Hello,To all Well here i go again could someone have a look at these rules tell me if i should add or move anything at all well have a good one Thank you
Hi AAP I find the wording confusing for your ICMP rules (but can't quite see the entire caption). The first starts off "Outgoing" but is actually for Inbound. I will usually try to include the ICMP type in the caption so you can tell at a glance what the rule is allowing/blocking. Inbound ICMP type 0, 3, 11 Outbound ICMP type 3, 8 Block all other ICMP The rules for LSA Shell, Window Logon, Userinit Logon and Microsoft-DS are default rules. If you do not require them, try disabling them (uncheck). You will be propmpted for anything you may require and can enable the rule then. Once you are certain you do not need the rules, you can delete them. Regards, CrazyM
Hi,CrazyM Well here i am hehe have a look please tell me if you think i should add or remove anything more also do you think i need to move any of these items up or down you have a good one Good luck
Hi AAP Just in case you were not following the other post... "After all this hard work, be sure to save off your rule set. You can do this under administration > miscellaneous > firewall configuration files. Once saved (by default to the Kerio directory), copy it elsewhere for safe keeping. If you ever have to reinstall you can then just load that .conf file without having to redo your rules. This file is also portable between systems." Regards, CrazyM
Hey,CrazyM Yes i found this out the hard way so i did just as you said & i have it on a disk just incase you have a good one Thank you
It looks to me all you guys are right paranoid on ports 137-139 which means you have not unbinded your netbios from your System adapter: Heres how to do it: Do this, This is very important. If you are using WIN98SE, You need to select microsoft windows logon or family logon(Whether you are lan or dial up user, microsoft Networking user or not) Please go to control panel and select Network, and not dial up networking, to do the following: First, check whether you have to install NetBEUI as a Network protocol, if not, just click on Client for Microsoft Network,click "ADD", select protocol, and install the NetBEUI. After that, follow the below procedure: (1)If you are a dial-up user, just select the icon "TCP/IP->Dial up adapter" in Network, and unbind the 2 boxes(Client for microsoft Network and Microsoft Family logon), under the binding tabs. whatever windows asks you, just click ok or yes. (2)After that click on the icon "NetBEUI -> dialup adapter" and under the bindings, bind the 2 boxes (Client for microsoft Network and Microsoft Family logon). (3) Now, select the Dial up adapter, under the bindings tab, select or bind the boxes NetBEUI->Dialup adapter and TCP/IP->Dialup adapter. Note: (1)& (2) is the Networks Transport protocol, (3) is the Network adapter or hardware adapter. If you are on a Lan, cable modem or DSL user, you should bind your network adapter to TCP/IP and NetBEUI, and unbind other components (like IPX/SPX transport protocol), procedure is same as above, the only thing different is, the Dial up adapter has become the Lan adapter or Modem adapter. After you have done all the above, you can unbind your netbios. However, if you are a Microsoft Networking user and you find that you can't connect to the internet after you do the above, you have to go back to (3) and bind the 2 boxes (Client for microsoft Network and Microsoft Family logon), under the Network adapter and I believe you will not be able to unbind the Netbios. source: fookong_yap NOTE: If your ISP disallows you to connect when you unbind NETBIOS from your Client adapter then you need another ISP as they want to maintain control on your Computer!!! source: DEAN. I also suggest you use these policies: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network] "NoFileSharingControl"=dword:00000001 "NoEntireNetwork"=dword:00000001 "NoWorkgroupContents"=dword:00000001 "NoNetSetup"=dword:00000001 "NoNetSetupIDPage"=dword:00000001 "NoNetSetupSecurityPage"=dword:00000001 "NoPrintSharingControl"=dword:00000001 "NoFileSharing"=dword:00000001 "NoPrintSharing"=dword:00000001 "DisablePwdCaching"=dword:00000001
If your port 135 is open, that means you have allowed the server in your rules, and you need to edit your rules. Kerio provides the firewall status screen and you should see svchost.exe listening, simply spend some time with your rules to make sure nothing show up as a server, and that you fully understand what your rules are allowing. Its best if you delete the default rules first since they can be a source of this, but their purpose was so your computer was actually able to boot under certain configurations after being installed.