Jump to content
Tuts 4 You

How to block in & out traffic?


Recommended Posts

Hi guys,

I have a new little question about networking.This time I would like to know how to block connections I/O?Maybe you would say I have just to edit the hosts file itself but is this enough?Does it block all host addresses I do enter and also all IP addresses I wanna block?Does also all get blocked for 100% or are there some backdoors to connect to any IP / Host XY also if this is marked as blocked in the hosts file?

On internet I just found some examples about blocking facebook like...

127.0.0.1       www.facebook.com
127.0.0.1       facebook.com
or
0.0.0.0       www.facebook.com
0.0.0.0       facebook.com

....does it also work with IP addresses instead?What about IP ranges?

So otherwise are there any small tools I could use to manage the stuff and to allow / disallow I/O addresses etc?So with my FW I cant do this.Some hints would be welcome.

greetz

Link to comment
Teddy Rogers

Alternative options would be to block access to these sites at router level or, if you have the capability to control and monitor your DNS queries, at your DNS server (local or cloud). Doing it this way works across all devices on the network (and/or mobile devices if cloud based)...

Ted.

  • Like 1
Link to comment

Windows HOSTS file blocks only a specific domain. No domain wildcards. No higher level domains. Not an IP address. Not an IP range. No specific ports.
There are very few reasons to use it - and judging from your questions you don't have one of those.

 

Windows have had in-built firewall since f*ing forever. You will need to switch to "advanced rules" mode - the GUI will suck but it does everything you mentioned and more.

Tutorial for Windows 7: https://www.petri.com/windows-7-firewall
Tutorial for Windows 10: https://www.faqforge.com/windows/windows-10/how-to-create-advanced-firewall-rules-in-windows-10-firewall/
And there are even "small tools" that are slightly more user-friendly: https://github.com/wokhansoft/WFN or https://www.binisoft.org/wfc.php

  • Like 1
Link to comment

Hi guys,

thanks for the infos so far.So as I said I am already using a FW (GW) at the moment but this FW is limited and I cant block IPs etc.I only can allow or not allow for any single app/s and thats the problem.So what is my goal you maybe ask.So would like to get more control and overview for my system to know whats really going on.What apps running on my system do communicate with WHO and WHEN and WHAT of course you know.

Example: Lets say I do install any app I found on any source I would like to try.Now after installing the new app tries first to connect to internet (mostly to check for any update & else +/-) and I get the message from my actually FW to allow or deny access to internet by this app.In this case its just a TRUE or FALSE option for this single app without any options and thats the bullshit.Of course I wanna allow the app to have access to internet to check for new versions / update it etc when I want it to keep this app up to date.But on the other hand I wanna just allow that only and disallow other / hidden home callings by using other internet addresses / IPs etc you know.But this I cant setup in the FW and if I just allow access to internet = allow everything.

My goal.So maybe I dont wanna control everything what happens on computer & internet but I would like to control some apps I do install by myself.

1.) First I need to find out which addresses the app does commu with which can be only one or tons of it.The count of diffrent addresses is unknown at this point so this means I need something to monitor or a Firewall what tells me directly when something does happen to allow or deny access for a specific channel.

2.) I need to block specific IP addresses for I/O or domains used by specific apps or blocking for all.

3.) How to manage this?

So I had a look into Windows Firewall and the rules for in & out goings.When I check some allow / block rules in this list then I can also not see how to allow / deny specific addresses IF I have set a rule to allow or block.You know?In this rule tab I can see on the first one below the option to allow or allow if secure or block.Lets say I set the rule on allow for example, ok.Now I click on the Aera tab where I can enter some local IPs & remote IPs.Are they to block or allow etc?Not sure about that.Or can I also just allow & block all in this rule without mixing to allow & block?So I hope you know what I mean and what I am looking for.Just wanna know what I could do before I de-install my actually FW.

greetz

Link to comment

Hey Ted,

thanks for this info about NetLimiter.I have watched some tuts on YT about that tool and how it works and using it.Seems to work similar like a FW already.I will check this tool out and hope that I can use it next with my FW (GW) etc.Will see it.

I'am already using GlassWire but this FW dosen't have that custom blocker/s rules I can set.I will send feedback later about NL tool.

greetz

Link to comment

Unplugging the LAN cable, disabling or removing WiFi adapters and airplane mode have the highest success rate here.

In a pinch, it will block all connection I/O for sure.  And if you have a random named process epidemic in your system it's probably the best option.  Or if a clandestine operation is compromised.

If you cannot touch the hardware, fluorescent lights or a generator/dynamic magnetic field or any other strong electromagnetic interference near the LAN cable should render it incommunicado.  Same goes for signal jammers for WiFi in the most likely 2.4GHz range.

Hardware firewalls are always better than software ones though most average routers people have contain only some primitive settings in this area, not like you get with a commercial firewall/router.

Software firewalls from Windows built in to all the commercial ones also an option.

Since we are into reversing though, you could also hook WinSock in a target process to make the connect call always return a cannot connect failure for a given IP.  Higher level connection methods are still built on top of it.  Might require global/system wide hooking teqhniques.  I'm not sure if there is a Windows socket service running these days which could be hooked or stopped but AFAIK the services only do things like DNS lookup or file and print sharing and other protocol level offerings

  • Like 1
Link to comment

TailsOS looks highly anonymous.  Maximal plausible deniability.

Is there really no way to block a LAN cable by placing something next to it?  Theoretically and anecdotally from bad installations what I mention should work.

  • Like 1
Link to comment
11 hours ago, Progman said:

If you cannot touch the hardware, fluorescent lights or a generator/dynamic magnetic field or any other strong electromagnetic interference near the LAN cable should render it incommunicado. 

This is sort of the biggest joke I'd ever heard. Care to explain how it works? Or give us any valid references?

  • Like 1
Link to comment
8 hours ago, Gorina said:

This is sort of the biggest joke I'd ever heard. Care to explain how it works? Or give us any valid references?

if cable is not shielded, this will cause high interference and will jeopardize the connection.

I would suggest torching the house will be a better option.

Edited by Conquest
  • Like 2
  • Haha 1
Link to comment

Hi guys,

so I did checked that NetLimiter tool now.So it looks good on the first view and tests but I also see some issues using filter & rules which dosent seems to work for 100% with IPs I wanna block.When I create a filter & rule to block IPs for whole internet then it works so far when I just deny or allow it.The ask operation dosent work always calling IPs from browser or outside running app.Thats a little strange.In some cases it dosent work and the ask message by NL comes to late and browser did already load the IP page!=?Somehow stupid. :) Otherwise it also lags a little.Some processes which are already dead keep still alive in NL forever.

Question: So I can add IPs 4 and 6 and also ranges in custom filters of NL but I dont find any way to add names (www.blockthissite.com).Why?Lets say I wanna block google site and now in NL I have to enter all IP4 and IP6 ranges google does use instead just entering the web name once.How to manage this with NL?Or is this not doable to block web site name / domain names etc?

PS: Hey guys, just come down and little and keep cool, so there is nothing to fight about anything alright.

Just have a look at my favorite smiley :slap:mmmhhhhh.I just love it. :)

greetz

  • Like 1
Link to comment

Okay I admit this is more theoretical than a practical attack - there is a point that this sound far-fetched so let's write the question as:

How can one disable a LAN cable without damaging or unplugging it?

https://networkencyclopedia.com/electromagnetic-interference-emi/

Quote

What is EMI (Electromagnetic Interference)?

EMI is the electrical noise induced in cabling by the presence of nearby electrical equipment such as motors, air conditioners, fluorescent lights, and power lines. Electromagnetic interference (EMI) can interfere with the transmission of signals.

EMI is only a problem with copper cabling. It’s caused when the changing electromagnetic fields generated by one cable induce extraneous currents or interference in adjacent or nearby cables.

The real question here and I practically guarantee that spy agencies and militaries already have this in their play books as common knowledge, is can a practical hand held size device do the job.  Obviously a 1 meter fluorescent bulb or a large motor is not going to be of any practical use - though probably some minor experimentation would find with heavy duty equipment you can block the signal in the cable.

Honestly its not particularly important, I have probably just watched too many Mission Impossible movies so it sparked my curiosity.  But probably there is a way to do this though I suspect you would have to build something to be both quiet and compact, that would have no other purpose or functionality except to disable cables - a rather pointless task unless you are involved in serious stuff in which case this equipment would just be given to you.

I am going to give only evidence and facts like a lawyer in court and not respond to anything but the scientific aspects.  The problem is, when it comes to certain topics like medical stuff, where medicine is grey enough for political and other reasons to be practically a philosophical or religious discussion, it could take and endless amount of back and forth posts for both sides to do justice to an argument.  So we should refrain from getting so involved in the contentious that we are making the discussion largely mundane to most people who read the board.  As for any sort of attacks or dubious argumentation, I will do my best to never start it and stay away from it where it occurs.  I am merely looking at my own short comings.  I should be psychologically hardened enough by now to know not to react.  After all perhaps I should be looking at and fixing my own weaknesses first and otherwise remaining silent.  There is an old saying indeed that "Silence is the best medicine."

  • Like 1
Link to comment
11 hours ago, LCF-AT said:

Hi guys,

so I did checked that NetLimiter tool now.So it looks good on the first view and tests but I also see some issues using filter & rules which dosent seems to work for 100% with IPs I wanna block.When I create a filter & rule to block IPs for whole internet then it works so far when I just deny or allow it.The ask operation dosent work always calling IPs from browser or outside running app.Thats a little strange.In some cases it dosent work and the ask message by NL comes to late and browser did already load the IP page!=?Somehow stupid. :) Otherwise it also lags a little.Some processes which are already dead keep still alive in NL forever.

Question: So I can add IPs 4 and 6 and also ranges in custom filters of NL but I dont find any way to add names (www.blockthissite.com).Why?Lets say I wanna block google site and now in NL I have to enter all IP4 and IP6 ranges google does use instead just entering the web name once.How to manage this with NL?Or is this not doable to block web site name / domain names etc?

PS: Hey guys, just come down and little and keep cool, so there is nothing to fight about anything alright.

Just have a look at my favorite smiley :slap:mmmhhhhh.I just love it. :)

greetz

 

I don't know much about NetLimiter, but when it comes to flexible rules, I found Comodo Firewall a decent option.

 

https://help.comodo.com/topic-72-1-766-9175-.html

https://help.comodo.com/topic-72-1-766-9173-Application-Rules.html#Creating_and_Modifying_Network_Policie

spacer.png

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...