Kerio 2: Listening state; Opened connections at localhost

Discussion in 'other firewalls' started by Rmus, Oct 10, 2007.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Mar 16, 2005
    Regarding comments in other Kerio threads about Ports and Kerio's "listening state" as shown in the "Opened Connections at localhost" display:

    First, you don't even need a firewall for inbound protection if you have all ports closed by the OS, as proven by myself and others
    who ran/published tests.

    Not to be recommended, of course, since Services and other applications require open connections. How does Kerio protect you and report all of this?

    I'll use an example of my PIM, IS.exe, which uses Port 8000. Here, it is running, and Kerio shows it "listening":


    Just because a Port is in a "Listening" state doesn't make it vulnerable, for Kerio watches to see if
    inbound attempts match the rule. Here, a probe to Port 8000 is blocked:


    Probes to Ports 8080/8000 are common - they are used by Java2EE. When no application on the OS is
    listening on a Port, Kerio lists "No Owner," as seen above for Port 8080.

    If I close IS.exe, Port 8000 is listed as "No Owner":


    I've used a final "Block All" rule in this case. But what if you don't have such a rule? Are you vulnerable?

    Kerio responds in different ways.

    If a Port is in "Listening State" then Kerio alerts:


    If I close IS.exe, then Kerio automatically blocks a probe to an unopened Port, and logs thus:


    So, you are not vulnerable without a final "Block All" rule. All such a rule does is eliminate the constant
    nagging by probes to your ports in "Listening State;" otherwise, you have to create separate rules for those Ports.

    There is a common perception that Kerio 2 is for advanced users only. I totally disagree. All that is required is a basic knowledge of networking terminology - a mistake that I made at first years ago.

    I've observed people with difficulties in attempting to use Kerio by starting out with someone else's ruleset. This is like copying another's math homework. It won't prepare you for the examination.

    I've been successful with general users and Kerio in basic internet connections. Watching Kerio prompt for rules is very instructive and a wonderful teaching aid.

    As a person "advances" to running a network, P2P and other such stuff, accordingly his knowledge will become more "advanced" as required.

    But you don't have to be a "techie" to use Kerio for basic internet protection.

    Last edited: Oct 10, 2007
  2. Jarmo P

    Jarmo P Registered Member

    Aug 27, 2005
    Good post.
    Very clear also due to the pictures included among the words.
    Something anyone new to kerio 2.1.5 or a software firewalls in general should read.
    Thanks Rich.
  3. ccsito

    ccsito Registered Member

    Jul 27, 2006
    Nation's Capital
    Hmm... this seems to run counter to some of the posts that I previously read on Kerio 2.1.5. o_O :doubt:
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.