Kerio and being "stealth"

Hi al,

At home iam using WinME and Kerio 2.15, running smoothly and stealth. (every port)

Today i installed Kerio on a Win2000 pro, and i was amazed that only port 135 was stealthed and the rest, checked at grc.com, was only closed??

Does this sound familiar to 2000 users??

Is there something to do about this??

Kindly some helop on this issue.

rgds,
Martin

 

Re:Kerio and win2000 pro

Hi
If you make your last rule to block everything, you will be stealthed.
Dolf

 

Re:Kerio and win2000 pro

Hi Dollefie,

can you tell me how this can be, cause if i block everything, i can't do anything, at least that how i look at it.

Can you tell me how to set this rule up??

thanks,

Martiin

 

Re:Kerio and win2000 pro

That's why you have to put it up as the last rule. You have to specify all 'legal' actions in rules before that last one.
I did it when I thought everything I needed to permit has an allow-rule.
Also I made that last rule to show an alert, so I could check I missed nothing.
Dolf

 

Re:Kerio and win2000 pro

At first you might want to disable that rule and set the slider of the administration form at "ask me first" instead of "deny unknown" , then you will be asked if it will create a rule for you.
Dolf

 

Re:Kerio and win2000 pro

Well thanks Dollefie,

I give it a go, and let you know

rgds,
Martin

 

Re:Kerio and win2000 pro

be sure to check if your deny-all-rule is allways the last, because automaticly generated rules will be added at the end...

 

Re:Kerio and win2000 pro

I will, thanks

rgds,
Martin

 

Re:Kerio and win2000 pro

Were missing some information about your network configuration since this should not happen unless they made some real big allow rules by mistake, or checked the internet gateway option.

Are you on a lan/Ics network, and/or using a router also? If your using ICS, is your machine the ICS host?

 

Re:Kerio and win2000 pro

Iam on a Lan, no router, just a Hub.

thanks,
Martin

 

Re:Kerio and win2000 pro

Go over this link, section three, its for ICS, but it works quite well for Lan configurations also.
Is there ANY way to stay stealth on all ports and STILL have ICS enabled?

By separating the communications by subnet mask which this link does, it will prevent any spoofing of traffic which might appear to come from your network when its really coming from an outside source with a fake source.

 

Re:Kerio and win2000 pro

Hi gents,

Well, tried it out, also the link, but still no "stealth"
Only port 135 is "stealth"

See screenshot:

rgds,
Martin

 

Re:Kerio and win2000 pro

Hi all,

Just an update,
Not only on Win2000 but also on Win98, Kerio does not provide "stealth"

rgds,
Martin

 

Re:Kerio and win2000 pro

Hi all,

I don't get this:

At home i do also have a cable connection where every port is "stealth" (running ME)

At work we also have cable and all my ports are closed, accept 135 which is the only one ''stealth" (running 2000 and 9

Can it be that Kerio is running fine but something else is blocking it to run stealth??

Kerio config screenshot: Is there something there that shouldn't be

Does it need some extra rules settings??

rgds,
Martin

 

Re:Kerio and win2000 pro

Hi,

This is one of the reports which i got from grc.com.

Also i have found out that Kerio is not the culprit, i uninstalled Kerio, gave Zonealarm a try, outcome the same, gave Sygate a try, outcome the same.

Running without a firewall, GRC gave the same results as i was running Kerio or ZA or Sygate, so i think there is something else the matter, but what??

rgds,
Martin

 

The work ISP is using a firewall or a proxie probably.

 

Well thanks Root,

But can this be solved

rgds,
Martin

 

Checked it out Root,

They apply no firewall and no proxy.

rgds,
Martin

 

Hi all,

Just found out that they are behind a NAT router with VPN, could this cause why i can't get stealth??

rgds,
Martin

 

Your ISP, or the modem is doing this. Either way, its not you, and you can't control they way it reacts anyway. Don't worry about it.

Edit: You replied right as I replied, yes a NAT configuration can do this. If your not in control of the NAT, don't worry about it, its not your machine.

 

Hi,

Is there a way to be "stealthed" dispite of the NAT router.

rgds, and thanks
Martin

 

You don't control the NAT device, you can't control traffic before it arrives at the NAT device, don't worry about it. Stealth is not that important.

 

Oké BlitzenZeus,

Thanks for the info.
Why is stealth not important

rgds,
Martin

 

Closed, and stealth hold the same amount of security. Hardware devices don't stealth traffic since they are made to work under standards, which require a closed response to be sent when a packet is received to an unopened port.

Neither allow for a server connection to be opened. Stealth merely drops packets compared to closed which is required to send a response saying the port is closed.