Kerio 2.1.5

Discussion in 'other firewalls' started by Derek, Jul 29, 2006.

Thread Status:
Not open for further replies.
  1. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    Don't laugh, still using W98SE and Kerio 2.1.5 Firewall.

    I just had an alert "Incoming IP protocol 46" and don't know whether I should Permit or Deny this. The only thing I could find about it was this:

    http://support.microsoft.com/kb/811832/

    Not sure that I'm any the wiser and in any event this is not for W98.

    Any ideas which way I should go? Thx.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Internet Protocol Numbers

    Protocol 46 (RSVP) Reservation Protocol

    This may be from your ISP (Quality of Service (QoS)), but blocking this or anything you are not sure of is possibly the best policy (as long as it does not affect your internet connection. You could check the IP this came from, if it is your ISP, you could e-mail them concerning this).

    Personally, I would block this.
     
  3. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    Thx for link. Good bit of reading about RSVP around if I can fathom it.

    Yes, if in doubt I do usually block - I've only once got this wrong and slowed the internet dramatically.

    I screen captured the alert at the time which was "during an internet purchase". This is what it say in the details box:

    Application: 'Tcpip Kernel Driver';protocol:[46];
    Remote address 195.234.156.237: Unknown event

    From Arin I see this is Ripe Network Coordination Centre - Amsterdam.

    In the past I've tended to assume Ripe is OK (?)

    Thanks for input, definitely moved me a few steps forward.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You need to further your search onto the "Ripe network" http://www.ripe.net/ which wiil show:-

    195.234.156.0 - 195.234.156.255
    IGROUP-LTD
    igroup Limited
    Watford
    GB
     
  5. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    Stem

    Ooops, seems I didn't try anywhere near enough....

    Having Googled around there seems no reason to ever dream of permitting that entry.

    Thanks so much for your time, interest and admirable responses. They have been a great help and an education.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Derek,
    If all your applications that need internet access are currently covered within your firewall, then maybe a block all (or at least a block all inbound) rule at the end of your ruleset would drop any unsolicited entry/scan attempts in the future.


    Stem
     
    Last edited: Jul 29, 2006
  7. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    Sounds like a good idea. I'll look into that.

    Thx again.
     
  8. Derek

    Derek Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    12
    I've just saved a new rule set with the last rule as "block all bothways" and all earlier individual blocking rules deleted. You reminded me about the importance of placement (I hardly have to touch it these days).

    Early days yet but so far it seems fine, websites, downloads, email etc all working. I can always dig out my previous rule set if anything goes awry, or slip in some earlier permission to the new set.

    Thx
     
Thread Status:
Not open for further replies.