Kerio Personal Firewall . . .

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Downloaded newer version 4.0.14 (licenced upgrade) and
now there are no 'intrusions' from sans.org
I was trying to get Kerio and Sans to talk to each other
about the so-called misrepresentation of a Snort alert,
but maybe this is just a coincidence.

I was still getting a few whitehats 'intrusions' but denying
NetworkSecurity->Predefined->Ping and Tracert In
(I'm not on a lan), stopped those too.

I've also set the NetworkSecurity->PacketFilter to
block 'System' and ports 135,137,138,139,445,1025,3127

Alan (Toronto. Canada)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Alan Illeman" <illemann@surfbest.net> wrote in message
news:106uhl0jenk9be8@news.supernews.com...
> Downloaded newer version 4.0.14 (licenced upgrade) and
> now there are no 'intrusions' from sans.org
> I was trying to get Kerio and Sans to talk to each other
> about the so-called misrepresentation of a Snort alert,
> but maybe this is just a coincidence.
>
> I was still getting a few whitehats 'intrusions' but denying
> NetworkSecurity->Predefined->Ping and Tracert In
> (I'm not on a lan), stopped those too.
>
> I've also set the NetworkSecurity->PacketFilter to
> block 'System' and ports 135,137,138,139,445,1025,3127
>

You can get yourself a NAT router that cost as much as Kerio or cheaper, if
you catch one on sale. That way, the router stops everything in front of the
machine and the O/S and Kerio will not have to react to it which will slow
the machine down in doing more productive things instead of fending off
scans and attacks. You don't need to make any rules for the router and you
don't need to make any rules with Kerio behind the router, since the router
is stopping all unsolicited inbound traffic.

http://www.homenethelp.com/web/explain/about-NAT.asp

You can use Kerio behind the NAT router for application control and to stop
outbound if it needs to be done.

If you can avoid having a machine that is not directly connected to the
Internet, then you should implement it as it is the better choice.

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

> Thanks for the tip. In my case I don't need or use cable/broadband, but
> use a dialup connection. With this machine the modem is not separate
> but part of the PC, so is the NAT-router positioned between my telephone
> line and the computer?

They make dial-up NAT routers. A guy I work with had a D-Link model that has
a RS232 serial port that he connected to a standalone phone modem. From what
I understood, he told me that from any one of the computers that were
connected to the router, he could make the phone call and connect to the
Internet and all machines connected to the router could share the single
connection.

I think you're going to need a CAT5 cable and a NIC that must be installed
in the computer so that it can plug into one of the RJ45 jacks of the
router.

It should be a piece of cake for you.

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

>They make dial-up NAT routers. A guy I work with had a D-Link model that has
>a RS232 serial port that he connected to a standalone phone modem.

The point the OP is making is that he has an internal dialup modem, not a
standalone external one. The only thing between the 'phone line and the computer
bus is a card. There is no place to insert a router in the path. A software
firewall is the only option.
--
Dave "Crash" Dummy - A weapon of mass destruction
crash@gpick.com?subject=Techtalk (Do not alter!)
http://lists.gpick.com

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

""Crash" Dummy" <dvader@deathstar.mil> wrote in message
news:106v0heci6cgu6a@corp.supernews.com...
> >They make dial-up NAT routers. A guy I work with had a D-Link model that
has
> >a RS232 serial port that he connected to a standalone phone modem.
>
> The point the OP is making is that he has an internal dialup modem, not a
> standalone external one. The only thing between the 'phone line and the
computer
> bus is a card. There is no place to insert a router in the path. A
software
> firewall is the only option.
> --

Crash? Like the man cannot pull out the internal modem? Is there something
stopping him from doing it? If the OP wants to use the router, then he will
have to pull the internal modem out of the computer.

The only thing that could possibly stop the OP from pulling the internal
modem out of the computer is if the modem is somehow wired to the board.
If it's not that situation, then open the machine up pull the thing out.

No, let me take that back. There can be more than one modem on the machine a
internal one on COM1 and an external one on COM2 using a RS232 card plugged
into one of the serial port slots inside the computer, if this is a desktop
machine. Then the OP can take a RS232 cable and plug it into port of the
modem. Any dialing program on the machine should be able to use COM1 or
COM2.

Heck, I got an external RS232 for a little device I upload data from using
a my laptop that also has an internal modem.

Duane

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Alan Illeman" <illemann@surfbest.net> wrote in message
news:106uhl0jenk9be8@news.supernews.com...
> Downloaded newer version 4.0.14 (licenced upgrade) and
> now there are no 'intrusions' from sans.org
> I was trying to get Kerio and Sans to talk to each other
> about the so-called misrepresentation of a Snort alert,
> but maybe this is just a coincidence.

I went off-line for a few days and now the "loopback traffic" intrusions
seem to be almost gone (just three intrusions in an hour, instead of several
ones every minute). Maybe we should just live with it, there are people out
there scanning ports with forged IP's.. I second the suggestion of investing
in a hardware router in order to ease the load on the cpu.
Regards,
Goerz