Hi al,

At home iam using WinME and Kerio 2.15, running smoothly and stealth. (every port)

Today i installed Kerio on a Win2000 pro, and i was amazed that only port 135 was stealthed and the rest, checked at grc.com, was only closed??

Does this sound familiar to 2000 users??

Is there something to do about this??

Kindly some helop on this issue.

rgds,
Martin

Hi
If you make your last rule to block everything, you will be stealthed.
Dolf

Hi Dollefie,

can you tell me how this can be, cause if i block everything, i can't do anything, at least that how i look at it.

Can you tell me how to set this rule up??

thanks,

Martiin

That's why you have to put it up as the last rule. You have to specify all 'legal' actions in rules before that last one.
I did it when I thought everything I needed to permit has an allow-rule.
Also I made that last rule to show an alert, so I could check I missed nothing.
Dolf

At first you might want to disable that rule and set the slider of the administration form at "ask me first" instead of "deny unknown" , then you will be asked if it will create a rule for you.
Dolf

Well thanks Dollefie,

I give it a go, and let you know ;)

rgds,
Martin

be sure to check if your deny-all-rule is allways the last, because automaticly generated rules will be added at the end...

I will, thanks

rgds,
Martin

Were missing some information about your network configuration since this should not happen unless they made some real big allow rules by mistake, or checked the internet gateway option.

Are you on a lan/Ics network, and/or using a router also? If your using ICS, is your machine the ICS host?

Iam on a Lan, no router, just a Hub.

thanks,
Martin

Go over this link, section three, its for ICS, but it works quite well for Lan configurations also.
Is there ANY way to stay stealth on all ports and STILL have ICS enabled? (http://www.blarp.com/faq/faqmanager.cgi?file=kerio_ics&toc=kerio#q3)

By separating the communications by subnet mask which this link does, it will prevent any spoofing of traffic which might appear to come from your network when its really coming from an outside source with a fake source.

Hi gents,

Well, tried it out, also the link, but still no "stealth"
Only port 135 is "stealth"

See screenshot:-{ Quote: "



Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.




Port
Service
Status Security Implications

0
<nil>
Closed Your computer has responded that this port exists but is currently closed to connections.

21
FTP
Closed Your computer has responded that this port exists but is currently closed to connections.

23
Telnet
Closed Your computer has responded that this port exists but is currently closed to connections.

25
SMTP
Closed Your computer has responded that this port exists but is currently closed to connections.

79
Finger
Closed Your computer has responded that this port exists but is currently closed to connections.

80
HTTP
Closed Your computer has responded that this port exists but is currently closed to connections.

110
POP3
Closed Your computer has responded that this port exists but is currently closed to connections.

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

119
NNTP
Closed Your computer has responded that this port exists but is currently closed to connections.

135
RPC
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

139
Net
BIOS
Closed Your computer has responded that this port exists but is currently closed to connections.

" }-

rgds,
Martin

Hi all,

Just an update,
Not only on Win2000 but also on Win98, Kerio does not provide "stealth"

rgds,
Martin

Hi all,

I don't get this:

At home i do also have a cable connection where every port is "stealth" (running ME)

At work we also have cable and all my ports are closed, accept 135 which is the only one ''stealth" (running 2000 and 98)

Can it be that Kerio is running fine but something else is blocking it to run stealth??

Kerio config screenshot: Is there something there that shouldn't be???

Does it need some extra rules settings??

rgds,
Martin

Hi,

This is one of the reports which i got from grc.com.

Also i have found out that Kerio is not the culprit, i uninstalled Kerio, gave Zonealarm a try, outcome the same, gave Sygate a try, outcome the same.

Running without a firewall, GRC gave the same results as i was running Kerio or ZA or Sygate, so i think there is something else the matter, but what??

rgds,
Martin

The work ISP is using a firewall or a proxie probably.

Well thanks Root,

But can this be solved???

rgds,
Martin

Checked it out Root,

They apply no firewall and no proxy.

rgds,
Martin

Hi all,

Just found out that they are behind a NAT router with VPN, could this cause why i can't get stealth??

rgds,
Martin

Your ISP, or the modem is doing this. Either way, its not you, and you can't control they way it reacts anyway. Don't worry about it.

Edit: You replied right as I replied, yes a NAT configuration can do this. If your not in control of the NAT, don't worry about it, its not your machine.

Hi,

Is there a way to be "stealthed" dispite of the NAT router.

rgds, and thanks
Martin

You don't control the NAT device, you can't control traffic before it arrives at the NAT device, don't worry about it. Stealth is not that important. ;)

Oké BlitzenZeus,

Thanks for the info.
Why is stealth not important???

rgds,
Martin

Closed, and stealth hold the same amount of security. Hardware devices don't stealth traffic since they are made to work under standards, which require a closed response to be sent when a packet is received to an unopened port.

Neither allow for a server connection to be opened. Stealth merely drops packets compared to closed which is required to send a response saying the port is closed.