Kerio and being "stealth"

Discussion in 'other firewalls' started by martindijk, Aug 25, 2003.

Thread Status:
Not open for further replies.
  1. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi al,

    At home iam using WinME and Kerio 2.15, running smoothly and stealth. (every port)

    Today i installed Kerio on a Win2000 pro, and i was amazed that only port 135 was stealthed and the rest, checked at grc.com, was only closed??

    Does this sound familiar to 2000 users??

    Is there something to do about this??

    Kindly some helop on this issue.

    rgds,
    Martin
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Re:Kerio and win2000 pro

    Hi
    If you make your last rule to block everything, you will be stealthed.
    Dolf
     
  3. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    Hi Dollefie,

    can you tell me how this can be, cause if i block everything, i can't do anything, at least that how i look at it.

    Can you tell me how to set this rule up??

    thanks,

    Martiin
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Re:Kerio and win2000 pro

    That's why you have to put it up as the last rule. You have to specify all 'legal' actions in rules before that last one.
    I did it when I thought everything I needed to permit has an allow-rule.
    Also I made that last rule to show an alert, so I could check I missed nothing.
    Dolf
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Re:Kerio and win2000 pro

    At first you might want to disable that rule and set the slider of the administration form at "ask me first" instead of "deny unknown" , then you will be asked if it will create a rule for you.
    Dolf
     
  6. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    Well thanks Dollefie,

    I give it a go, and let you know ;)

    rgds,
    Martin
     
  7. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Re:Kerio and win2000 pro

    be sure to check if your deny-all-rule is allways the last, because automaticly generated rules will be added at the end...
     
  8. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    I will, thanks

    rgds,
    Martin
     
  9. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Re:Kerio and win2000 pro

    Were missing some information about your network configuration since this should not happen unless they made some real big allow rules by mistake, or checked the internet gateway option.

    Are you on a lan/Ics network, and/or using a router also? If your using ICS, is your machine the ICS host?
     
  10. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    Iam on a Lan, no router, just a Hub.

    thanks,
    Martin
     
  11. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Re:Kerio and win2000 pro

    Go over this link, section three, its for ICS, but it works quite well for Lan configurations also.
    Is there ANY way to stay stealth on all ports and STILL have ICS enabled?

    By separating the communications by subnet mask which this link does, it will prevent any spoofing of traffic which might appear to come from your network when its really coming from an outside source with a fake source.
     
  12. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    Hi gents,

    Well, tried it out, also the link, but still no "stealth"
    Only port 135 is "stealth"

    See screenshot:
    rgds,
    Martin
     
  13. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    Hi all,

    Just an update,
    Not only on Win2000 but also on Win98, Kerio does not provide "stealth"

    rgds,
    Martin
     
  14. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    Hi all,

    I don't get this:

    At home i do also have a cable connection where every port is "stealth" (running ME)

    At work we also have cable and all my ports are closed, accept 135 which is the only one ''stealth" (running 2000 and 9:cool:

    Can it be that Kerio is running fine but something else is blocking it to run stealth??

    Kerio config screenshot: Is there something there that shouldn't beo_O

    Does it need some extra rules settings??

    rgds,
    Martin
     
  15. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Re:Kerio and win2000 pro

    Hi,

    This is one of the reports which i got from grc.com.

    Also i have found out that Kerio is not the culprit, i uninstalled Kerio, gave Zonealarm a try, outcome the same, gave Sygate a try, outcome the same.

    Running without a firewall, GRC gave the same results as i was running Kerio or ZA or Sygate, so i think there is something else the matter, but what??

    rgds,
    Martin
     
  16. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    The work ISP is using a firewall or a proxie probably.
     
  17. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Well thanks Root,

    But can this be solvedo_O

    rgds,
    Martin
     
  18. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Checked it out Root,

    They apply no firewall and no proxy.

    rgds,
    Martin
     
  19. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi all,

    Just found out that they are behind a NAT router with VPN, could this cause why i can't get stealth??

    rgds,
    Martin
     
  20. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Your ISP, or the modem is doing this. Either way, its not you, and you can't control they way it reacts anyway. Don't worry about it.

    Edit: You replied right as I replied, yes a NAT configuration can do this. If your not in control of the NAT, don't worry about it, its not your machine.
     
  21. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi,

    Is there a way to be "stealthed" dispite of the NAT router.

    rgds, and thanks
    Martin
     
  22. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    You don't control the NAT device, you can't control traffic before it arrives at the NAT device, don't worry about it. Stealth is not that important. ;)
     
  23. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Oké BlitzenZeus,

    Thanks for the info.
    Why is stealth not importanto_O

    rgds,
    Martin
     
  24. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Closed, and stealth hold the same amount of security. Hardware devices don't stealth traffic since they are made to work under standards, which require a closed response to be sent when a packet is received to an unopened port.

    Neither allow for a server connection to be opened. Stealth merely drops packets compared to closed which is required to send a response saying the port is closed.
     
Thread Status:
Not open for further replies.