Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.200 BETA (closed)
Reload this Page [7.191] RDP detected as Winny again
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-06-2008, 09:13 PM
ulong's Avatar
Member
  
Join Date: Jan 2008
Posts: 87
Angry [7.191] RDP detected as Winny again
Hello,

I'm currently in 7.191,
I see in the changelog in the forum :
Code:
[FIX] Remote desktop sessions (RDP) are no longer mis-detected as Winny.
but when I tries to open a connection to remote windows server I have no connection...
In P2P I set all to BLOCK completly, and winny was set to that...
I saw in AFC live log in RED (block) "P2P Rule: Winny"

in AFC.log :
Code:
2008:05:06-21:11:07 (none) ulogd[2641]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="eth0" srcip="192.168.1.100" dstip="192.168.0.1" proto="6" length="51" tos="0x00" prec="0x00" ttl="126" srcport="3389" dstport="1618" tcpflags="ACKPSH "
2008:05:06-21:11:58 (none) ulogd[2641]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="eth0" srcip="192.168.1.100" dstip="192.168.0.1" proto="6" length="51" tos="0x00" prec="0x00" ttl="126" srcport="3389" dstport="1621" tcpflags="ACKPSH "
2008:05:06-21:12:29 (none) ulogd[2641]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="eth0" srcip="192.168.1.100" dstip="192.168.0.1" proto="6" length="51" tos="0x00" prec="0x00" ttl="126" srcport="3389" dstport="1622" tcpflags="ACKPSH "
2008:05:06-21:13:21 (none) ulogd[2641]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="eth0" srcip="192.168.1.100" dstip="192.168.0.1" proto="6" length="51" tos="0x00" prec="0x00" ttl="126" srcport="3389" dstport="1624" tcpflags="ACKPSH "
2008:05:06-21:14:09 (none) ulogd[2641]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="eth0" srcip="192.168.1.100" dstip="192.168.0.1" proto="6" length="51" tos="0x00" prec="0x00" ttl="126" srcport="3389" dstport="1629" tcpflags="ACKPSH "
Last test: I set P2P winny at "do not control", and my RDP connection works fine...
So it seems that is not really fix...

Ulong.

Just a remark : with no information the AFC.log is not really useful for us : winny= fwrule 60214,
So please give us a comment or a table as I [FEATURE REQUEST] in another thread ([7.190] AFC log file) :
In this case I go directly to the live log and see it but I need to look later,
It can be very hard to find the useful lines in the log...
  #2 (permalink)  
Old 05-08-2008, 08:40 PM
ulong's Avatar
Member
  
Join Date: Jan 2008
Posts: 87
Default
Hi,

even in v7.192, the RDP protocol is block as winny P2P !...

Ulong
  #3 (permalink)  
Old 05-08-2008, 08:54 PM
Wizard
  
Join Date: Oct 2005
Posts: 2,424
Default
You might want to mention which version of RDP you're using; there were some changes in the RDP protocol and clients between Windows Server 2000, 2003, and 2008 (same with XP and Vista)... that might help them get it tracked down, also I'd like to see if I can duplicate the problem too.
__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner
  #4 (permalink)  
Old 05-09-2008, 01:41 AM
Senior Member
  
Join Date: Feb 2007
Location: Köln, Germany
Posts: 432
Default
cant duplicate.

with 7.192 and Winny set to block, rdp connections to 2K and 2k3 Servers works (before 7.192 rdp to w2k was blocked as winny)

Gregor Kemter
  #5 (permalink)  
Old 05-09-2008, 06:55 AM
ulong's Avatar
Member
  
Join Date: Jan 2008
Posts: 87
Wink
Hi,

I redo the test : and same problem : "winny detected"

Code:
2008:05:09-07:41:03 (none) ulogd[2641]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="60214" outitf="eth0" srcip="192.168.1.100" dstip="192.168.0.1" proto="6" length="51" tos="0x00" prec="0x00" ttl="126" srcport="3389" dstport="2264" tcpflags="ACKPSH "
The detail :
the source PC (192.168.0.1) is WinXP SP3 using msdtc.exe version 6.0.6001.18000
The remote server (192.168.1.100) is Win 2K SP4 using msdtc.exe version 1999.9.3421.3
How can I help you with more details ?

To open the connection I need to remove block for the winny settings...

And to be sure : I do a test: if the remote server is a win2K3 server : it works fine even with the blocking...

Bye
Ulong
  #6 (permalink)  
Old 05-15-2008, 07:28 PM
ulong's Avatar
Member
  
Join Date: Jan 2008
Posts: 87
Default
Hi,

I have redone the tests using the new 7.193 version :
Ok to connect to a remote win2k3...
but it fail to open the connection for a win2000 server...

The log show a "P2P winny" blocked...

bye
Ulong
  #7 (permalink)  
Old 05-30-2008, 09:40 PM
ulong's Avatar
Member
  
Join Date: Jan 2008
Posts: 87
Default
Hi,

Using Final 7.200, I have the same problem :
XP SP3 -> Win 2000 The remote desktop is blocked as Winny traffic
XP SP3 -> Win2003 OK !

Bye,
ulong

Usefull ??:
The test was done using remote IPSEC SITE2SITE VPN.
  #8 (permalink)  
Old 05-30-2008, 10:11 PM
Wizard
  
Join Date: Oct 2005
Posts: 2,424
Default
Yep, still happens. I've opened an official support case with Astaro (I actually opened it Tuesday), I've forwarded all my logs and the methodology they can use to reproduce it to support, and they've sent it to the developers. I believe (but can't prove it yet) that it has a lot to do with the updated RDP client included in XP SP3 (yep, it changed ... I didn't know it until I noticed the new command line options for mstsc.exe) ... all of our incidents have occurred when using an XP SP3 machine as the RDP client. Can't say that I've seen it with any Vista boxen yet.
__________________
Convergent Information Security Solutions, LLC
Astaro Preferred Solution Partner
Last edited by BrucekConvergent; 05-30-2008 at 10:14 PM.
  #9 (permalink)  
Old 06-10-2008, 03:43 PM
Junior Member
  
Join Date: Nov 2003
Posts: 5
Default
I see the same thing on 7.200 final. Happening from any of my Vista SP1 or Windows 2008 sysytems to an external Windows XP Professional system. Windows XP (internal) to Windows XP (external) works fine.
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 08:05 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.