LuLu icon indicating copy to clipboard operation
LuLu copied to clipboard

Published 20 hours ago verified publisher icon objective-see

2.0: Connection alert network IP address is always local router IP address

Open nhojb opened this issue 5 years ago • 7 comments

In Lulu 2.0 the network IP address reported in the connection alert is always my local router (192.168.86.1). It's the same for all processes.

In Lulu 1.x the network IP address was the final destination IP address for the request.

nhojb avatar Oct 01 '20 10:10 nhojb

Note: this appears to apply to UDP connections only. I may be betraying my network protocol ignorance here...

nhojb avatar Oct 01 '20 11:10 nhojb

Is this just for DNS requests? (UDP, port 53)? Or

If you have a screenshot of the alert next time this happens, that'd be great!

thanks!

objective-see avatar Oct 02 '20 18:10 objective-see

Yes, UDP, port 53. That makes sense now, thanks :-)

nhojb avatar Oct 02 '20 19:10 nhojb

I'm also seeing this issue specifically in 2.0. Here's an example:

Discord

In 1.x it would show the resolved domain.

Autre31415 avatar Nov 18 '20 20:11 Autre31415

Can the message be improved then? DNS lookup for x.com. Allowing this gives the application access to the Internet.

ctwise avatar Nov 25 '20 15:11 ctwise

If you select the remote endpoint with the first DNS request, the second time it shows the real IP :)

MacInTheNet avatar Dec 19 '20 03:12 MacInTheNet

Does LuLu really have to report DNS lookups? Why not just report real connection attempts and ignore preliminary actions? Maybe it makes sense to add a checkbox "Always allow DNS lookups" or to be little more restrictive and add a configurable list of DNS servers connections to which LuLu should not report?

alexcom avatar Dec 03 '21 14:12 alexcom