Kerio unstealthed ports

On the latest version of Sunbelt Kerio Personal Firewall I ran the GRC Shields Up test and found that ports 1025 and 1044 were closed but not stealthed and ports 1029 and 1041 were open. Can somebody tell me how to change this so that all ports are stealthed? Thanks for any help you may be able to give.

 

Strange because I have the latest Kerio and I ran the Shields Up! tests and in all tests run I recieved a Pass.

When is the last time you ran an anti-virus scan? What other things are you doing for security, i.e., router, etc.?

 

In your app list have you got "any other application" set to block internet inbound?

 

"any other application" is set to ask.

I ran an antivirus test 2 days ago using avast free edition. This was also about the time I noticed that the ports were open so I haven't gotten a virus since then that's causing it.

I do not have a router. My security comes from Kerio Firewall, Windows Defender with realtime protection enabled, Avast free edition antivirus with on-access enabled, Ccleaner for secure erasing, Ad-aware SE, Spybot, and Spywareblaster with all protection enabled. I'm on dialup if anyone cares. Thanks for the help.

 

GET A ROUTER! Seriously, it is incedibly important for your security. It is first line defense.

 

All stealthed here too

 

Since he's using a modem (he's a dialup user), where do you propose that he install the router?

Phil

 

Using the latest version of Sunbelt Kerio. All stealth.

 

My bad.

 

Ok now that we've established I'm the only Kerio user in the world who isn't stealthed, can somebody help me become stealthed?

 

Does the modem have FW? Did you change the predefined rules?
Do you have rules allowing which incoming trafic? (screenshots if you can, or describe the rules)
I don't know that much myself, but knowing what rules you have helps.
If you have those ports open, you could have some rule for that. Your computer is replying. Info

 

Hi, eboula

You could all way try:- Windows Worms Doors Cleaner

Take Care,
TheQuest

 

Change it to block in the internet inbound column.

 

Do you have any chat (instant messaging) or file sharing software installed?

Phil

 

Hello eboula,

For open/closed ports to be shown, then you must have "allow inbound" rules in place. In (sunbelt)Kerio, this will be in the application lists as "allow inbound from the internet". The ports you mention are typical of svchost/dcom, so would suggest first checking on the rules in place for svchost.

 

Thanks for your help. 1044 is now stealthed thanks to stem. The others remain unchanged. The modem does not have any firewall. The only firewall I have at all is Kerio. I have Trillian and Gaim. I used Trillian up until a couple of days ago when it started giving me an error message saying the neccessary components couldn't be found then started using Gaim instead. I have no file sharing programs.

Here's a screenshot of my applications tab under network security.

http://img183.imageshack.us/img183/9733/keriosz1.th.jpg

 

Hello eboula,
kpf4gui.exe should certainly not need inbound from the internet, so you should change to either ask or block then perform an online scan again.

 

That didn't change anything. Thanks for trying. Any other help?

 

What he said is valid in general: look for rules with inbound allowed. Network Security - packet filter; and the predefined rules.

 

i dont have any rules set under packet filter. the only rules i set are in the screenshot

 

Hello eboula,

I find this strange,.. I have installed kerio (many versions) without this issue. The ports still showing (as open/closed,..) are these 1025/1026?

I will of course install the same version as you (which version) to try and reproduce this. Any other info, such as other security applications installed would help in trying to trace this

Stem

 

I just ran the test again getting ready to reply to this and it now says all ports are stealthed even though I haven't done anything since my last post... And I know I haven't because I haven't even been on my computer since my last post... Odd... Well I guess that solves it for now... I'll post again if I have any more problem... Thanks for the help.

 

I sometimes wonder about the Shields Up test. I had have the same thing happen where at one visit it showed a port or two being closed rather then stealth - then revisited some 15 minutes later without changing a thing and showing all stealthed. I would suggest creating a packet filter logging all activity to and from the ports in question and see what it shows. Also, there are a couple of other testing sites available, so I would go to them also and see if you receive the same results as with Shields Up.

 

Comodo puts itself to blocking shields up! i think when you scan all the service ports so the results are not really reliable. When too many port scans. Not sure about Kerio 4.
Kerio 2 does not do that kind of fake attack blocking.

Anyways it should not be a problem to making sunbelt kerio stealthed, it is all in the rules.

Comodo doing that it is not anything bad, only to let you fellow members know that what you read after some tests are not maybe what you expected to be testing.

 

Just a note:

Some scans, depending on the port range, may be scanning/showing the ports being used by the browser. How the firewall handles unsolicited or "not-allowed" packets to these used ports does depend on the firewall, and the setting you have (in the firewall) for the browser.

For simple example, if you are using IE, this does like to use the lower ports >1024, and scans made on say, 1024-1200 while using IE can give results of closed ports. The ports used by the browser do change and are random, so some times you could see a closed port at 1100, then scan again 5 minutes later, that port could then be stealthed but port 1150 shows as closed.

The main concern is if the ports are showing as open.