Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature request] There should be an option to only allow trough tcp protocol for security reasons. #1129

Open
llldannylll opened this issue Oct 30, 2023 · 5 comments
Open

[feature request] There should be an option to only allow trough tcp protocol for security reasons. #1129

llldannylll opened this issue Oct 30, 2023 · 5 comments

Comments

@llldannylll
Copy link

llldannylll commented Oct 30, 2023
edited
Loading

There are other protocols which are unwanted or dangerous.
I know udp already can be blocked, except ntp and dns.
I would recommend a setting which allows only tcp protocol to drop all the rest.
@ignoramous
Copy link
Collaborator

I would recommend a setting which allows only tcp protocol to drop all the rest.

Rethink only allows ICMP, TCP, and UDP. So, by blocking UDP, you're getting close to what you're asking for. Not sure, if blocking ICMP is okay.

@llldannylll
Copy link
Author

Thank you for the quick response. Icmp allows wakeon wlan. Im not pro enough to understand the drivers source code, but ive been told nasty things can be done with icmp.

@llldannylll
Copy link
Author

Thank you for the quick response. Icmp allows wakeon wlan. Im not pro enough to understand the drivers source code, but ive been told nasty things can be done with icmp.

I would recommend a setting which allows only tcp protocol to drop all the rest.

Rethink only allows ICMP, TCP, and UDP. So, by blocking UDP, you're getting close to what you're asking for. Not sure, if blocking ICMP is okay.

I wrote this because my uptodate android device has been infected with a spyware when every android component was firewalled.
Which means one or both of the following:
-not every android component or service shows up in the firewall
-it uses a custom protocol
I learned that spyware allows access to my phone and streams the screen content.
Ive been able to firewall everything but udp,tcp,icmp on my wifi but i cant do this on lte.
The packet captures showed a protocol which is not udp/tcp. Its a custom protocol which has been wrote by the hacker.

@llldannylll llldannylll reopened this Nov 4, 2023
@llldannylll
Copy link
Author

If every android component and app is firewalled, and the hackers still able to install software from remote to the phone, than there must be a vulnerability in the android system itself. (In the kernel and/or a system service)
Is it a must to root the phone to firewall android services? Is rethink firewall capable of firewalling system services?

@ignoramous
Copy link
Collaborator

OEMs apps and services can bypass Rethink #224 (and root-based firewalls, if they are not careful enough).

As a rule of thumb, if you can't trust OEMs, no amount of protections matter (see: https://en.wikipedia.org/wiki/Trusted_computing_base)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ignoramous @llldannylll