Sign in with
Sign up | Sign in
Your question

Kerio Personal Firewall 4 and NIPS

Last response: in Networking
Share
Anonymous
August 25, 2005 1:36:31 PM

Archived from groups: comp.security.firewalls (More info?)

I see in the NIPS (Network Intrusion Detection and Prevention System) logs
that my ISP (151.6.142.220) is blocked as an attack source, with this
description:
BAD-TRAFFIC IP Proto 103 (PIM)
with priority "medium".

I don't know what it means and I'm wondering if I should allow it (allowing
all the intrusions of "medium" class), because recently I have many
disconnections from my dial-up, it seems I can't keep the connection alive
for more than a few minutes.

I hope in your help, thanks!

--
Maria Luisa C - 25/08/2005 11.26.14
Never judge a book by its movie.
-
Anonymous
August 26, 2005 4:07:04 PM

Archived from groups: comp.security.firewalls (More info?)

MLC <marialuisac@gmail.com> wrote:
> I see in the NIPS (Network Intrusion Detection and Prevention System) logs
> that my ISP (151.6.142.220) is blocked as an attack source, with this
> description:
> BAD-TRAFFIC IP Proto 103 (PIM)
> with priority "medium".

You're just fooled by your "Personal Firewall". Just use the Windows-
Firewall to filter, it's enough. Then you will not see any senseless
messages any more, which only are misinterpreted.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 27, 2005 1:06:28 PM

Archived from groups: comp.security.firewalls (More info?)

venerdì 26 agosto 2005 Volker Birk ha scritto:

> MLC <marialuisac@gmail.com> wrote:
>> I see in the NIPS (Network Intrusion Detection and Prevention System) logs
>> that my ISP (151.6.142.220) is blocked as an attack source, with this
>> description:
>> BAD-TRAFFIC IP Proto 103 (PIM)
>> with priority "medium".

> You're just fooled by your "Personal Firewall". Just use the Windows-
> Firewall to filter, it's enough. Then you will not see any senseless
> messages any more, which only are misinterpreted.

Thank you, VB, but then how can I block unwanted outbound connections?
Is there another way?

With kind regards,
--
Maria Luisa C - 27/08/2005 10.59.14
Sherlock Holmes NEVER said, "Elementary, my dear Watson."
-
Related resources
Anonymous
August 27, 2005 5:51:21 PM

Archived from groups: comp.security.firewalls (More info?)

MLC <marialuisac@gmail.com> wrote:
> Thank you, VB, but then how can I block unwanted outbound connections?
> Is there another way?

Unfortunately, it's not possible to secure that a software program,
which is already running inside, cannot communicate with computers
"outside".

This is because of existance of tunneling.

The "Personal Firewalls" all just "secure" one single way to do this -
it's the usual way to open a connection "outside".

So the "Personal Firewalls" all are controlling the programs only,
which allow to be controlled.

Because this would be the only advantage I see to want to have a
"Personal Firewall" and not the Windows-Firewall, and because of the
fact that this advantage isn't really one, I'd prefer the Windows-
irewall to any "Personal Firewall" I know. Don't forget:

"Personal Firewalls" have much disadvantages compared to the Windows-
Firewall, i.e. many of them have system services, which open windows
(which is a security design flaw), have functionality to filter PINs
out of traffic (which is based on the complete lack of understanding
of data security) and lead into publizising this data.

Because of these facts, that any "Personal Firewall" will not secure
your system compared to securing it with the Windows-Firewall, but
many of them open a broad range of additional security problems, I'd
prefer the Windows-Firewall.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 27, 2005 5:51:22 PM

Archived from groups: comp.security.firewalls (More info?)

sabato 27 agosto 2005 Volker Birk ha scritto:

[...]

> Because of these facts, that any "Personal Firewall" will not secure
> your system compared to securing it with the Windows-Firewall, but
> many of them open a broad range of additional security problems, I'd
> prefer the Windows-Firewall.

I understand. Thank you for your thorough response.

--
Maria Luisa C - 27/08/2005 13.58.57
Blessed are they who can laugh at themselves,
for they shall never cease to be amused.
-
Anonymous
August 27, 2005 6:23:06 PM

Archived from groups: comp.security.firewalls (More info?)

MLC <marialuisac@gmail.com> wrote:
> > Because of these facts, that any "Personal Firewall" will not secure
> > your system compared to securing it with the Windows-Firewall, but
> > many of them open a broad range of additional security problems, I'd
> > prefer the Windows-Firewall.
> I understand. Thank you for your thorough response.

One thing, just to be fair:

Kerio, or to be specific, Kerio Personal Firewall 4.1.2 was the least
bad software in our test (I'd not call it the best one, because also
Kerio had no real advantages over the Windows-Firewall). Even Tiny is
worse.

Kerio only has small design flaws like the fact that it is opening
sockets with listen() on 0.0.0.0 itself, and filtering away afterwards,
Kerio is easy to switch off from a malware in the standard configuration
and Kerio installs extra code onto your system, so theoretically the
system has more code which could be object of an unseen attack vector.

The Witty worm was a real-world example, how sometimes such theoretical
flaws cause practical problems:

http://sophos.com/virusinfo/analyses/w32wittya.html

So Kerio is the only firewall in our test, which I would judge with:
"does not lower security considerably compared to the Windows-Firewall".

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 29, 2005 9:07:22 PM

Archived from groups: comp.security.firewalls (More info?)

I've been trying to educate myself on firewalls ect... I'm running XP PRO
and was running ZA but had too many email problems so removed that thru
control panel - and was told to install Kerio - but after reading some of
the messages on this thread - maybe I don't even NEED a firewall other than
my xp pro which is already activated? Is that what you are saying?

If that's true...then do I need anything to stop virus ect?? what should I
be using?

thanks so much -

frustrated, tired and not getting emails again .... in OE 6 from my domain
emails...just my earthlink acct addresses..........Pam


"Volker Birk" <bumens@dingens.org> wrote in message
news:43105b2a@news.uni-ulm.de...
> MLC <marialuisac@gmail.com> wrote:
> > > Because of these facts, that any "Personal Firewall" will not secure
> > > your system compared to securing it with the Windows-Firewall, but
> > > many of them open a broad range of additional security problems, I'd
> > > prefer the Windows-Firewall.
> > I understand. Thank you for your thorough response.
>
> One thing, just to be fair:
>
> Kerio, or to be specific, Kerio Personal Firewall 4.1.2 was the least
> bad software in our test (I'd not call it the best one, because also
> Kerio had no real advantages over the Windows-Firewall). Even Tiny is
> worse.
>
> Kerio only has small design flaws like the fact that it is opening
> sockets with listen() on 0.0.0.0 itself, and filtering away afterwards,
> Kerio is easy to switch off from a malware in the standard configuration
> and Kerio installs extra code onto your system, so theoretically the
> system has more code which could be object of an unseen attack vector.
>
> The Witty worm was a real-world example, how sometimes such theoretical
> flaws cause practical problems:
>
> http://sophos.com/virusinfo/analyses/w32wittya.html
>
> So Kerio is the only firewall in our test, which I would judge with:
> "does not lower security considerably compared to the Windows-Firewall".
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
August 29, 2005 9:18:18 PM

Archived from groups: comp.security.firewalls (More info?)

In article <ehHQe.1957$4P5.696@newsread2.news.pas.earthlink.net>,
pam_staley@removethishotmail.com says...
> I've been trying to educate myself on firewalls ect... I'm running XP PRO
> and was running ZA but had too many email problems so removed that thru
> control panel - and was told to install Kerio - but after reading some of
> the messages on this thread - maybe I don't even NEED a firewall other than
> my xp pro which is already activated? Is that what you are saying?

Windows Firewall is not what I would consider much in the way of
protection and should be supplemented with a good DSL / Cable NAT router
- you can purchase a cheap Linksys BEFSR41 at most places that sell
computers.

> If that's true...then do I need anything to stop virus ect?? what should I
> be using?

It's only true for those that are very, very, diligent in protecting
their systems.

If you want AV software, and everyone should have it if they have a
Windows based PC, try Norton 2005 or AVG from Grisoft - AVG is free and
does email filtering too.

> thanks so much -
>
> frustrated, tired and not getting emails again .... in OE 6 from my domain
> emails...just my earthlink acct addresses..........Pam

Stop using OE and look into ThunderBird.


--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
August 29, 2005 11:56:06 PM

Archived from groups: comp.security.firewalls (More info?)

Pam <pam_staley@removethishotmail.com> wrote:
> I've been trying to educate myself on firewalls ect... I'm running XP PRO
> and was running ZA but had too many email problems so removed that thru
> control panel - and was told to install Kerio - but after reading some of
> the messages on this thread - maybe I don't even NEED a firewall other than
> my xp pro which is already activated? Is that what you are saying?

Yes. The Windows-Firewall is OK.

> If that's true...then do I need anything to stop virus ect?? what should I
> be using?

It's a good idea to use a virus scanner. Virus scanners are one of the most
overestimated software types, though.

A virus scanner cannot find every virus. But a virus scanner can find the
viruses it knows already, and those are usually many.

The best virus scanner is your brain ;-) If you don't use software
out of dubious sources, if you cannot be folled by mail worms, because
you're thinking before opening a mail (and not using a MUA which opens
the mail for you like older Outlook Express releases), and you don't
use Internet Explorer, which has lists of unfixed bugs, but any other
browser and keeping also this software up to date like your system
software (use Windows-Update!), then you should be safe even if you
have no virus scanner.

A virus scanner can help, though. Especially, if you're not using it
as "online-access-scanner", but rebooting from another media from time
to time, and scanning your hard disk frequently. Also it is a good idea
to scan files, which you're downloading or receiving as mail attachement,
before you're using them the very first time.

HTH,
yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
August 30, 2005 12:35:01 AM

Archived from groups: comp.security.firewalls (More info?)

"Pam" <pam_staley@removethishotmail.com> wrote in
news:ehHQe.1957$4P5.696@newsread2.news.pas.earthlink.net:

> I've been trying to educate myself on firewalls ect... I'm running XP
> PRO and was running ZA but had too many email problems so removed that
> thru control panel - and was told to install Kerio - but after reading
> some of the messages on this thread - maybe I don't even NEED a
> firewall other than my xp pro which is already activated? Is that what
> you are saying?
>
Since you're having so much trouble, I would just go with XP's FW. I don't
think it is any worst than the others.

> If that's true...then do I need anything to stop virus ect?? what
> should I be using?

Maybe, you should go to the XP O/S itself and tighten up things a bit like
disabling MS File and Printer Sharing service if the computer is not on a
LAN and shutdown other services not needed when doing a direct connection
to the Internet.

Also you could enable IPsec to supplement the XP FW.

http://labmice.techtarget.com/articles/winxpsecurityche...
http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...

http://www.analogx.com/contents/articles/ipsec.htm

If you implement the AnalogX registry setup for IPsec and enable it, it
will give solid protection supplementing XP's FW.

IPsec will block file downloads on high ports so you disable IPsec and do
the download and enable it again. But you can also configure to open the
ports, since you want to learn about FW(s). IPsec will stop inbound and
outbound traffic by port, protocol and IP and is a good learning tool when
reviewing the rules configured by AnalogX.

Duane :) 
!