Welcome! Log In Create A New Profile

Advanced

What's an easy way to intercept unwanted connection attempts?

Posted by JoeyPogoPlugE02 
What's an easy way to intercept unwanted connection attempts?
January 19, 2017 04:38PM
And I mean outgoing! Because it's the apps inside that call the bad guys and let them in.

For Mac we've got Little Snitch (for a price) and Windows we can use Net Limiter. If some app thing tries to sneak messages "home", and that's the case with 99% of freeware, Net Limiter can tell you what it is, and give you choices how to cope or ignore.

I'd like to do the same thing with Android devices such as my Beelinks and tablet - in fact it's 10 times more important to me to be able to do that, because of reports Google's App store has bad apps that are artificially rated higher and have sneaky tendencies.
So in many cases I've gotten my few android apps offline other places and would like to know if they connect somewhere evil.

My main motivation is the Beelink X2s. You have to change resolution for every HDMI destination change so it's likely I'll be booting into Android many instances - and I'd like to control what gets let out, and even see if the Android firewall really works.

Another possibility is to run the SOCs into a Windows or Mac NIC and see if Net Limiter will identify problems apps that I can remove or block with my router. I have my doubts that's doable. Sounds good though.

I know about Snort, but that's too complicated for now. Too easy to screw up.

Below (attached) is a screenshot of Net Limiter. When an app phones home it gets listed, and from there you can tell your firewall how to manage it.

=========
-=Cloud 9=-



Edited 1 time(s). Last edit at 01/20/2017 12:26AM by JoeyPogoPlugE02.
Attachments:
open | download - NetLimiter.jpg (100.1 KB)
Re: What's an easy way to intercept unwanted connection attempts?
February 01, 2017 03:27PM
If the application doesn't use unique TCP/UDP ports, then it gets tricky.

You can use iptables with the owner match extension. This is useful if the application runs under a separate account, which is often the case, but not always.

You can also try using apparmor, which I usually just uninstall because I find it to be a pain on my systems. This would let you block and probably log application network activity.



Edited 1 time(s). Last edit at 02/01/2017 03:32PM by GeekSmith.
Author:

Your Email:


Subject:


Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: