incoming ICMP kernal driver packets

Discussion in 'other firewalls' started by Mua-Kell, Jul 6, 2003.

Thread Status:
Not open for further replies.
  1. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Yes I use Kerio per.firewall,Ill be online and the firewall alerts me to incoming ICMP kernal driver packets.(usually from verizon or Q-west).My problem is it shuts down my explorer with an error message and I have to start all over again and pray no more incoming traffic comes my way.I dont want to allow any snoops to sneak spyware onto my system so I deny access.Is there any way to configure a rule where Kerio does not interupt me,yet keeps the spys out?P.S.Greetings Pieter and Dan and everyone else!!!
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Mua-Kell

    Could you post some sample log entries of what is being blocked.
    Also, what ICMP rules do you have in place right now?

    Regards,

    CrazyM
     
  3. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Well obviously I havent set up my firewall,either well or at all.I didnot have it set to record suspicious attempts in the log file.And I think I had it set to permit any incoming.So should I check the deny box?
     
  4. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    incoming icmp time exceeds...permit.other icmp...deny.outgoing PING(incoming icmp...permit.Outgoing PING...permit.Outgoing reply on PING...permit.
     
  5. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    CrazyM, as soon as I get any more suspect incoming traffic I'llpost it.they are being logged now!This should not take long it happens often.If I'm in a game server on sometimes on a web page I either get kicked out of the server or an explorer error message.Im usin Win 98 S.E.,a56k internal modem with dial-up conn.Also the connection prompt comes on at start up without me asking for it.
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Well hopefully we can help here.

    Probably best for now unless you need to troubleshoot something in particular.

    If you have a permit all inbound rule, that is not a good thing.
    Change it to block and move it to the bottom of the rule set.

    Regards,

    CrazyM
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Basic ICMP rules that should be safe for most users:

    Permit Inbound: type 0, 3, 11

    Permit Outbound: type 3, 8

    Block All Other ICMP (direction either)

    Regards,

    CrazyM
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Mua-Kell

    Some other links you might find useful:

    Kerio and pre-v3.0 Tiny PFW FAQ

    Customizing Rules

    System Wide
    Global Permit/Block
    Application
    Final Block

    I have also attached an image of a complete rule set as an example/guideline. Your rule set will have to be tailored for you.

    The sample uses application specific loopback rules instead of a generic loopback rule(s) for any applications. The one rule you would not want to use right away would be the "Block Outbound All Other". Let the firewall prompt you instead for anything wanting access.

    Regards,

    CrazyM
     

    Attached Files:

  9. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Thanks CrazyM,I'll set it up right now.You know we users really apprieciate the folks at Wilders for all they have done to keep us up and running.You guys survive that mass hack thing yesterday?
     
Thread Status:
Not open for further replies.