Kerio - How do I handle this?

Hi,

Just switched over to Kerio this afternoon...it past port probe tests on GRC and some tests on PC Flank, but then on the quick test I got the following warning:
The test found visible port(s) on your system: 80
Recommendation:
Install personal firewall software. If you have already installed and are using a firewall, check if it is set to make all the ports of your computer invisible (hidden). If it is, then get new firewall software and redo this test.

Sorry, I know this is a dumb question, but I'm learning here...

What rule can I type in to Kerio to make all ports on my computer invisible (stealthed), hidden...?

Thanks!

 

Hi darksky

Some of the firewall test sites are not always consistent or correct for any number of reasons.

One thing you could try would be some online tests at other sites to see how your results compare. A convenient list can be found in the following post by Tassie_Devils:
https://www.wilderssecurity.com/showthread.php?t=6341

If you feel you still have an issue with your port 80 results, we can then get into rule set specifics.

Regards,
CrazyM

 

Hi, I tried several other test sites. Kerio is consistently failing to stealth port 80 which makes me wonder if it's failing to do the same on other ports as well.

How can I make Kerio cause all ports on my computer to be invisible (stealthed), hidden...? What rule or rules can I type in to accomplish this?

Thanks,

Mark

 

Hi darksky

The port 80 issue could be a result of what filtering your ISP may be doing. Do you know if they filter anything inbound before it gets to you?

Do you have anything in your rule set allowing inbound to local service/port 80?

Perhaps you could post your rule set in order that we may check it and comment. Just delete any personal info or IP's that do not need to be share with everyone.

...example attached.

Regards,
CrazyM

 

I use Kerio 2.1.4 and have had no trouble. To arrive at this unbeatable situation one has to first scrap all those preset rules and start from scratch as well as limiting your browser port privileges.

In conjunction with this I use Naviscope 8.70 with its privacy features to enable even more added security. It only has the same ports' access as IE6 and still works brilliantly blocking referrer, User Agent etc.


Just have a look at the ruleset courtesy of the Kerio Support Group at Yahoo and use basic rulesets as stated. I pass stealth in my Win98SE at every site and have never failed a test yet.

1. What are some basic set of rules for KPF?
Kerio comes with a default set of rules but most people soon want to setup more specific rules themselves. These are suggestions that have been compiled over trial, error, experience and a lot of twiddling by hundreds of experienced Kerio / TPF users.
Note 1: The loopback rule isn't technically needed anymore unless you use apps that that use loopbacks themselves.
Notes:
Rule 1 is your NetBIOS blocks. Enter them as displayed. Even if you have removed NetBIOS from your Network applet, these will serve to "Notify" you of any attempts. (Of course, this assumes you are NOT legitimately using NetBIOS on your system.)
Rules 2 - 4 allow any application to connect to your Domain Name Servers. If your ISP uses 4 different servers, yours may add and use more or less.
Rules 5 - 7 are the balance of the ICMP rules.
Rule 8 is a loopback rule to 127.0.0.1 (your computer) for Internet Explorer's cache.
Rules 9 - 10 are the "application specific" rules. only Internet Explorer and Outlook Express are given as examples In general, you'll write one or two rules for each application that you want to access the internet. for some common applications rules check here
Rule 11 is the "Block Everything" rule. Enter it as shown but don't enable it until all of the "kinks" are out of your ruleset. Let the Rule Assistant (ask for action when no rule is found) work for you to show you where problems are occurring.
RULE 1:
Description: Block Inbound/outbound NetBIOS TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Incoming/outgoing
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Any
Port type: port/range
First Port: 137
Last Port: 139
Action DENY
= = = = = = = = = = = = = = = =
RULE 2:
Description: ISP Domain Name Server Any App UDP
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: (Your ISP DNS) IP number
Port type: Single
Port number: 53
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 3:
Dsecription: Secondary DNS ISP address
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: (secondary ISP DNS) IP number
Port type: Single
Port number: 53
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 4:
Description: Other DNS
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Single
Port number: 53
Action DENY
= = = = = = = = = = = = = = = =
RULE 5:
Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Request
Remote Endpoint: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 6:
Description: Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 7:
Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Select All
Remote Endpoint: Any
Action: DENY
= = = = = = = = = = = = = = = =
RULE 8:
Description: IE Cache
Protocol: UDP
Direction: Outgoing
Port type: Any
Local App: Only selected below => iexplore.exe
Remote Address Type: Single address => 127.0.0.1
Port type: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 9:
Description: Internet Explorer-Web browsing
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => iexplore.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 80,8080,3128,443,20,21
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 10:
Description: Outlook Express
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below => msimn.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 25,110,119,143
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 11:
Description: Block Incoming/Outbound Unauthorized Apps(Notify)
Protocol: Any
Direction: Incoming/Outgoing
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
If you are on a LAN you might need to allow NetBIOS to and from computers on your LAN. You should insert two rules before rule 1:
RULE a:
Description: Trusted Inbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE b:
Description: Trusted Outbound NetBIOS TCP UDP
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Trusted Address Group
Port type: Port/Range
First Port: 137
Last Port: 139
Action PERMIT