This new exploit has me in a frenzy has affected both of my friends and I have no idea how to block port 135 using keriopf.

By default, software firewalls block port 135 along with NetBIOS and other ports and services. Do you have any reason to believe that TCP port 135 is not blocked? If you look in your firewall logs and see block messages for any of the currently occurring port 135 scans, then that'll tell you that Kerio is already blocking port 135.

Generally speaking, you don't need a special rule to block an unsolicited connection. Firewalls are really supposed to do that by default unless you make a change to allow something in.

Have you checked your logs to see if the current port 135 scans are listed there as being blocked?

I checked my firewall log and did not see anything from port 135. Is there anything else to check such as an online scan?

Before you go to an online scanner, can you answer one other configuration question? Do you also have a router in your network setup? If a router is between you and your ISP modem, there's a very good chance it is protecting you from the scans and they'll never reach Kerio.

As for scans, well the new GRC scan is a good one. (Click the big "Shields Up" text)...

http://www.grc.com

Or, you can try the various scans over at PCFlank...

http://www.pcflank.com

If these scans show your TCP port 135 as either closed or stealth, then you are blocking the new tcp/135 scans. If 135 shows as "open" then there is something to be concerned about. Let us know and we can advise further.

www.grc.com has ccomfirmed that my port 135 is stealth! Yes I am running a router with a firewall built in along with kerio.

But for future references I would love to know how to block a port using kerio if anyone can help that would be great.

Thanks for all your help and quick replies LWM!

Ah, that's good. Yes, your router is handling all the inbound scans for you, so you are secured... Very nice.

Check back in this thread in a couple hours or tomorrow (depending on your time zone), as there are several knowledgable people here who know both Kerio and most rules based firewalls, and I'm sure they'll be along in time and can answer your questions.

In fact, if you have any other questions, maybe you should post them now so when they do pass through, they can answer them all in one shot.

In the meantime, here is a thread that shows some Kerio rule sets and some discussions of them, which may be of interest to you.

http://www.wilderssecurity.com/showthread.php?t=11917

Hi node

-{ Quote: " quoting: node link=board=23;threadid=12341;start=0#msg79292 date=1060677750]But for future references I would love to know how to block a port using kerio if anyone can help that would be great." }-

Using port 135 as an example, you would create a new rule (name it), protocol TCP & UDP, local port 135, remote address any, remote port any, action would be Block, Logging - your choice. You would then place the rule in an appropriate location in your rule set.

As LWM mentioned, most firewalls default action is to block what is not permitted. With this in mind, focus on your permit rules.

With Kerio you could have a final rule to block Any Inbound with logging enabled. This would block and log all unsolicited inbound traffic and the firewall would still prompt you for outbound connections not accounted for in your rules.

Regards,

CrazyM

Thanks for the reply!

Is blocking stealthing or closing? If it's closing how would I stealth a port?

Well I just used "block" in describing the action for the rule (can't recall at the moment if KPF uses the term block or deny in the rules editor). Kerio will stealth your system (it drops = no response to unsolicited packets) unless you have it configured to run on/as a ICS gateway.

Regards,

CrazyM