Hello,To all

Well here i go again could someone have a
look at these rules tell me if i should add or
move anything at all well have a good one ;)

Thank you

Hi,all

Sorry i was trying to post both gif files at the same time ::)

Thank you

Hi AAP

I find the wording confusing for your ICMP rules (but can't quite see the entire caption). The first starts off "Outgoing" but is actually for Inbound.

I will usually try to include the ICMP type in the caption so you can tell at a glance what the rule is allowing/blocking.

Inbound ICMP type 0, 3, 11
Outbound ICMP type 3, 8
Block all other ICMP

The rules for LSA Shell, Window Logon, Userinit Logon and Microsoft-DS are default rules. If you do not require them, try disabling them (uncheck). You will be propmpted for anything you may require and can enable the rule then. Once you are certain you do not need the rules, you can delete them.

Regards,

CrazyM

Hi,CrazyM

Well here i am hehe have a look please tell me
if you think i should add or remove anything more
also do you think i need to move any of these items
up or down you have a good one

Good luck :)

Oh boy sorry i can't seem to post both at the sametime

Hi AAP

On first glance those rules look fine :)

Regards,

CrazyM

Hey,CrazyM

Thank you for all the help you have a
good night & hope to see you soon

Good luck :)

Hi AAP

Just in case you were not following the other post...

"After all this hard work, be sure to save off your rule set. You can do this under administration > miscellaneous > firewall configuration files.

Once saved (by default to the Kerio directory), copy it elsewhere for safe keeping. If you ever have to reinstall you can then just load that .conf file without having to redo your rules. This file is also portable between systems."

Regards,

CrazyM

Hey,CrazyM

Yes i found this out the hard way ::)
so i did just as you said & i have it on
a disk just incase you have a good one

Thank you

{QUOTE-> quoting: AAP link=board=23;threadid=11917;start=0#msg77001 date=1059712472]
Yes i found this out the hard way ::) <-QUOTE}

We have all been there, and done that ;)

Regards,

CrazyM

Yes but some more then others who me
no not me i know it all hehe LOL have a good one

Good luck ;D

It looks to me all you guys are right paranoid on ports 137-139 which means you have not unbinded your netbios
from your System adapter:
Heres how to do it:

Do this, This is very important.


If you are using WIN98SE, You need to select microsoft windows logon or
family logon(Whether you are lan or dial up user, microsoft Networking user or not)

Please go to control panel and select Network, and not dial up networking,
to do the following:

First, check whether you have to install NetBEUI as a Network protocol,
if not, just click on Client for Microsoft Network,click "ADD", select protocol,
and install the NetBEUI. After that, follow the below procedure:


(1)If you are a dial-up user, just select the icon "TCP/IP->Dial up adapter"
in Network, and unbind the 2 boxes(Client for microsoft Network and
Microsoft Family logon), under the binding tabs. whatever windows asks you,
just click ok or yes.

(2)After that click on the icon "NetBEUI -> dialup adapter" and under the bindings,
bind the 2 boxes (Client for microsoft Network and Microsoft Family logon).

(3) Now, select the Dial up adapter, under the bindings tab, select or bind
the boxes NetBEUI->Dialup adapter and TCP/IP->Dialup adapter.


Note: (1)& (2) is the Networks Transport protocol, (3) is the Network adapter
or hardware adapter.

If you are on a Lan, cable modem or DSL user, you should bind your network
adapter to TCP/IP and NetBEUI, and unbind other components
(like IPX/SPX transport protocol), procedure is same as above,
the only thing different is, the Dial up adapter has become the Lan adapter
or Modem adapter.

After you have done all the above, you can unbind your netbios.

However, if you are a Microsoft Networking user and you find that
you can't connect to the internet after you do the above, you have
to go back to (3) and bind the 2 boxes
(Client for microsoft Network and Microsoft Family logon),
under the Network adapter and I believe you will not be able to unbind the Netbios.

source: fookong_yap



NOTE: If your ISP disallows you to connect when you unbind NETBIOS from
your Client adapter then you need another ISP as they want to maintain
control on your Computer!!!

source: DEAN.

I also suggest you use these policies:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
"NoFileSharingControl"=dword:00000001
"NoEntireNetwork"=dword:00000001
"NoWorkgroupContents"=dword:00000001
"NoNetSetup"=dword:00000001
"NoNetSetupIDPage"=dword:00000001
"NoNetSetupSecurityPage"=dword:00000001
"NoPrintSharingControl"=dword:00000001
"NoFileSharing"=dword:00000001
"NoPrintSharing"=dword:00000001
"DisablePwdCaching"=dword:00000001

I'm missing a rule for blocking port 135 UDP/TCP
http://grc.com/default.htm
Dolf

If your port 135 is open, that means you have allowed the server in your rules, and you need to edit your rules.

Kerio provides the firewall status screen and you should see svchost.exe listening, simply spend some time with your rules to make sure nothing show up as a server, and that you fully understand what your rules are allowing. Its best if you delete the default rules first since they can be a source of this, but their purpose was so your computer was actually able to boot under certain configurations after being installed.