[Q] Firewalls do not work.-swiss cheese - Android Q&A, Help & Troubleshooting

I am running a rooted LGA V400 tablet with Android 4.4.2 Kernel version 3.4.0+, software version v40010e and build number KOT49l.A1403851534. The tablet does not have provisions for a data connection via a SIM card- wifi only.
I am using the connections tab in eolwral OS monitor to keep track of what connections the various applications and the OS are making with the outside i.e.. via wi-fi. I also am running AFWall + to shut down phone home garbage. I had Droidwall installed before this. Neither Droidwall nor AFWall + shut down non whitelisted connections......
As normal course of operation the ONLY applications I whitelist are
Firefox
GMail
Google+
GPS Status
Internet (the built in browser)
Kaspersky Internet Security
Maps
Navigator
Skype
Speedtest
Sun, Moon & Planets
UCBrowserHD.
As I am writing this the tablet has an uptime of 1 hr 42 minutes. The only existing connection to the internet according to OSMonitor is Youtube through 127.0.0.1:42818. Youtube is NOT whitelisted. Also please note that I am composing this post on my laptop.
If I restart the tablet things change radically. I have 19 connections either syn_sent, time_wait,Listening or Established. Most are from System although there are things like Google Account Manager (not whitelisted) Qualcom, Youtube (again) and things like Google Input Services. On the first boot of the day its is worse with more of the system connections to various IP's in various states, Kernel connections (not whitelisted) App updates(not whitelisted), Google backup Transport and its group (not whitelisted), Google Partner Setup ( not whitelisted), Hidden Person Menu (not whitelisted), Software Update (not whitelisted), and a group of others appear which are not whitelisted.
My questions are-
. If either Droidwall or AFWall+ are true IPTables firewalls how and why is all of this crap able to get on wifi?
When transport for a certain service is not available i.e. blocked by a firewall does Android do something different with the connection request to enable it i.e. the plethora of system connections? It appears to me that AFWall+ isn't working as advertised because of f these leakers-
Most of the connections appear at boot up- is what is happening that these connections are established before AFWall+ gets up and running and it does not have the ability to close them? Note that on boot up after the GUI is running I get a SuperSU notification that AFWall + has been granted root permission so I am curious about the order of things starting i.e. a lot of the connection sockets being established before the firewall is running.
Finally- the V400 is somewhat of a stepchild. Is there another version of Android I can load on this platform that will work?
Thanks to all for the expertise here. I searched the forum before posting this as well as the internet, I am experienced with Unix and Linux and have done IPTables in non Android OS'es. I find what I am seeing here disturbing. Any help or suggestions would be deeply appreciated.
Expat.

Related

[Q] Cannot access google servers

Hello all,
I have a boxchip A10 based android 2.3.4 device - the Yinlips YDPG18.
I''ve setup the wifi connection (as this is the only method of communication) and can access most sites without any problem.
However, it seems like there is a problem with certain google servers:
- I can use "google.com", but any searches via "google.com/m" fail after the first try (and have to clear the data for the browser to make it work again)
- while trying to setup my google account I get the "Cant' establish a reliable data connection to the server" message, ADB reporting a "java.net.SocketTimeoutException: Read timed out" error.
- some applications seem to have trouble accessing certain content, like Amazon Appstore (the login works, but does not display any items)
Here are some of the things I've tried so far with absolutely no luck:
- reflashing and reformatiing the device
- changing the DNS servers, wifi router and internet provider (my android tablet work just fine on the same setup)
- upgrading the Services Framework and browser apps
- changing the device name in build.prop
- messing around with various settings in accounts.db, googlesettings.db and settings.db
My best guess is that somehow the device gets selectively blocked based on some criteria, but I can't really explain how.
Any help would be highly appreciated, as I'm starting to run out of ideas...
Thank you!

[Q] Qustion for Networking experts

Hi
I am trying to connect to my office wifi via proxy server.
Scenario 1: I am using Samsung Bada (wave 1), connected to the internet successfully and also any applications that require an internet connection including Samsung's app store.
While, connecting via open networks like home wifi and other friends' wifi also worked without any issue.
Scenario 2: Now I also have an android based Galaxy pocket: even after entering all the required proxy setting as mentioned above, I can access websites via browser but cannot access samsung's app store, google's play store, skype, sipdroid etc.,
I know it is nothing to do with the network administration as I am still accessing via my samsung wave but not via android. Please help me in identifying what I am missing. Is there anything like a network profile I need to assign for these applications?
thanks
S
Figured out the solution
Sometimes it is pathetic to notice that I didn't receive a single suggestion after I posted my question above. This is not how it used to be when we had smartphones that were just running windows long time ago.
There were lot of suggestions that comes up within a few minutes of posting, now after the invent of android and so many devices we have so many members but knowledge sharing has decreased considerably as each person is busy with solving their own issues.
Well, let me come back to the point - All that I needed to do was to run an app like 'proxydroid' or 'auto proxy lite' from one of our members from xda-developers to solve this issue. In order, to run these apps the device needed to be rooted. I rooted and installed this app and from that instance I am able to make all my apps including skype, google app market and what not all can access internet from my corporate wifi.
However, I noticed that only one application never succeeded this trick - that app is a Voip/SIP application called 'Pronto dialer' which throws a message 'unknown error occurred'. It works fine in an open wifi like at home etc., I am suspecting the proxy setting in the office network clashes with the proxy setting in the dialer...dont know what it is. Anyway I am glad and relieved that I was able to solve 90% of the issue.
Hope the above will be useful for someone with similar limitation from corporate wifi.

[Q] Trouble using Adblock Plus with Xprivacy/Orbot/Orwall

Hi all, first post since I lost my last account login. On to business:
First off, I'm running an HTC One XL which doesn't seem to be an option in the user CP, whatever.
HTC One XL, rooted.
TWRP 2.7.1.0
4.4.4 Paranoid Android 4.6 Beta 1
Minimal GAPPS, just the framwork and play store.
Xposed Framework running Xprivacy
Orwall forcing all traffic through Orbot
Full disk encryption.
The problem is that I want to install Adblock Plus and have all traffic, WiFi and mobile be filtered for ads. I just can't seem to get it working.
I install Adblock, even allow it SU, I've tried turning on 'Local Traffic' in Orwall, forcing it through Tor, keeping it fenced and allowing it to bypass Tor. I've added a proxy address of 'localhost' on port '2020' of both the WiFi connection and my APN. Nothing, Orbot connects as usual but no traffic is getting through, I think Adblock's local server is being blocked somewhere but I don't know where.
I'm sure it worked briefly after I first installed it but then my phone randomly rebooted and I've not got it working since.
I'm very happy with my build up to this point with security and anonymity being very strong in the setup. Adblock would really put the cherry on top.
Help?
EDIT: Thinking about this further, I realsied that both Orbot and Adblock Plus are both proxy services and need to be configured in series such as:
WiFi or Mobile connection -> Orbot -> Adblock Plus
In order to configure a proxy in Orbot requires root permissions, something the Orbot devs strongly suggest you do not do and I'm inclined to agree. Therefor I've decided to use a Host file solution instead, maybe this thread will be of use to someone if they stumble upon it via a search engine. I hope so, I've spent far too many hours on this already.

Prevent Certain Apps from Using My Work Wi-Fi - Anything better than Tasker?

Hi all,
I want to prevent certain apps from accessing my work Wi-Fi, mostly so my employer can't see what I'm doing. Specifically, I don't want to be connected to my employer's Wi-Fi while on Facebook, Evernote, etc.
For some other apps, I still want to use Wi-Fi to save data.
I just installed Tasker and have already a Task set up to shut off Wi-Fi for these apps. My question is: is this really secure? Does anyone think this will prevent my employer from seeing what's on my Facebook, or is there a flaw I'm not thinking of?
Ex: maybe Tasker has a delay which will allow my employer to see Facebook load anyway.
Alternatively, if anyone knows a more efficient way of doing this (in Tasker or anywhere else in Android) that'd be great.
Thanks
Question your boss is a hacker?
Because if he isn't he can't see anything in theory because he doesn't know how.
But you can use vpn connection as Hotspot Shield
so your traffic inside that network and all over the internet is encrypted.
You can also use "Firewall" for that.Firewall apps that they stop apps that you choose from getting access to internet.
if you aren't rooted try this one NoRoot Data Firewall . it use VPN
connection. So this vpn connection is local and when the blocked app tries to connect the internet it just get the localhost ip as gateway . the other apps continue to work normally.
if you are rooted try this one AFWall+ (Android Firewall +)
depends on your needs of course.

is this a security breach in android or am i just being derp

android/calyosx
for a few days i was able to use just telegrm and no internet at all.
i used my VPN as a lock to keep all programs quarantined safely untill i fixed a few issues
still telegram and session texting apps could communicate just fine.
now i got my internet worked out on my phone and was simultaneously not able to reach the telegram or session texting at all.
so i found the fix. i can use session/telegram on my phone.
that looks like a serious problem.
the thing that was stopping it was a security setting "restrict cleartext network traffic"
so the texting sounds to me like it is openly available for all to read. all man in the middle / stingray readers, node relays, or providers.
both these apps totally bypass the VPN on the phone and do not use the networking as the other apps do. they both have no vpn interaction at all. that is clearly verified
both are registered as "cleartext network traffic"
am i imagining the security risk in this , or is it as bad as i am guessing

Categories

Resources