Rules for TDS-3 with Kerio 2.14?

Discussion in 'Trojan Defence Suite' started by Bowserman, May 8, 2003.

Thread Status:
Not open for further replies.
  1. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Hello all! Was just wondering what rules to create in Kerio to give TDS-3 full access :doubt:?

    I believe I have done well so far, but need to know if any more are needed. All input would be appreciated ;).

    Regards, Jade.
     

    Attached Files:

  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Sorry Jade, not running kerio myself becaue i did not want to put energy in understanding sertting up rules this moment, looking on your screenshot it doesn't ring any bells for me, but i'm sure others can jump in with real help!
     
  3. Finn McCool

    Finn McCool Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    49
    Location:
    New Orleans
    AFAIK, the only access TDS needs is for update and possibly for e-mail of trojan samples.
     
  4. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    TDS doesn't need any internet access or network access of any kind, but update.exe if you use that needs to connect out on port 80 to retrieve updates. If you use network-related features in TDS, then naturally you'll need to grant access to tds3.exe. Likewise, if you tell TDS to listen on sockets, then youll need to grant access to tds3 to listen on those ports. So essentially, you only need to grant access if you use network features of TDS. :)
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Jade

    I agree with Wayne. Besides allowing for updates, the rules required will be dependant on the options in TDS-3 that you use.

    In regards to your PE rule(s) for Who Is (remote service/port 43), you have that restricted to 2 remote addresses. I believe the server list in PE is extensive, so you may want to have one rule for any remote address. I think you can trust PE and it's server list ;).

    ps. your IE to proxy rule will need to be ammended to allow to the proxy only on remote service/port 8080 if that is what you intended.

    Regards,

    CrazyM
     
  6. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Thanks for the quick replies people ;). Now, I like to use all the options in TDS-3, so, I should keep the "Update.exe" rules and then just allow full access to "TDS3.exe", is that correct? Wayne? Anyone?

    Also, CrazyM, I will apply your advice to the PE rules. But, in regard to my IE Proxy rule, do I really need to make the changes as stated? - just that over at DSLReports, this seems to be the way to go with rules for the "IE Proxy" rules in the Kerio forum :doubt:.

    BTW, this site - and others affiliated with it ;) - has to be the quickest for replies. Period :D :D.

    Regards, Jade.
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Jade

    Your update rules are fine, you could be prompted for other servers than the two you have it restricted to now. Rather than give TDS blanket access, carry on as you have and create rules for the options/plug-ins as required. You can always disable/uncheck them when not in use.

    The IE to Proxy rule only needs remote address: 127.0.0.1 and remote service/port 8080 to restrict it to the proxy. Your outbound rule(s) for Proxomitron determine what it (IE or any other program restricted to the proxy) can access on the Internet in the way of remote services/ports.

    We aim to please and are glad to help out :).

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.