Welcome Guest.   Make a donation to an author on the site April 24, 2014, 01:56:59 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2010! Download 24 custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 3 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: IDEA: Block/Unblock all network traffic button (one-click)  (Read 15347 times)
superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: January 30, 2011, 12:03:44 AM »

Since I've switched to MSE from Kaspersky, there is one thing I miss: the "block all network traffic" button.  Kasperksy had a feature where you could right click on the system tray icon and block all network traffic.  It would be cool if someone could write something that could quickly block and unblock network traffic simply by clicking on the system tray icon.  If you block it, the icon turns red, if you unblock it, it turns green.

It should really be that simple.  And it should play well with the actual firewall software you are using.
Logged

4wd
Supporting Member
**
Posts: 3,222



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: January 30, 2011, 12:05:24 AM »

Do you mean Internet traffic or ALL network traffic?

For all, it would be a simple matter of disabling the interface.

If you mean ALL then I'll try and knock one up for you in a few hours, (basic toggle function is already available).

v0.28 attached.

* NICToggle.zip (550.07 KB - downloaded 238 times.)
« Last Edit: March 30, 2011, 08:22:16 PM by 4wd » Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
lanux128
Global Moderator
*****
Posts: 6,049



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: January 30, 2011, 12:21:41 AM »

iirc zonealarm had something like that too. a big button that 'locks-down' all traffic but i can't recall it was only internet traffic or local network as well..

in any case, disabling all network is quite straight-forward, check out this thread.

? hotkey to disable/enable nic
Logged

superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: January 30, 2011, 12:23:39 AM »

Do you mean Internet traffic or ALL network traffic?

For all, it would be a simple matter of disabling the interface.

If you mean ALL then I'll try and knock one up for you in a few hours, (basic toggle function is already available).
Yup!  All network traffic.  Anything coming in or out of that computer.  Click on, click off.

Thanks!
Logged

4wd
Supporting Member
**
Posts: 3,222



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: January 30, 2011, 01:01:27 AM »

Script was made easy by the use of a AutoIt UDF from Tlem over here.

Anyway, let me know if it works.

UPDATED: See post.
« Last Edit: March 30, 2011, 08:18:39 PM by 4wd » Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
4wd
Supporting Member
**
Posts: 3,222



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: February 01, 2011, 03:09:04 AM »

OK, it's had a name change, (but you can change it to anything you like), to NetToggle v0.99

WHAT:  A simple program for toggling the state, (enable/disable), of one or all of the network interfaces.   Tray icon changes to reflect current status.

REQUIREMENTS: Windows XP+SP3 (x86/x64) or later.

USAGE: On first run it will prompt for a network interface from the drop down list, select one and click Save.  Interface selected is save to an ini file in the same directory as the executable.
      
Click the LMB on the tray icon to toggle the state of the interface.
      
Click the RMB on the tray icon to open the interface selector.
      
To exit the program, click the RMB on the tray icon and then click the window Close button, (X in top right).
      
NOTES: You can rename the executable when you run it, it will prompt for an interface and save it to a new ini under the same name as the executable.  So you can run multiple copies, one for each interface.

See post here.
« Last Edit: March 30, 2011, 08:19:35 PM by 4wd » Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: February 01, 2011, 10:51:19 AM »

I'm getting the following errors when I run the program and then try to click on the icon in the system tray:
Logged

Stoic Joker
Honorary Member
**
Posts: 4,883



View Profile WWW Give some DonationCredits to this forum member
« Reply #7 on: February 01, 2011, 11:24:12 AM »

Hm... That looks like a Windows (error) message. Can you disable the NIC in question from the Network Connections folder?

(Bing seems to think this is a common Windows issue)
Logged
superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: February 01, 2011, 11:35:59 AM »

Hm... That looks like a Windows (error) message. Can you disable the NIC in question from the Network Connections folder?

(Bing seems to think this is a common Windows issue)
you're right.  I'm at work, and i can't disable this connection.  I'm guessing it's a restriction put in place by our network admins.
Logged

Stoic Joker
Honorary Member
**
Posts: 4,883



View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: February 01, 2011, 11:45:23 AM »

I once disabled the NIC on a Production Server I was working on via Terminal Services - Roll Eyes - That went rather badly...
Logged
40hz
Supporting Member
**
Posts: 9,872



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: February 01, 2011, 12:09:21 PM »

Wouldn't it be easier to use DEVCON?

(Note: This is the real "oldie" way to do it. Can't remember where I first read about this.)

You'd need to download it from Microsoft if devcon.exe isn't in your WINDOWS\SYSTEM32 folder.

Once you've got it installed, open a command prompt and use

DEVCON FIND  * > C:\device.list to get a list of your devices.

Once you've identified the device you want to control you can use

DEVCON [ENABLE|DISABLE] *device_id to control it.

On the PC I'm currently sitting at, the NIC is identified as follows:

PCI\VEN_8086&DEV_1039&SUBSYS_2009107B&REV_82\4&29817089&0&40F0: Intel(R) PRO/100 VE Network Connection

All I need to do now is grab a unique chunk of the string (I picked 1039&SUBSYS)

Check to be sure it's both the device I want - and a unique string using:

DEVCON FIND *1039&SUBSYS

Devcon returned the following which shows the string is unique to the device I want to control:

C:\Documents and Settings\ek>devcon find *1039&SUBSYS
PCI\VEN_8086&DEV_1039&SUBSYS_2009107B&REV_82\4&29817089&0&40F0: Intel(R) PRO/100 VE Network Connection
1 matching device(s) found.



Now all I need to do to disable it is enter:

DEVCON DISABLE *1039&SUBSYS

C:\Documents and Settings\ek>devcon disable *1039&SUBSYS
PCI\VEN_8086&DEV_1039&SUBSYS_2009107B&REV_82\4&29817089&0&40F0: Disabled
1 device(s) disabled.


And to enable it:

DEVCON ENABLE *1039&SUBSYS

C:\Documents and Settings\ek>devcon enable *1039&SUBSYS
PCI\VEN_8086&DEV_1039&SUBSYS_2009107B&REV_82\4&29817089&0&40F0: Enabled
1 device(s) enabled.


From here you could just do up a batch file for each and throw their shortcuts in your Quick Launch Tool Bar (if you're lazy) or do up the commands in a fancy script or tray tool if you're more ambitious.

Real code wonks (which I'm not) could write a whole program to check for and optionally install devcon, get the device list, and verify the correct device was selected before writing the command settings to a file. That would make it a nice general purpose end-user type utility squatting in the tray all ready for immediate action.

Note: If you're using a third-party firewall, many have a stop-all-network-activity button which accomplishes the same thing without needing to actually disable the NIC hardware.

 smiley

« Last Edit: February 09, 2011, 05:22:35 AM by 40hz » Logged

Don't you see? It's turtles all the way down!
techidave
Supporting Member
**
Posts: 937


see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: February 01, 2011, 12:21:56 PM »

Nice find 40hz!  just to let others know that the download from Micrsoft is a zip file that should be extracted to the system32 folder.  I d/l the file and then when I tried to run it, it wanted to unzip it.  Looks like there is a 32 and 64 bit version plus the eula.
Logged
40hz
Supporting Member
**
Posts: 9,872



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: February 01, 2011, 01:05:21 PM »

^ You are correct. There is a 32 and a 64bit version. Completely forgot about that.

Good catch. Thmbsup

Note: Once you've got devcon extracted, be sure you either rename the self-extracting download file or move it off the desktop. If you don't, and you attempt to run devcon via a batch file, the batch will glom onto the download rather than the executable in the SYSTEM32 directory. And you'll go crazy wondering what's going on. 

Why Microsoft called the archive the same thing as the contained executable is anybody's guess.

« Last Edit: February 01, 2011, 01:16:57 PM by 40hz » Logged

Don't you see? It's turtles all the way down!
patthecat
Member
**
Posts: 88


View Profile Give some DonationCredits to this forum member
« Reply #13 on: February 01, 2011, 01:40:20 PM »

Another alternative is set up a static private ip on the network card you are using.

You can use NetSetMan to create a profile for that card to assign a static private ip of 169.254.x.x
and another profile to auto assign IP and DNS.  This way it's sort-of one click.

I use NetSetMan to assign various static IPs, or to switch to various DNS servers.
Logged
Ath
Supporting Member
**
Posts: 2,134



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #14 on: February 01, 2011, 01:49:30 PM »

Since I've switched to MSE from Kaspersky, there is one thing I miss: the "block all network traffic" button.

Have you ever actually used that feature? And if so, what was happening that made you decide to turn your network off?

I've seen that (big) switch in ZoneAlarm ever since it was introduced, years ago, and I never understood what would have to happen, that I should switch the connection off ohmy
Logged

superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: February 01, 2011, 02:44:17 PM »

It's usually a troubleshooting reason.  The most recent example is I'm trying to troubleshoot my email program, and I don't want it accidentally sending recieving any email until all my settings are the way i like it.  because if i don't like it, I'm going to move certain files around and i don't want an email or two slipping in there during the interim, because then my last "good" files are not the latest and greatest.  So stuff like that.
Logged

Ath
Supporting Member
**
Posts: 2,134



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #16 on: February 01, 2011, 02:48:11 PM »

It's usually a troubleshooting reason.

Oh, Ok, hm, I always just try to get it set up right the first time Wink but that's without guarantees...
Logged

40hz
Supporting Member
**
Posts: 9,872



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: February 01, 2011, 03:06:44 PM »

Since I've switched to MSE from Kaspersky, there is one thing I miss: the "block all network traffic" button.

Have you ever actually used that feature? And if so, what was happening that made you decide to turn your network off?

I've seen that (big) switch in ZoneAlarm ever since it was introduced, years ago, and I never understood what would have to happen, that I should switch the connection off ohmy

I've used a network kill switch a few times.  tellme

I'll zap my network link anytime something goes down that makes me suspicious. In the world of law enforcement, there's a phrase they use to cover those times when you're suddenly feeling very edgy about something, but for no specific reason you can put your finger on. The term is JDLR (Just Doesn't Look Right). It's pure gut. But it works more often than not.

Any time something just doesn't look right, I'll hit the kill switch.

Usually what will happen is something gets redirected and I suddenly see drive activity go through the roof; or my browser lands on what appears to be a static webpage and finishes loading, yet my network interface continues to show a high level of packet activity.

Most times, my network security systems catch any baddies. But there was one time a while back when I was reading something on a tech website, clicked on a link, and (very obviously) got redirected somewhere else. That's when something hit the PC I was using. And it hit so hard - and destabilized things so badly - that I ended up restoring the OS from an image.

Whatever tried to sleeze its way onto that poor little box walked through a heavy duty 3rd-party firewall and a top shelf antivirus/antimalware package like they didn't exist. And it completely ignored the fact this machine was fully up-to-date with it's security patches and system updates. It put oddball files all over the place and did a number on the Windows directory itself. And it did so in less than 15 seconds.

Very scary.

Subsequent scans on the drive (with every AV package known to mankind) found nothing other than a half dozen "suspicious" items. I sent these to various AV developers for analysis. The conclusion most drew was that "something" tried to install itself on this PC, but got interrupted before it could finish.

It likely didn't finish because I unplugged the network cable in the wake of all the drive activity I was seeing. Drive activity that included polling the CD and floppy drive! Never a good sign when that happens.

After that I stopped rolling my eyes at all those "hyped-up" news stories about killer zero-day exploits.

Nowadays, I always make sure there's some sort of kill switch on anything I've got connected to the internet. I haven't had cause to hard kill a network connection for some time now. But I'm glad I easily can if I want to.

 Cool

-----

Addendum: I think it's important to be able to kill all activity on your network card. Because if something occurred that justified killing off an Internet connection, it also justifies isolating the affected machine from the rest of the network. At least until you get a chance to make sure everything is ok with the PC itself.

Just my  two cents


EDIT: fixed some grammar and punctuation. Reads much better now. smiley
« Last Edit: February 09, 2011, 05:55:06 AM by 40hz » Logged

Don't you see? It's turtles all the way down!
superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #18 on: February 01, 2011, 03:49:28 PM »

Thanks for the wisdon, 40hz.  With your intuition, I'm sure gut feelings are more reliable than not.  I need a gut...
Logged

40hz
Supporting Member
**
Posts: 9,872



A'Tuin

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: February 01, 2011, 05:16:03 PM »

I need a gut...

No worries! Just 2 bottles of Samuel Adams Double Bock  Kiss (yummy!) twice a day, combined with very little exercise, and you'll soon have one too! Just ask my nephew. (Who is reading this and is not amused.) tongue



If the gods of brewing make anything better, they're keeping it for themselves AFAICT. thumbs up



« Last Edit: February 01, 2011, 05:18:45 PM by 40hz » Logged

Don't you see? It's turtles all the way down!
superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #20 on: February 01, 2011, 05:20:46 PM »

If the gods of brewing make anything better, they're keeping it for themselves AFAICT. thumbs up
The other gods might have better stuff...
Logged

Renegade
Charter Member
***
Posts: 10,364



Tell me something you don't know...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #21 on: February 01, 2011, 05:26:45 PM »

No worries! Just 2 bottles of Samuel Adams Double Bock  Kiss (yummy!) twice a day, combined with very little exercise, and you'll soon have one too! Just ask my nephew. (Who is reading this and is not amused.) tongue
 (see attachment in previous post)
If the gods of brewing make anything better, they're keeping it for themselves AFAICT. thumbs up

Is that a real bock? If it is... Jeez... You don't need 2 a day to get fat! smiley Bocks are the heaviest things out there. I usually split a bottle with someone if there's anyone willing.
Logged

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker
4wd
Supporting Member
**
Posts: 3,222



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #22 on: February 01, 2011, 05:28:22 PM »

you're right.  I'm at work, and i can't disable this connection.  I'm guessing it's a restriction put in place by our network admins. (see attachment in previous post)

Possibly, (from here):

Quote
Ability to Enable/Disable a LAN connection
Administrative Template: System
Policy Node: USER
Policy Path: Administrative Templates\Network\Network Connections
Supported On: At least Microsoft Windows 2000 Service Pack 1
Help/Explain Text: Determines whether users can enable/disable LAN connections. If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu. If you disable this setting (and enable the Enable Network Connections settings for Administrators setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators). Important: If the Enable Network Connections settings for Administrators is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections. Note: Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled.
Registry Settings: HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_LanConnect

Ah well, my second crack at a coding snack has failed to live up to expectations  Sad

On the bright, the third time should be a cracker, (whether cracker failure I'm not sure about).  cheesy

It's usually a troubleshooting reason.  The most recent example is I'm trying to troubleshoot my email program, and I don't want it accidentally sending recieving any email until all my settings are the way i like it.  because if i don't like it, I'm going to move certain files around and i don't want an email or two slipping in there during the interim, because then my last "good" files are not the latest and greatest.  So stuff like that.

I usually use the 'one size fits all' solution of unplugging the network cable. Wink
« Last Edit: February 01, 2011, 05:40:22 PM by 4wd » Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
superboyac
Charter Member
***
Posts: 5,527


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: February 01, 2011, 05:58:15 PM »

i don't think you're a cracker failure.

What if you try devcon, from 40hz' suggestion above?  In case it requires downloading a file, I have an elegant solution for you.  Now, most developers in that case would have an instruction in a forum saying you have to download this file and put it here to make it work, etc.  They might even go so far as providing the link to the file for you.  but the best way would be to have the program's installer offer to download the file and install it for you in case it's not installed yet.  I've seen .net programs do this, so it's not unprecedented.

Then, you can use the codes for devcon to do the network blocking thing.  Yeah?
Logged

Stoic Joker
Honorary Member
**
Posts: 4,883



View Profile WWW Give some DonationCredits to this forum member
« Reply #24 on: February 01, 2011, 06:16:07 PM »

You would still have to manually dredge up the Adapter's ID string for devcon to (target) use.
Logged
Pages: [1] 2 3 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.061s | Server load: 0.01 ]