firewall??? show me an easy one

Discussion in 'other firewalls' started by tiluid, Mar 7, 2005.

Thread Status:
Not open for further replies.
  1. Arup

    Arup Guest

    http://digilander.libero.it/zancart

    Cant' believe something truly good as this one is free, many thanks to people like him. Also truly appreciate people like BZ, Ghost and others for making it possible to use Kerio 2.15 to it's full potential.
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    It's really hard to compare the two. Their interfaces are different. What I like about Kerio is that everything is there all on one screen.. the app, IP's, ports and so on. Easy to see. In LNS it's a little different. The rules are separated from the apps in different screens. There are times when you need to allow an app to connect out and also you might need to add a rule or two to accomodate it in the rules section.

    I would put the two in the same general class, but LNS perhaps has a little more configurability. You can set TCP flags in LNS where you can't do that in Kerio. LNS also has DLL detection (haven't used it yet though) which I assume is some kind of component control.. not sure yet... and I think LNS is supposed to perform well in leak tests also.

    So far, I like LNS a lot and will run it for a while. I've seen a few bugs, but nothing that I can't work around for now. And it's being actively developed, so chances are bugs will get fixed (hopefully).

    It's very light, like Kerio. I don't really know how else to compare the two. Best thing would be to try LNS if you're interested. I'm liking it so far... ;)
     
  3. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Thx Kerodo for your precious time & give us a feedback...really appriciated. BTW have u tried the new beta driver which Fedric posted 2 weeks back i suppose. If i have to jump in another rule based firewall then LnS would be first choice. As for now i would closely watching this thread abt your experiments with LNS. And have u gathered all the rule posted in official site..givena try yet along with Phantoms ruleset? ah lods of questions...keeping u real busy ;)
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    MushfiQ -

    It sounds like you're already as familiar with LNS as I am... :)

    I've downloaded Phantom's rules but haven't had a chance to look at them yet. As for the new beta driver, no I haven't tried that either. Just p2 as it comes out of the box..
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Arup, I took a look at Winsonar and I don't see anything like app control there. I started up IE and it didn't say a thing. Did I miss something? Or are you referring to something else when you say "app control"? Or worse yet, am I just being a moron and not looking far enough thru the program's features? :)
     
  6. Arup

    Arup Guest

    Kerodo,

    For Winsonar to work, you have to have the tab Kill Unknown Feature While Online enabled. This way, any program which is not on the trusted process, registry kist or port list will get terminated instantly.

    Leaktest and Tooleaky was terminated even before their screens could come up in my system. It even has an un-attended offline mode where no program would be allowed to execute while you are away from your desktop.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Ok, I see. I think I'd rather have it ask me though, instead of having just the kill or allow list choice. I want an interactive dialog.
     
  8. Arup

    Arup Guest

    If you keep that tab off and fast scan on, it will exactly do what you have described above.
     
  9. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Ok, I'll try it out again tonight... thanks...
     
  10. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    hello again Kerodo! Was wondering LnS as u mentioend it imrpved a lot...for a novice user how easy it is for him ...will default ruleset would good start? & i have seen mane faced some probs using p2p..msn messenger file transfer issues etc..or u have downloaded all the rules from the official site & imported them before u launched LnS? A bit tempted agaain to try it this weekend :D Glad that you are giving some feedbacks & results too...Grazie!
     
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I'm having no problem with the enhanced rules provided with LNS. I haven't used any P2P programs yet with it, so I can't say anything about that. I'd recomnend that you try it again and see what you think. :)
     
  12. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    K-

    If a few fragmented packets getting through Kerio 2.15 is bothersome, LnS might not be for you. I don't think it is a bad firewall, or that it will not protect you from worms or other attacks, there just are going to be imperfections, from what I can tell. However, it is under development, so things can be fixed as they are discovered.

    What I found to be interesting was that stateful inspection is not enabled by default in LnS. TCP packets are simply rejected if they have a SYN flag (initiating connection).

    In case you have not noticed, it is 3 weeks since the last release of Jetico PF. I wonder what they are doing. Probably enjoying the last of winter with a cross country ski marathon.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Diver, Look N Stop doesn't have any problems with fragmented packets here.. that's one reason why I like it over Kerio 2. So far I'm enjoying it a lot.

    Jetico has been quiet for a while, yes.. As soon as something happens there I'll be taking another look.

    Meanwhile I've settled down and am using LNS for now. I think I've pretty much exhausted the possible firewalls to try now, finally... ;)

    On another note, I got rid of Avast AV a few days ago. I like it best, but the new version keeps logging errors in my event viewer, so I don't like that much. I'm using AVG now, which probably isn't quite as good, but it appears to be more bug free at the moment.

    If I ever find a bug free piece of software, I'll probably faint in disbelief.. :D
     
  14. Arup

    Arup Guest

    Kerodo,

    How do you test for broken packets with Kerio 2.15? I have tried the broken packet test at PC Flank with my Kerio2.15+BZ and it passed there.
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Arup - I see them coming in here all the time in my Look N Stop logs. They're identified by LNS as fragmented packets. They come in pairs of UDP packets, with one being fragmented and another one to port 1026 concurrently. If I run Kerio, they go right thru the firewall and I can tell because I see resulting outbound ICMP type 3 to the address that the packets come from. You can also see them logged in Sygate as well, always a fragment followed by a packet to port 1026. I think it's just messenger spam. You may or may not see it yourself, depending on whether you have cable and where you are and if you're getting hit by those spammers or not etc. Many people don't see it at all.

    You're supposed to be able to test it by sending out a ping to any address with the -l option specifying a packet size of 5000 or something. Set up a rule in Kerio at the top to block incoming ping replies. Then send out ping <address> -l 5000, and supposedly the reply will be fragmented and go right thru Kerio on return. I haven't tried it myself, just read about it. I can see the outbound icmp type 3 and that's enough evidence for me here.

    There's a thread or two about all this over at dslreports.com somewhere.. it's been debated and discussed in many places. Some don't believe it, others do. Take your pick... :)
     
    Last edited: Mar 12, 2005
  16. Arup

    Arup Guest

    Kerodo,

    Thanks, I have gone through all the threads at DSL about this as well as at various newsgroups, will give your method a try.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.