Results 1 to 3 of 3

Thread: Leak: Facebook in Firefox Bypasses Stop-All

  1. #1
    inflatedwombat Guest

    Angry Leak: Facebook in Firefox Bypasses Stop-All

    If someone's already posted a similar issue, I apologize. I searched ahead of time and found nada.

    I've been trying to resolve a particular issue in which traffic leaks through even after I have activated ZA's block-all feature.

    I noticed the issue when I would continue to receive notifications on my FB page even when traffic was supposed to be blocked. This is what Netmon confirms:

    101 09:23:42 04.01.2011 560.7647784 firefox.exe 69.63.180.45 (local computer) TCP TCP:Flags=...A...., SrcPort=HTTP(80), DstPort=49203, PayloadLen=0, Seq=3117485780, Ack=1629669703, Win=70 {TCP:16, IPv4:15}

    But I've also spotted others sneaking out, too with both ARP, SNMP, Browser, and Nbtns continuing to flow

    2381 09:59:13 04.01.2011 1846.0722459 (local computer) (LAN device) SNMP SNMP:Version1, Community = public, Get request, RequestID = 99 {UDP:5, IPv4:4}
    2382 09:59:13 04.01.2011 1846.0833901 (LAN device) (local computer) SNMP SNMP:Version1, Community = public, Response, RequestID = 99 {UDP:5, IPv4:4}

    2375 09:59:05 04.01.2011 1838.5068529 (local computer) (LAN device) ARP ARP:Request, (local computer) asks for (LAN device)
    2376 09:59:05 04.01.2011 1838.5071288 (LAN device) (local computer) ARP ARP:Response, (LAN device) at (MAC)

    3 09:28:38 04.01.2011 11.9745647 System (LAN device) (local computer) NbtNs NbtNs:Query Request for *<00><00><00><00><00><00><00><00><00><00><00><00>< 00><00><00> <0x00> Workstation Service {UDP:7, IPv4:6}
    4 09:28:38 04.01.2011 11.9747953 System (local computer) (LAN device) NbtNs NbtNs:Query Response, Success for *<00><00><00><00><00><00><00><00><00><00><00><00>< 00><00><00> <0x00> Workstation Service {UDP:7, IPv4:6}

    91 09:44:31 04.01.2011 964.5312866 System (local computer) (LAN broadcast) BROWSER BROWSERomain/Workgroup Announcement, MachineGroup = ISSGNET, serverName = (local computer) {SMB:3, UDP:2, IPv4:1}


    ...and this: something in "system" phoning home to Google:

    61 09:38:24 04.01.2011 597.5478362 System (local computer) 209.85.225.104 TCP TCP:Flags=...A...., SrcPort=49422, DstPort=HTTP(80), PayloadLen=0, Seq=1125050515, Ack=2940542065, Win=16263 {TCP:8, IPv4:7}


    This is what I've found so far, and while all of these seem to be communicating with otherwise legit addresses (although Google's phoning home doesn't seem proper), blocking all traffic should mean that all traffic gets blocked.
    Last edited by GeorgeV; January 4th, 2011 at 07:42 AM.

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Leak: Facebook in Firefox Bypasses Stop-All

    Sorry all users here, you may want to report the issue to the official technical support to get it troubleshoot and logged (if needed).

    Link to technical support in my signature.

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    critterjoe Guest

    Default Re: Leak: Facebook in Firefox Bypasses Stop-All

    Quote Originally Posted by inflatedwombat View Post
    ...and this: something in "system" phoning home to Google:

    61 09:38:24 04.01.2011 597.5478362 System (local computer) 209.85.225.104 TCP TCP:Flags=...A...., SrcPort=49422, DstPort=HTTP(80), PayloadLen=0, Seq=1125050515, Ack=2940542065, Win=16263 {TCP:8, IPv4:7}


    This is what I've found so far, and while all of these seem to be communicating with otherwise legit addresses (although Google's phoning home doesn't seem proper), blocking all traffic should mean that all traffic gets blocked.
    What method have you used to block all internet traffic? Are you using the Internet lock feature under Program Control? Or did you set up custom firewall rules? Or were you referring to some selectable options in the Firewall/Main/Advanced tab? What did you mean when you said you have used the "ZA block-all feature"?

    I can address "Why" Google might be contacted. Firefox will contact Google periodically to update the whitelist and blacklist for malware and phishing sites. This will occur if at the Firefox Options Security Tab you have checkmarks in "block reported attack sites" and "block reported web forgeries". In order to know what these bad sites are, Firefox then periodically contacts Google to see which sites are dangerous and downloads a list into your Firefox (as best as I understand it). Firefox does this by contacting Google at a site called http://safebrowsing.clients.google.com/... I occasionally see Firefox contacting that site if I do a Netstat check.

    Firefox website states: "There are two times when Firefox will communicate with Mozilla’s partners while using Phishing and Malware Protection. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent. The Mozilla Privacy Policy expressly forbids the collection of this data by Mozilla or its partners for any purpose other than improvement of the Phishing and Malware Protection feature. The Google Privacy Policy explains how Google handles user cookies."

    As an aside (unrelated to your original question), and if you want to test that your Firefox is indeed blocking these phishing and malware sites, the Mozilla website has two test sites that can be accessed through this Mozilla webpage:

    http://www.mozilla.com/en-US/firefox...ng-protection/

    Then scroll down to the FAQ entitled "How do I use the Phishing and Malware protection features", and you will see the two test sites there.
    Last edited by critterjoe; January 4th, 2011 at 03:12 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How do I stop Zone Alarm Free from opening the Firefox browser?
    By TheTess in forum ZoneAlarm Free Firewall
    Replies: 0
    Last Post: October 4th, 2010, 03:26 PM
  2. FF makes firefox history/bookmarks stop working
    By computer_tech in forum Web Security/Security Toolbar/Do Not Track
    Replies: 1
    Last Post: December 20th, 2009, 12:57 AM
  3. "ID Lock Alert" won't stop popping up (only on Facebook site)
    By glenno in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 22
    Last Post: October 28th, 2009, 06:13 AM
  4. Replies: 1
    Last Post: May 21st, 2006, 04:50 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •