..I did the following:

SELECT FIREWALL TAB

SELECT ADD RULE

APPLICATION INFO, elected the default setting of "ANY"

ACTION INFO, selected DENY

NETWORK EVENTS, elected the default of "ALL"

ADDRESSES INFO

DIRECTION = BOTH

PROTOCOL = ANY

SOURCE ADDRESS = The IP address that I want to block

TYPE = HOST

What am I configuring wrong?

In the above configuration, I intentionally DID NOT INCLUDE information relating to the "DESTINATION ADDRESS" because I already have DENY MULTICAST TRAFFIC enabled.

This is extremely maddening ..and any response to this forum post, would be greatly appreciated!

Hi,

Im very new in this forum but i try to help u if i can others, please joyn.

Please check if your ip (the one u want to ban) tuned zero. Example ip is 192.168.2.123 turns to 192.168.2.0

As far as i know if the lat number is zero ( 0 ) this means the whole network? Do u have any other rules where u gave full right to an other ip ? That one might make a conflict and the last rule is maybe not taking any action..

Did you also select Class C Netork?

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

alexcrist

Hi LisaAJohnson,

What you did wrong is that the IP you want to block should be written in the Destination field. When you click Add new rule, you'll define a rule for Outbound. That means those settings apply for applications that whant to access the network.

In other words: to ban a single IP, try this:

Application: Any

Action: Deny

Network Events: All

Direction: Both

Protocol: Any

Source: <you can select Local>

Destination: <the IP you want to block>

When you click OK, BitDefender will automatically create another rule, for Inbound, in which the IP you want to ban is written in the Source field. To check this, just click Edit Profile (it is under the Traffic list) and check the two lists.

Also, to fully block that IP, you have to move the two rules (for Inbound and Outbound) on the top of the lists in the Edit Profile window. To do this, select the rules and click the Move to Top button in each list.

Please post if this worked.

Cris.

Edit: Please try to write with a normal size text. Writing with such big letters is very inaesthetic and tiresome.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

LisaAJohnson

Thank You for reviewing my concerns, and providing valuable feedback.

HOWEVER! I did make a full attempt to try each of the above suggestions (from Cris and Apache2k) ..and NEITHER OF THE SUGGESTIONS WORKED.

I was still able to gain access to the machine that was running BitDefender Internet Security v10.

This should really be a "no brainer"

And to be honest with you, I would have always assumed that the SPECIAL RULES that I had created were working properly, until a few days ago ..when I noticed that someone was attempting to flood my machine with "Adminmistrator" login requests, so I snagged their IP address and added them to the BitDefender "DENY" rule.

With that said, I noticed 30 seconds later ..that they were still connected to my machine (and the second clue was the absense of NO POP UP NOTIFICATIONS from BitDefender)

To test the BitDefender Internet Security v10 console, I decided to block one of my own IP addresses, and when this failed ..I began to wonder.

Each machine on my network is configured with it's own permissions and levels of security. So, just because I am the administrator ..does not mean that all actions, are granted access. (so this isn't the problem)

YES, YES, the "firewall is enabled" ..so what other setting could I possibly be missing here?

I appreciate your feedback.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

alexcrist

Hi LisaAJohnson,

I have no way of testing this, because I have a direct connection to Internet (I don't have a network with multiple PC that I can use to test this issue). However, in theory, what I said above should work.

Could you send me your BD Firewall Profile files, so I can take a look at them? The files are placed in C:\Program Files\Softwin\BitDefender10\Firewall\Profiles\ (this is the default installation folder. If you installed BD somewhere else, then look for them where you installed it). Put all the files from that folder in a zip file and attach it to your next post (or send me a PM with those files).

I'll see if anything is wrong in those files.

Cris.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

LisaAJohnson

Dear Cris;

Thank you in advance for your response.

I have included the .zip file that you requested to review .

Please let me know what you conclude ..I sincerely appreciate your efforts.

/applications/core/interface/file/attachment.php?id=338" data-fileid="338" rel="">BITDEFENDER15JULY2007.zip

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

alexcrist

Hi LisaAJohnson,

As far as I can see, those files don't contain any information about any blocked IPs. All rules are defined for all IPs (Source and Destination: Any), except for two svchost.exe rules, which are limited to IP 192.168.0.1

Are you sure this is your current profile?

The only rules that these files contain are about inetinfo.exe and IEXPLORE.EXE, but they are also defined for Any IP.

Cris.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

LisaAJohnson

Hi Cris;

Once I determined that the IP addresses that I had blocked ..weren't really blocked at all, I DELETED them from the profile.

I have attached a new profile for your review.

I have created an IP address that I would like to have BLOCKED from access to my machine, as ..they repeatedly attempt to wear down the Microsoft OS cache by flooding it with an "Administrator" login.

For what it is worth, here are the credentials of the IP address that I would like to successfully block:

IP ADDRESS: 61.145.62.84

inetnum: 61.145.0.0 - 61.145.255.255

netname: CHINANET-GD

country: CN

descr: CHINANET Guangdong Province Network

admin-c: CH93-AP

tech-c: IC83-AP

status: ALLOCATED NON-PORTABLE

changed: dingsy@cndata.com 20070711

mnt-by: MAINT-CHINANET

mnt-lower: MAINT-CHINANET-GD

source: APNIC

person: Chinanet Hostmaster

nic-hdl: CH93-AP

e-mail: anti-spam@ns.chinanet.cn.net

address: No.31 ,jingrong street,beijing

address: 100032

phone: +86-10-58501724

fax-no: +86-10-58501724

country: CN

changed: dingsy@cndata.com 20070416

mnt-by: MAINT-CHINANET

source: APNIC

person: IPMASTER CHINANET-GD

nic-hdl: IC83-AP

e-mail: ipadm@gddc.com.cn

address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU

phone: +86-20-83877223

fax-no: +86-20-83877223

country: CN

changed: ipadm@gddc.com.cn 20040902

mnt-by: MAINT-CHINANET-GD

remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse@gddc.com.cn

source: APNIC

IP Addresses coming from this country are a "chronic" issue for me!

I appreciate your review ..and look forward to your additional feedback regarding this matter.

/applications/core/interface/file/attachment.php?id=339" data-fileid="339" rel="">BITDEFENDER_VERSION_O2.zip

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

alexcrist

Hi LisaAJohnson,

The files look OK. In theory, those rules should completely block that IP from accessing anything in your PC.

However, I saw in your post that the something that is trying to flood your PC doesn't have a single IP ( inetnum: 61.145.0.0 - 61.145.255.255 ). The only thing that comes to my mind right now is that, when an IP fails to connect, the someone on the other end uses another IP.

So, I could recommend you to try to block the hole subnet. Open BD Management Console -> Firewall -> Edit Profile, open both rules (with the IP) and select (at Destination or Source, whatever the case) Class B network and click OK. I hope this works.

Sadly, this is the most I can do. I don't work for BitDefender, so I can only give you some advises. If this doesn't work, it means that there is something wrong in BitDefender and you should report this on LiveAssistance ( www.bitdefender.com/Live-Assistance).

I hope you find a solution.

Cris.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

LisaAJohnson

Hi Cris!

WOW! I had no idea that you weren't on the BitDefender payroll. In my opinion, you should be. Your feedback has been generous and informative.

I did take your advice, and I contacted a BitDefender representative regarding this matter. Additionally, I asked them to take a moment to read the posts that have been made in this forum, especially this discussion, to discern a further coarse or action.

Aside from a personal use of BitDefender, I am extremely familar with the BitDefender Client Professional Plus flavor, which is perhaps ..what I should have purchased instead of BitDefender Internet Security v10.

The functionality in the upgraded flavor, seems more reasonable and accomodating for the security spet ..who may have advanced requirements from their 3rd party firewall application(s).

That may be the route that I will have to take.

Later this evening, I fully intend to terminate the "WHITELISTED" object, because I am suspicious that programatically, something is mis-configured in that portion of the application, and this may be the root cause of my immediate dilemma.

Again, Cris ..thank you for your insight, as I certainly have appreciated it!

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

LisaAJohnson

To whom it may concern;

I have certainly appreciated the efforts by the moderators of this online forum.

With that said, I would like to offer the following comments to take an "ad-hoc" approach to actually getting the BitDefender Firewall to configure and DENY IP addresses, on an individual basis.

OPEN YOUR BITDEFENDER CONSOLE

SELECT FIREWALL

IN THE "PROTECTION LEVEL" AREA

DISABLE ALLOW WHITELIST

"BY"

SELECTING ALLOW ALL

FINALLY, SELECT THE TRAFFIC TAB IN THE FIREWALL

MANUALLY ADD THE IP ADDRESS THAT YOU WISH TO DENY

This is the only possible combination of events, that yielded the actual ..expected result. Sadly enough.

THAT IS STRIKE ONE!

If you are lucky enough, to have more than one local machine on your network ..and you can test the above recommendation, you will additionally be 'hard pressed" to recieve a "pop-up" notification that unauthorized traffic may be attempting to make a connection, EVEN IF you have ENABLED the "pop-up notification feature"

THAT IS STRIKE TWO!

And additionally, your event logs WILL NOT REFLECT the DENIED IP ADDRESS. You will have to rely on other reporting mechanisms for that information.

THAT IS STRIKE THREE!

Call me cynical, but doesn't this entire process seems a tad bit backwards to most of you?

Disappointing ..at best.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

alexcrist

Hi LisaAJohnson,

With that said, I would like to offer the following comments to take an "ad-hoc" approach to actually getting the BitDefender Firewall to configure and DENY IP addresses, on an individual basis.

BD v11 will have this feature.

DISABLE ALLOW WHITELIST

"BY"

SELECTING ALLOW ALL

I would suggest to select Ask. It's a lot safer, because Allow all practicly disables the Outbound control (except for the rules that already exist in the Firewall).

If you are lucky enough, to have more than one local machine on your network ..and you can test the above recommendation, you will additionally be 'hard pressed" to recieve a "pop-up" notification that unauthorized traffic may be attempting to make a connection, EVEN IF you have ENABLED the "pop-up notification feature"

I might be able to help here. Try to set the Firewall to Ask, not to Allow all. This way, you will always be asked when someone tries to connect (Inbound and Outbound). Of course, if there is an application that already has a rule in the Firewall, you won't receive a pop-up. But with this setting, BitDefender will not make anything without knowing your opinion.

I have this setting enabled, and I always get a pop-up when *something* wants to access my PC from outside and I don't have a rule to allow/block it.

And additionally, your event logs WILL NOT REFLECT the DENIED IP ADDRESS. You will have to rely on other reporting mechanisms for that information.

The current logs don't show the firewall's activity. This feature will be available in BD v11.

However, you can see the activity in the past few minutes by doing this: open BitDefender Management Console and go to Firewall -> Activity. Then click Show log. You'll see absolutely everything that the firewall has blocked/allowed in the past few minutes.

Cris.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

LisaAJohnson

Hi Cris!

Again, thank you for your resourceful feedback.

I have come to the conclusion, that this version of BitDefender needed an enormous amount of testing before it's release ..and frankly, I am a little to busy to baby-sit the essentials that this product lacks.

I have elected to uninstall it, and stick with the Enterprise Edition.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

Apache2k

@LisaAJohnson

Im at the same position like you and i feel exactly like as u wrote:

""Call me cynical, but doesn't this entire process seems a tad bit backwards to most of you?""

@Cris

I get the feeling that u are the only person working to bitdefender. ( i know u are not)

looks like this version 10 is a beta and all the needed stuff will be in version 11,, ummm i bought this with 2 years license hmm does this mean i have to buy version 11. I hope it will be free for us who have a beta version and did pay for it for 2 years.

@liveAssistance???

I think this should be turned down cos its empty as sahara in mid day. 24/7 must be the date

Alot of features needs to be fixed but reading all the time some updates like now we have fixed the fonts in the windows style stuff

BD IS10 was selected as the best suite in a very big IT magazine , i wonder how did they made the testing.

Im nothing against nobody but this software is turning me crazy. huhhh

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip

alexcrist

Hi Apache2k,

looks like this version 10 is a beta and all the needed stuff will be in version 11,, ummm i bought this with 2 years license hmm does this mean i have to buy version 11. I hope it will be free for us who have a beta version and did pay for it for 2 years.

Of course upgrading to BD v11 will be free. I don't know yet how exactly the upgrading process will take place (because BD AV Plus will not exist anymore and a new version, BD Total Security, will appear), but upgrading will be possible with the same licenses that you already have.

BD IS10 was selected as the best suite in a very big IT magazine , i wonder how did they made the testing.

Well, it depends by the user. For a home user this product it's fine. I'm using BD since v7, and BD IS since v10. It never have me headaches.

As far as I see on this forum, the most ugly problems are:

- BD AV Plus interface crashing: this doesn't happen on all PCs, which makes it very hard to fix because the exact cause is unknown

- problems with networks: home users, like myself, don't deal with such problems because I don't share any files on my network. For networks, you could try the Enterprise version, but I cannot say anything about how well it works, because I've never tried it. LisaAJohnson says it works a lot better on networks then BD IS.

Cris.

BITDEFENDER15JULY2007.zip

BITDEFENDER_VERSION_O2.zip