Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Hi,
my PC is not able to connect to the ICQ network via Trillian (3.1.10 Basic) when the personal firewall of NIS2008 is activated. I allowed anything to Trillian, but even than I need to shutdown the whole firewall to connect to ICQ. After the connection is established I can turn the firewall on again and everything (messaging, file transfer) with Trillian works fine.
Any ideas?
Thank you in advance
Josef
Well, I think I configured it correctly. Trillian is allowed to do anything,of course any other application is configured differently - depending on the needs of the application. At first Trillian was only allowed to use ports, which are requested by Trillian, but then I allowed anything to it.
But I think, that the only point, where an application can be restricted is at the personal firewall, where you can define rules which communication is allowed or denied to any programm, right?
What else can be the reason for this?
The use of the word “to” concerns me a bit. If you want Trillian to work of ICQ, you need to allow Trillian to communicate both in and out for ICQ. Since you’re already taking a broad and permissive approach, just allow all communication for Trillian, reguardless of direction and port, for both UDP and TCP, and see if that solves the problem. If it does, you can go back and tighten the rule down.
Are you able to delete all the trillian rules?
And than start up trillian again
reese_anschultz wrote:
The use of the word "to" concerns me a bit. If you want Trillian to work of ICQ, you need to allow Trillian to communicate both in and out for ICQ. Since you're already taking a broad and permissive approach, just allow all communication for Trillian, reguardless of direction and port, for both UDP and TCP, and see if that solves the problem. If it does, you can go back and tighten the rule down.
Maybe I didn't say it precisely enough, sorry. Here is the rule for Trillian (translated from German):
Trillian is allowed: direction: in/out, computer: any, communication: any, protocol: all.
No other rules for Trillian.
Stu wrote:Are you able to delete all the trillian rules?
And than start up trillian again
Message Edited by Stu on 06-17-2008 06:43 AM
I tried this several times and configured it in many different ways - without success.
Thank you for your trouble so far...
-- edit: added connection log of Trillian --
[17.06.2008 - 18:30 Uhr] *** Creating connection "XXXXXXXXXX"
[17.06.2008 - 18:30 Uhr] *** Lost connection to network (Error Code: 0).
[17.06.2008 - 18:30 Uhr] *** Connecting to ICQ as "XXXXXXXXXX", attempt #1.
[17.06.2008 - 18:30 Uhr] *** Will attempt 20 connections with 1 second intervals.
[17.06.2008 - 18:30 Uhr] *** Reconnecting to ICQ as "XXXXXXXXXX".
[17.06.2008 - 18:31 Uhr] *** Lost connection to network (Error Code: 0).
[17.06.2008 - 18:31 Uhr] *** Connecting to ICQ as "XXXXXXXXXX", attempt #2.
[17.06.2008 - 18:31 Uhr] *** Lost connection to network (Error Code: 0).
...
No ideas, anybody?
Have you checked the Norton Internet Security logs to see if it is reporting blocking anything and why?
reese_anschultz wrote:
Have you checked the Norton Internet Security logs to see if it is reporting blocking anything and why?
The logfile says only:
Netzwerkverbindungen
Verbindung: localhost: 2229 Bis localhost: 33333, 0 Bytes gesendet, 48 Bytes empfangen, Zeitdauer: 20.156
Verbindung: localhost: 33333 Von localhost: 2229, 48 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 20.156
Verbindung: localhost: 33333 Von localhost: 2230, 24 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 20.140
Verbindung: localhost: 2230 Bis localhost: 33333, 0 Bytes gesendet, 24 Bytes empfangen, Zeitdauer: 20.140
Verbindung: localhost: 2220 Bis localhost: 33333, 0 Bytes gesendet, 48 Bytes empfangen, Zeitdauer: 21.250
Verbindung: localhost: 33333 Von localhost: 2220, 48 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 21.250
Verbindung: localhost: 2221 Bis localhost: 33333, 0 Bytes gesendet, 24 Bytes empfangen, Zeitdauer: 20.734
Verbindung: localhost: 33333 Von localhost: 2221, 24 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 20.734
Verbindung: localhost: 2216 Bis localhost: 33333, 0 Bytes gesendet, 48 Bytes empfangen, Zeitdauer: 20.625
Verbindung: localhost: 33333 Von localhost: 2216, 48 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 20.625
Verbindung: localhost: 2217 Bis localhost: 33333, 0 Bytes gesendet, 24 Bytes empfangen, Zeitdauer: 20.250
Verbindung: localhost: 33333 Von localhost: 2217, 24 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 20.234
Verbindung: localhost: 2204 Bis localhost: 33333, 0 Bytes gesendet, 48 Bytes empfangen, Zeitdauer: 42.390
Verbindung: localhost: 33333 Von localhost: 2204, 48 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 42.390
Verbindung: localhost: 33333 Von localhost: 2210, 24 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 20.406
Verbindung: localhost: 2210 Bis localhost: 33333, 0 Bytes gesendet, 24 Bytes empfangen, Zeitdauer: 20.406
Verbindung: localhost: 33333 Von localhost: 2205, 24 Bytes gesendet, 0 Bytes empfangen, Zeitdauer: 20.953
Verbindung: localhost: 2205 Bis localhost: 33333, 0 Bytes gesendet, 24 Bytes empfangen, Zeitdauer: 20.968
Verbindung: localhost: 2206 Bis localhost: 33333, 76 Bytes gesendet, 36 Bytes empfangen, Zeitdauer: 0.109
Verbindung: localhost: 33333 Von localhost: 2206, 36 Bytes gesendet, 76 Bytes empfangen, Zeitdauer: 0.093
Verbindung: www.ceruleanstudios.com: http(80) Von xxxxx: 2201, 183 Bytes gesendet, 214 Bytes empfangen, Zeitdauer: 0.312
Verbindung: www.ceruleanstudios.com: http(80) Von xxxxx: 2195, 512 Bytes gesendet, 3901 Bytes empfangen, Zeitdauer: 0.343
Firewall-Aktivitäten
Eine Instanz von "[path]\trillian.exe" ist im Begriff, auf das Internet zuzugreifen
You can see, that Trillian tries to connect several times, but isn't able to transfer any data - and why only on localhost?
Please try disabling intrusion prevention/detection and see if that makes the problem go away. If it does, inspect your IDS logs. We’ll research it from there.
reese_anschultz wrote:
Please try disabling intrusion prevention/detection and see if that makes the problem go away. If it does, inspect your IDS logs. We'll research it from there.
First of all: sorry for let you waiting...
Well, I deactivated intrusion prevention - without any result. Trillain still doesn't connect...
Do you have any idea what port 33333 is being used? I can’t find anything on Trillian’s site about this and it is known to be a port used by worms. Standard TCP communication shouldn’t be using this either. I wonder if some other aspect of the product is detecting this as a threat due to the port that it’s using and other factors (I’m a networking guy so I can’t get into too much detail around the other areas.) From the logs, it appears that the connection is actually being allowed but no data is being transferred making it seem like it’s not a firewall specific detection.
reese_anschultz wrote:
Do you have any idea what port 33333 is being used? I can't find...
I searched the internet for this port and found, that PGP Desktop 9.x uses this port on the loopback device. But this information is only out of a forum, too, so this is not verified. Well, I have got PGP Desktop 9.x and I know, that PGP can protect instant messaging, too, but I never used this feature.
I realised, that I blocked PGPTray.exe completely. After deleting this rule and reconnect via Trillian, NIS2008 asked me for a rule for PGPTray.exe on port 5190 (ICQ). Allowing this connection resulted in an successful connect to ICQ network with Trillian.
Thank you for your help...
I just needed someone who put me on the spot. ;-)
Kind Regards...
I’m glad that I could help, even if it was only to point you in the right direction for further research.
Are you sure you didn’t configure anything at all to your firewall?