Kerio Personal Firewall . . .

Archived from groups: comp.security.firewalls (More info?)

Downloaded newer version 4.0.14 (licenced upgrade) and
now there are no 'intrusions' from sans.org
I was trying to get Kerio and Sans to talk to each other
about the so-called misrepresentation of a Snort alert,
but maybe this is just a coincidence.

I was still getting a few whitehats 'intrusions' but denying
NetworkSecurity->Predefined->Ping and Tracert In
(I'm not on a lan), stopped those too.

I've also set the NetworkSecurity->PacketFilter to
block 'System' and ports 135,137,138,139,445,1025,3127

Alan (Toronto. Canada)
5 answers Last reply
More about kerio personal firewall
  1. Archived from groups: comp.security.firewalls (More info?)

    "Alan Illeman" <illemann@surfbest.net> wrote in message
    news:106uhl0jenk9be8@news.supernews.com...
    > Downloaded newer version 4.0.14 (licenced upgrade) and
    > now there are no 'intrusions' from sans.org
    > I was trying to get Kerio and Sans to talk to each other
    > about the so-called misrepresentation of a Snort alert,
    > but maybe this is just a coincidence.
    >
    > I was still getting a few whitehats 'intrusions' but denying
    > NetworkSecurity->Predefined->Ping and Tracert In
    > (I'm not on a lan), stopped those too.
    >
    > I've also set the NetworkSecurity->PacketFilter to
    > block 'System' and ports 135,137,138,139,445,1025,3127
    >

    You can get yourself a NAT router that cost as much as Kerio or cheaper, if
    you catch one on sale. That way, the router stops everything in front of the
    machine and the O/S and Kerio will not have to react to it which will slow
    the machine down in doing more productive things instead of fending off
    scans and attacks. You don't need to make any rules for the router and you
    don't need to make any rules with Kerio behind the router, since the router
    is stopping all unsolicited inbound traffic.

    http://www.homenethelp.com/web/explain/about-NAT.asp

    You can use Kerio behind the NAT router for application control and to stop
    outbound if it needs to be done.

    If you can avoid having a machine that is not directly connected to the
    Internet, then you should implement it as it is the better choice.

    Duane :)
  2. Archived from groups: comp.security.firewalls (More info?)

    > Thanks for the tip. In my case I don't need or use cable/broadband, but
    > use a dialup connection. With this machine the modem is not separate
    > but part of the PC, so is the NAT-router positioned between my telephone
    > line and the computer?

    They make dial-up NAT routers. A guy I work with had a D-Link model that has
    a RS232 serial port that he connected to a standalone phone modem. From what
    I understood, he told me that from any one of the computers that were
    connected to the router, he could make the phone call and connect to the
    Internet and all machines connected to the router could share the single
    connection.

    I think you're going to need a CAT5 cable and a NIC that must be installed
    in the computer so that it can plug into one of the RJ45 jacks of the
    router.

    It should be a piece of cake for you. :)

    Duane :)
  3. Archived from groups: comp.security.firewalls (More info?)

    >They make dial-up NAT routers. A guy I work with had a D-Link model that has
    >a RS232 serial port that he connected to a standalone phone modem.

    The point the OP is making is that he has an internal dialup modem, not a
    standalone external one. The only thing between the 'phone line and the computer
    bus is a card. There is no place to insert a router in the path. A software
    firewall is the only option.
    --
    Dave "Crash" Dummy - A weapon of mass destruction
    crash@gpick.com?subject=Techtalk (Do not alter!)
    http://lists.gpick.com
  4. Archived from groups: comp.security.firewalls (More info?)

    ""Crash" Dummy" <dvader@deathstar.mil> wrote in message
    news:106v0heci6cgu6a@corp.supernews.com...
    > >They make dial-up NAT routers. A guy I work with had a D-Link model that
    has
    > >a RS232 serial port that he connected to a standalone phone modem.
    >
    > The point the OP is making is that he has an internal dialup modem, not a
    > standalone external one. The only thing between the 'phone line and the
    computer
    > bus is a card. There is no place to insert a router in the path. A
    software
    > firewall is the only option.
    > --

    Crash? Like the man cannot pull out the internal modem? Is there something
    stopping him from doing it? If the OP wants to use the router, then he will
    have to pull the internal modem out of the computer.

    The only thing that could possibly stop the OP from pulling the internal
    modem out of the computer is if the modem is somehow wired to the board.
    If it's not that situation, then open the machine up pull the thing out.

    No, let me take that back. There can be more than one modem on the machine a
    internal one on COM1 and an external one on COM2 using a RS232 card plugged
    into one of the serial port slots inside the computer, if this is a desktop
    machine. Then the OP can take a RS232 cable and plug it into port of the
    modem. Any dialing program on the machine should be able to use COM1 or
    COM2.

    Heck, I got an external RS232 for a little device I upload data from using
    a my laptop that also has an internal modem.

    Duane :)
  5. Archived from groups: comp.security.firewalls (More info?)

    "Alan Illeman" <illemann@surfbest.net> wrote in message
    news:106uhl0jenk9be8@news.supernews.com...
    > Downloaded newer version 4.0.14 (licenced upgrade) and
    > now there are no 'intrusions' from sans.org
    > I was trying to get Kerio and Sans to talk to each other
    > about the so-called misrepresentation of a Snort alert,
    > but maybe this is just a coincidence.

    I went off-line for a few days and now the "loopback traffic" intrusions
    seem to be almost gone (just three intrusions in an hour, instead of several
    ones every minute). Maybe we should just live with it, there are people out
    there scanning ports with forged IP's.. I second the suggestion of investing
    in a hardware router in order to ease the load on the cpu.
    Regards,
    Goerz
Ask a new question

Read More

Firewalls Security Networking