Kerio 2: Listening state; Opened connections at localhost

Regarding comments in other Kerio threads about Ports and Kerio's "listening state" as shown in the "Opened Connections at localhost" display:

First, you don't even need a firewall for inbound protection if you have all ports closed by the OS, as proven by myself and others
who ran/published tests.

Not to be recommended, of course, since Services and other applications require open connections. How does Kerio protect you and report all of this?

I'll use an example of my PIM, IS.exe, which uses Port 8000. Here, it is running, and Kerio shows it "listening":


_________________________________________________________________

Just because a Port is in a "Listening" state doesn't make it vulnerable, for Kerio watches to see if
inbound attempts match the rule. Here, a probe to Port 8000 is blocked:


_________________________________________________________________

Probes to Ports 8080/8000 are common - they are used by Java2EE. When no application on the OS is
listening on a Port, Kerio lists "No Owner," as seen above for Port 8080.

If I close IS.exe, Port 8000 is listed as "No Owner":


_________________________________________________________________

I've used a final "Block All" rule in this case. But what if you don't have such a rule? Are you vulnerable?

Kerio responds in different ways.

If a Port is in "Listening State" then Kerio alerts:


__________________________________________________________________

If I close IS.exe, then Kerio automatically blocks a probe to an unopened Port, and logs thus:


__________________________________________________________________

So, you are not vulnerable without a final "Block All" rule. All such a rule does is eliminate the constant
nagging by probes to your ports in "Listening State;" otherwise, you have to create separate rules for those Ports.

There is a common perception that Kerio 2 is for advanced users only. I totally disagree. All that is required is a basic knowledge of networking terminology - a mistake that I made at first years ago.

I've observed people with difficulties in attempting to use Kerio by starting out with someone else's ruleset. This is like copying another's math homework. It won't prepare you for the examination.

I've been successful with general users and Kerio in basic internet connections. Watching Kerio prompt for rules is very instructive and a wonderful teaching aid.

As a person "advances" to running a network, P2P and other such stuff, accordingly his knowledge will become more "advanced" as required.

But you don't have to be a "techie" to use Kerio for basic internet protection.

-rich

 

Good post.
Very clear also due to the pictures included among the words.
Something anyone new to kerio 2.1.5 or a software firewalls in general should read.
Thanks Rich.

 

Hmm... this seems to run counter to some of the posts that I previously read on Kerio 2.1.5.