Sign in to follow this  
Followers 0
MadSc13ntist

Alternate Method for blocking access

7 posts in this topic

#1 ·  Posted (edited)

I am trying to block a process from accessing the internet... period.

I have tried creating Loopback entries in the Hosts file (usually works) but is there a method that prevents access even if you aren't sure what IP/URL it will try to connect to? (more of a solid catch-all) outside of that i'm really at a loss...

I toyed with a few ideas, HttpSetProxy(bogus proxy), disabling my adapter, but these also hang my connection (obviously)...

any other ideas? I know that most personal firewalls give you a few options but i was looking to learn how to accomplish this myself with a script/cmdline util i could FileInstall(). (P.S. I am running Windows XP SP1)

I would like to learn the options for this anyway, good to know and i would like to learn what this would involve. (perhaps what personal firewalls are doing when access is denied manually)...

Thanks to all who respond!

Edited by MadSc13ntist

Share this post


Link to post
Share on other sites



Firewalls use system hooks and drivers. They intercept things at an extremely low level before the operating system actually executes the code in the executable. You won't be able to simulate this effect without a driver because by the time another running program can detect that the executable is launched, it's probably already too late.

Share this post


Link to post
Share on other sites

Good to know...

Do you know of any light utils i could use to better acomplish this? something that wouldn't have to be permanently installed?

even outside of a script? have you come across anything?

w00t Valik!

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Heres a bonkers thought (a bit much but just playing with ideas while my full throttle sinks in...)

Is there a way to prevent any program run under a limmited user account from accessing the internet? i.e. guest?

and then maybe RunAs(guest)???

Or NET USER ???

just thinking out loud, feel free to shoot it down if it won't fly...

Thanks for the volley of ideas...

Edited by MadSc13ntist

Share this post


Link to post
Share on other sites

Do you know of any light utils i could use to better acomplish this? something that wouldn't have to be permanently installed?

Not that I know of any... You could use the following: EasySec Firewall SDK. Search google for it. However, you will have to install at least "some" files.

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

I'll give it a shot.. thanks..

Any thoughts on the limmited user idea?

Is there any way to limit internet access for a NET USER Account?

(and/or any processes run as that user?)

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Any thoughts on the limmited user idea?

Is there any way to limit internet access for a NET USER Account?

As far as I know, windows has no implementation of mandatory access control (MAC) for network access. That is only done in trusted operating systems like Trusted Solaris, TrustedBSD or Argus Pitbull (and others).

EDIT: So, no there is no way to limit general network access for a user.

Cheers

Kurt

Edited by /dev/null

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0