Kerio Personal Firewall 4 and NIPS

Archived from groups: comp.security.firewalls (More info?)

I see in the NIPS (Network Intrusion Detection and Prevention System) logs
that my ISP (151.6.142.220) is blocked as an attack source, with this
description:
BAD-TRAFFIC IP Proto 103 (PIM)
with priority "medium".

I don't know what it means and I'm wondering if I should allow it (allowing
all the intrusions of "medium" class), because recently I have many
disconnections from my dial-up, it seems I can't keep the connection alive
for more than a few minutes.

I hope in your help, thanks!

--
Maria Luisa C - 25/08/2005 11.26.14
Never judge a book by its movie.
-
9 answers Last reply
More about kerio personal firewall nips
  1. Archived from groups: comp.security.firewalls (More info?)

    MLC <marialuisac@gmail.com> wrote:
    > I see in the NIPS (Network Intrusion Detection and Prevention System) logs
    > that my ISP (151.6.142.220) is blocked as an attack source, with this
    > description:
    > BAD-TRAFFIC IP Proto 103 (PIM)
    > with priority "medium".

    You're just fooled by your "Personal Firewall". Just use the Windows-
    Firewall to filter, it's enough. Then you will not see any senseless
    messages any more, which only are misinterpreted.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  2. Archived from groups: comp.security.firewalls (More info?)

    venerdì 26 agosto 2005 Volker Birk ha scritto:

    > MLC <marialuisac@gmail.com> wrote:
    >> I see in the NIPS (Network Intrusion Detection and Prevention System) logs
    >> that my ISP (151.6.142.220) is blocked as an attack source, with this
    >> description:
    >> BAD-TRAFFIC IP Proto 103 (PIM)
    >> with priority "medium".

    > You're just fooled by your "Personal Firewall". Just use the Windows-
    > Firewall to filter, it's enough. Then you will not see any senseless
    > messages any more, which only are misinterpreted.

    Thank you, VB, but then how can I block unwanted outbound connections?
    Is there another way?

    With kind regards,
    --
    Maria Luisa C - 27/08/2005 10.59.14
    Sherlock Holmes NEVER said, "Elementary, my dear Watson."
    -
  3. Archived from groups: comp.security.firewalls (More info?)

    MLC <marialuisac@gmail.com> wrote:
    > Thank you, VB, but then how can I block unwanted outbound connections?
    > Is there another way?

    Unfortunately, it's not possible to secure that a software program,
    which is already running inside, cannot communicate with computers
    "outside".

    This is because of existance of tunneling.

    The "Personal Firewalls" all just "secure" one single way to do this -
    it's the usual way to open a connection "outside".

    So the "Personal Firewalls" all are controlling the programs only,
    which allow to be controlled.

    Because this would be the only advantage I see to want to have a
    "Personal Firewall" and not the Windows-Firewall, and because of the
    fact that this advantage isn't really one, I'd prefer the Windows-
    irewall to any "Personal Firewall" I know. Don't forget:

    "Personal Firewalls" have much disadvantages compared to the Windows-
    Firewall, i.e. many of them have system services, which open windows
    (which is a security design flaw), have functionality to filter PINs
    out of traffic (which is based on the complete lack of understanding
    of data security) and lead into publizising this data.

    Because of these facts, that any "Personal Firewall" will not secure
    your system compared to securing it with the Windows-Firewall, but
    many of them open a broad range of additional security problems, I'd
    prefer the Windows-Firewall.

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  4. Archived from groups: comp.security.firewalls (More info?)

    sabato 27 agosto 2005 Volker Birk ha scritto:

    [...]

    > Because of these facts, that any "Personal Firewall" will not secure
    > your system compared to securing it with the Windows-Firewall, but
    > many of them open a broad range of additional security problems, I'd
    > prefer the Windows-Firewall.

    I understand. Thank you for your thorough response.

    --
    Maria Luisa C - 27/08/2005 13.58.57
    Blessed are they who can laugh at themselves,
    for they shall never cease to be amused.
    -
  5. Archived from groups: comp.security.firewalls (More info?)

    MLC <marialuisac@gmail.com> wrote:
    > > Because of these facts, that any "Personal Firewall" will not secure
    > > your system compared to securing it with the Windows-Firewall, but
    > > many of them open a broad range of additional security problems, I'd
    > > prefer the Windows-Firewall.
    > I understand. Thank you for your thorough response.

    One thing, just to be fair:

    Kerio, or to be specific, Kerio Personal Firewall 4.1.2 was the least
    bad software in our test (I'd not call it the best one, because also
    Kerio had no real advantages over the Windows-Firewall). Even Tiny is
    worse.

    Kerio only has small design flaws like the fact that it is opening
    sockets with listen() on 0.0.0.0 itself, and filtering away afterwards,
    Kerio is easy to switch off from a malware in the standard configuration
    and Kerio installs extra code onto your system, so theoretically the
    system has more code which could be object of an unseen attack vector.

    The Witty worm was a real-world example, how sometimes such theoretical
    flaws cause practical problems:

    http://sophos.com/virusinfo/analyses/w32wittya.html

    So Kerio is the only firewall in our test, which I would judge with:
    "does not lower security considerably compared to the Windows-Firewall".

    Yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  6. Archived from groups: comp.security.firewalls (More info?)

    I've been trying to educate myself on firewalls ect... I'm running XP PRO
    and was running ZA but had too many email problems so removed that thru
    control panel - and was told to install Kerio - but after reading some of
    the messages on this thread - maybe I don't even NEED a firewall other than
    my xp pro which is already activated? Is that what you are saying?

    If that's true...then do I need anything to stop virus ect?? what should I
    be using?

    thanks so much -

    frustrated, tired and not getting emails again .... in OE 6 from my domain
    emails...just my earthlink acct addresses..........Pam


    "Volker Birk" <bumens@dingens.org> wrote in message
    news:43105b2a@news.uni-ulm.de...
    > MLC <marialuisac@gmail.com> wrote:
    > > > Because of these facts, that any "Personal Firewall" will not secure
    > > > your system compared to securing it with the Windows-Firewall, but
    > > > many of them open a broad range of additional security problems, I'd
    > > > prefer the Windows-Firewall.
    > > I understand. Thank you for your thorough response.
    >
    > One thing, just to be fair:
    >
    > Kerio, or to be specific, Kerio Personal Firewall 4.1.2 was the least
    > bad software in our test (I'd not call it the best one, because also
    > Kerio had no real advantages over the Windows-Firewall). Even Tiny is
    > worse.
    >
    > Kerio only has small design flaws like the fact that it is opening
    > sockets with listen() on 0.0.0.0 itself, and filtering away afterwards,
    > Kerio is easy to switch off from a malware in the standard configuration
    > and Kerio installs extra code onto your system, so theoretically the
    > system has more code which could be object of an unseen attack vector.
    >
    > The Witty worm was a real-world example, how sometimes such theoretical
    > flaws cause practical problems:
    >
    > http://sophos.com/virusinfo/analyses/w32wittya.html
    >
    > So Kerio is the only firewall in our test, which I would judge with:
    > "does not lower security considerably compared to the Windows-Firewall".
    >
    > Yours,
    > VB.
    > --
    > "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    > deutschen Schlafzimmern passiert".
    > Harald Schmidt zum "Weltjugendtag"
  7. Archived from groups: comp.security.firewalls (More info?)

    In article <ehHQe.1957$4P5.696@newsread2.news.pas.earthlink.net>,
    pam_staley@removethishotmail.com says...
    > I've been trying to educate myself on firewalls ect... I'm running XP PRO
    > and was running ZA but had too many email problems so removed that thru
    > control panel - and was told to install Kerio - but after reading some of
    > the messages on this thread - maybe I don't even NEED a firewall other than
    > my xp pro which is already activated? Is that what you are saying?

    Windows Firewall is not what I would consider much in the way of
    protection and should be supplemented with a good DSL / Cable NAT router
    - you can purchase a cheap Linksys BEFSR41 at most places that sell
    computers.

    > If that's true...then do I need anything to stop virus ect?? what should I
    > be using?

    It's only true for those that are very, very, diligent in protecting
    their systems.

    If you want AV software, and everyone should have it if they have a
    Windows based PC, try Norton 2005 or AVG from Grisoft - AVG is free and
    does email filtering too.

    > thanks so much -
    >
    > frustrated, tired and not getting emails again .... in OE 6 from my domain
    > emails...just my earthlink acct addresses..........Pam

    Stop using OE and look into ThunderBird.


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  8. Archived from groups: comp.security.firewalls (More info?)

    Pam <pam_staley@removethishotmail.com> wrote:
    > I've been trying to educate myself on firewalls ect... I'm running XP PRO
    > and was running ZA but had too many email problems so removed that thru
    > control panel - and was told to install Kerio - but after reading some of
    > the messages on this thread - maybe I don't even NEED a firewall other than
    > my xp pro which is already activated? Is that what you are saying?

    Yes. The Windows-Firewall is OK.

    > If that's true...then do I need anything to stop virus ect?? what should I
    > be using?

    It's a good idea to use a virus scanner. Virus scanners are one of the most
    overestimated software types, though.

    A virus scanner cannot find every virus. But a virus scanner can find the
    viruses it knows already, and those are usually many.

    The best virus scanner is your brain ;-) If you don't use software
    out of dubious sources, if you cannot be folled by mail worms, because
    you're thinking before opening a mail (and not using a MUA which opens
    the mail for you like older Outlook Express releases), and you don't
    use Internet Explorer, which has lists of unfixed bugs, but any other
    browser and keeping also this software up to date like your system
    software (use Windows-Update!), then you should be safe even if you
    have no virus scanner.

    A virus scanner can help, though. Especially, if you're not using it
    as "online-access-scanner", but rebooting from another media from time
    to time, and scanning your hard disk frequently. Also it is a good idea
    to scan files, which you're downloading or receiving as mail attachement,
    before you're using them the very first time.

    HTH,
    yours,
    VB.
    --
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
    Harald Schmidt zum "Weltjugendtag"
  9. Archived from groups: comp.security.firewalls (More info?)

    "Pam" <pam_staley@removethishotmail.com> wrote in
    news:ehHQe.1957$4P5.696@newsread2.news.pas.earthlink.net:

    > I've been trying to educate myself on firewalls ect... I'm running XP
    > PRO and was running ZA but had too many email problems so removed that
    > thru control panel - and was told to install Kerio - but after reading
    > some of the messages on this thread - maybe I don't even NEED a
    > firewall other than my xp pro which is already activated? Is that what
    > you are saying?
    >
    Since you're having so much trouble, I would just go with XP's FW. I don't
    think it is any worst than the others.

    > If that's true...then do I need anything to stop virus ect?? what
    > should I be using?

    Maybe, you should go to the XP O/S itself and tighten up things a bit like
    disabling MS File and Printer Sharing service if the computer is not on a
    LAN and shutdown other services not needed when doing a direct connection
    to the Internet.

    Also you could enable IPsec to supplement the XP FW.

    http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
    http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

    http://www.analogx.com/contents/articles/ipsec.htm

    If you implement the AnalogX registry setup for IPsec and enable it, it
    will give solid protection supplementing XP's FW.

    IPsec will block file downloads on high ports so you disable IPsec and do
    the download and enable it again. But you can also configure to open the
    ports, since you want to learn about FW(s). IPsec will stop inbound and
    outbound traffic by port, protocol and IP and is a good learning tool when
    reviewing the rules configured by AnalogX.

    Duane :)
Ask a new question

Read More

Firewalls Internet Service Providers Networking