Kerio Personal Firewall - Why is PERSFW.EXE "Connected In"?

Discussion in 'other firewalls' started by Privacy, Jan 8, 2003.

Thread Status:
Not open for further replies.
  1. Privacy

    Privacy Registered Member

    Joined:
    Jan 8, 2003
    Posts:
    11
    Hi. I'm a little miffed as to why PERSF.EXE is "Connected In" and is always receiving data. When I first noticed it was doing so, it had already received over 800kb, according to the Firewall Status application. This is a report from the Firewall Status application (I have also attached an image which I took after posting this message):
    It is slowing down my internet connection (dial-up, so 2kb/s is quite a lot) do I've disabled it for now. I'm thinking of trying another firewall if this is going to persist. Any recommendations? There's only one pre-requisite, which is freeware. Thanks in advance!
     

    Attached Files:

  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Privacy, and welcome!

    Could you possibly post a screen shot from your rule set? Would help ;).

    regards.

    paul
     
  3. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    That is perfectly normal operation. Kerio is just showing you the fact that it *is* passing all received data through itself and applying your ruleset. As for the slowing down, you need to set a loopback rule as your top-most rule in your set -- or at least *above* Internet Explorer. That will speed things up considerably.

    Rule Name -- Loopback
    Protocol -- Both (TCP and UDP)
    Direction -- Both
    Remote -- Single Address, 127.0.0.1 Any Application
    Local -- Any App., Any Port

    That should do the trick. ;)

    Phil
     
  4. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Phil,

    You might also be more restrictive for your loopback rules :

    Description : Loopback Cache IE
    Protocole UDP
    Direction : Outgoing
    Local Port : Any
    Local App : Only selected below => iexplore.exe
    Remote address Type : Single
    Host Address : 127.0.0.1
    Port Type : Any
    Action : PERMIT
    ** Before your IE rules
    = = = = = = =

    Description : Loopback Cache OE
    Protocole TCP
    Direction : Outgoing
    Local Port : Any
    Local App : Only selected below => msimn.exe
    Remote address Type : Single
    Host Address : 127.0.0.1
    Port Type : Any
    Action : PERMIT
    **Before your OE rules

    Rgds,
     
  5. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    I might be, but I'm not because I have other apps that need loopback. I believe the less rules the better, if for no other reason than more rules means more processing time, so I don't want a rule for every app I use that needs loopback. Besides, I don't care if my machine talks to -- my machine. :D

    You are correct that a more restrictive ruleset would be better for most people regarding loopback, if for no other reason than as a learning tool. But for *me*? Nah.

    Phil
     
  6. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Phil,

    There is already a build in loopback rule in KPF from v 2.1b3.
    No need to allow IN to your applications loopback rules. Very few apps need to add a loopback rule.

    No known exploit till now on port 44334 but no need to allow anything useless ;)

    Cheers,
     
  7. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    That's how I understand it. The old Tiny Personal Firewall required the loopback rule, but there was the issue of that leaving you vulnerable if you were connected to the internet via proxy. A malicious application would be able to "tunnel" through the proxy. The rules that Paul proposed are needed in order for IE and OE to access internet cache. This should speed up the connection. Hope this helps.
     
  8. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    Sorry. I meant this should increase the speed by which web pages load.
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    There is one consideration to keep in mind about unlimited loopback rules.
    If you setup unrestriced loopback in any firewall, and you are using a Proxy program such as Proxo, it is possible for a program to gain unrestricted, unfiltered access to the internet, thru the loopback thru the proxy.
    This has been kicked around in various forums here and there, and the general concensus of some is that if you use Proxo, or a similar program and you have to setup a loopback rule for it to work, allow loopback on all the ports except the port that the proxy uses.
    This is an area I have been trying to understand fo a long time now, and I don't claim to be proficient in this. It is difficult to see all the possibilities that arise with proxies using loopback.
    I think for those that can, keep all your rules as tight as possible. I review my firewall rules from time to time to see if I have allowed something that is not necessary. I learn more every day.
     
  10. Terryala

    Terryala Guest

    o_OI have a question as an home user of my computer. I'm currently running Kerio Personal Firewall. Should I use the setting that Y'all have mentioned above. I'm still learning how to set things up pertaining to different programs so any advice is a great help for this old man. Thanks Terryala aka (Grand Dad)
     
  11. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Useless? Can you *really* see my system from where you sit? :D :D

    I should keep in mind my ruleset is *very* specific to my system whem making any recs. Although a general loopback *is* needed on my system for reasons I won't explain on an open forum, it is NOT needed on the vast majority of systems. A tighter ruleset is always preferable. The protections and restrictions I have in place to prevent any unauthorized use of that rule would not be present in most cases.

    Therefore, I apologize to any and all that may have considered using my ruke to their possible detriment.

    Phil
     
  12. SpaceCowboy

    SpaceCowboy Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    40
    i think your loopback rule is fine PHIL. i also use Kerio 2.1.4 and have a loopback tcp&udp rule.
    this is a good thread about loopback and using proxomitron. i have used his examples in applying my own rules in Kerio. scroll down to the post by hpguru
    http://www.dslreports.com/forum/remark,2896630~root=kerio~mode=flat

    ok for some reason the link above doesnt work when you click on it. copy and paste the whole thing in your browser and it will work then.

    link modified and will work now - CrazyM
     
  13. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    "No need to allow IN to your applications loopback rules. Very few apps need to add a loopback rule."

    lol I don't need to see a PC to know that there is no reason it is useless allowing anything which is not needed, if you system need it , than use it lol.

    For the lambda user, with the build in loopback rule in KPF, no need to allow IN for loopback rules for IE et OE, that's what I mean :)

    Cheers,
     
  14. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi Terryala, and welcome.
    In order to not confuse things here, would you please start a new thread as to what your exact question is and what are the circumstances surrounding it.
    Example:
    I use Kerio PF on a windows XP machine and I use xyz program that needs a loopback rule because......
    I think you get the idea.
    Mods and others work best when lots of information (NOT personal) is available.
     
  15. Privacy

    Privacy Registered Member

    Joined:
    Jan 8, 2003
    Posts:
    11
    Thanks for the replies all. I must say, however, that pretty much all of it went over my head, and I ended up reverting to ZoneAlarm for it's ease of use. I'm going to do a little researching on how to set up rules and how to actually use a rules-based firewall, so all hope is not lost in KPF just yet. :)

    Thanks again!
     
  16. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    It would be my suggestion you do just that. Once you learn how to properly configure a rules-based firewall (and it's not that hard - sniping to the contrary) and you *take* control of the software instead of giving it up, you will not want to do it any other way. :)

    Phil
     
  17. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Privacy
    Nothing wrong with taking time to learn. Knowledge is your best defense and it is to your credit that you willing improve your understanding of how things work.

    To help give you some ideas on how rules can be set up, the following might help you along the way.

    Customizing Rules

    System Wide
    Global Permit/Block
    Application
    Final Block

    Regards,
    CrazyM
     
  18. Great thread!!!

    Be well...
     
Loading...
Thread Status:
Not open for further replies.