Kerio - How do I handle this?

Discussion in 'other firewalls' started by darksky, Jan 19, 2003.

Thread Status:
Not open for further replies.
  1. darksky

    darksky Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    33
    Hi,

    Just switched over to Kerio this afternoon...it past port probe tests on GRC and some tests on PC Flank, but then on the quick test I got the following warning:
    The test found visible port(s) on your system: 80
    Recommendation:
    Install personal firewall software. If you have already installed and are using a firewall, check if it is set to make all the ports of your computer invisible (hidden). If it is, then get new firewall software and redo this test.

    Sorry, I know this is a dumb question, but I'm learning here...

    What rule can I type in to Kerio to make all ports on my computer invisible (stealthed), hidden...o_O?

    Thanks!
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi darksky

    Some of the firewall test sites are not always consistent or correct for any number of reasons.

    One thing you could try would be some online tests at other sites to see how your results compare. A convenient list can be found in the following post by Tassie_Devils:
    https://www.wilderssecurity.com/showthread.php?t=6341

    If you feel you still have an issue with your port 80 results, we can then get into rule set specifics.

    Regards,
    CrazyM
     
  3. darksky

    darksky Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    33
    Hi, I tried several other test sites. Kerio is consistently failing to stealth port 80 which makes me wonder if it's failing to do the same on other ports as well.

    How can I make Kerio cause all ports on my computer to be invisible (stealthed), hidden...o_O? What rule or rules can I type in to accomplish this?

    Thanks,

    Mark
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi darksky

    The port 80 issue could be a result of what filtering your ISP may be doing. Do you know if they filter anything inbound before it gets to you?

    Do you have anything in your rule set allowing inbound to local service/port 80?

    Perhaps you could post your rule set in order that we may check it and comment. Just delete any personal info or IP's that do not need to be share with everyone.

    ...example attached.

    Regards,
    CrazyM
     

    Attached Files:

  5. Dave

    Dave Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    6
    I use Kerio 2.1.4 and have had no trouble. To arrive at this unbeatable situation one has to first scrap all those preset rules and start from scratch as well as limiting your browser port privileges.

    In conjunction with this I use Naviscope 8.70 with its privacy features to enable even more added security. It only has the same ports' access as IE6 and still works brilliantly blocking referrer, User Agent etc.


    Just have a look at the ruleset courtesy of the Kerio Support Group at Yahoo and use basic rulesets as stated. I pass stealth in my Win98SE at every site and have never failed a test yet.

    1. What are some basic set of rules for KPF?
    Kerio comes with a default set of rules but most people soon want to setup more specific rules themselves. These are suggestions that have been compiled over trial, error, experience and a lot of twiddling by hundreds of experienced Kerio / TPF users.
    Note 1: The loopback rule isn't technically needed anymore unless you use apps that that use loopbacks themselves.
    Notes:
    Rule 1 is your NetBIOS blocks. Enter them as displayed. Even if you have removed NetBIOS from your Network applet, these will serve to "Notify" you of any attempts. (Of course, this assumes you are NOT legitimately using NetBIOS on your system.)
    Rules 2 - 4 allow any application to connect to your Domain Name Servers. If your ISP uses 4 different servers, yours may add and use more or less.
    Rules 5 - 7 are the balance of the ICMP rules.
    Rule 8 is a loopback rule to 127.0.0.1 (your computer) for Internet Explorer's cache.
    Rules 9 - 10 are the "application specific" rules. only Internet Explorer and Outlook Express are given as examples In general, you'll write one or two rules for each application that you want to access the internet. for some common applications rules check here
    Rule 11 is the "Block Everything" rule. Enter it as shown but don't enable it until all of the "kinks" are out of your ruleset. Let the Rule Assistant (ask for action when no rule is found) work for you to show you where problems are occurring.
    RULE 1:
    Description: Block Inbound/outbound NetBIOS TCP UDP (Notify)
    Protocol: TCP and UDP
    Direction: Incoming/outgoing
    Port type: Port/Range
    First Port: 137
    Last Port: 139
    Local App.: Any
    Remote Address Type: Any
    Port type: port/range
    First Port: 137
    Last Port: 139
    Action DENY
    = = = = = = = = = = = = = = = =
    RULE 2:
    Description: ISP Domain Name Server Any App UDP
    Protocol: UDP
    Direction: Both
    Local Port: Any
    Local App.: Any
    Remote Address Type: Single
    Host address: (Your ISP DNS) IP number
    Port type: Single
    Port number: 53
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE 3:
    Dsecription: Secondary DNS ISP address
    Protocol: UDP
    Direction: Both
    Local Port: Any
    Local App.: Any
    Remote Address Type: Single
    Host address: (secondary ISP DNS) IP number
    Port type: Single
    Port number: 53
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE 4:
    Description: Other DNS
    Protocol: TCP and UDP
    Direction: Both
    Local Port: Any
    Local App.: Any
    Remote Address Type: Any
    Port type: Single
    Port number: 53
    Action DENY
    = = = = = = = = = = = = = = = =
    RULE 5:
    Description: Out Needed To Ping And TraceRoute Others
    Protocol: ICMP
    Direction: Outgoing
    ICMP Type: Echo Request
    Remote Endpoint: Any
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE 6:
    Description: Needed To Ping And TraceRoute Others
    Protocol: ICMP
    Direction: Incoming
    ICMP Type: Echo Reply, Destination Unreachable, Time
    Exceeded
    Remote Endpoint: Any
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE 7:
    Description: Block ICMP (Logged)
    Protocol: ICMP
    Direction: Both
    ICMP Type: Select All
    Remote Endpoint: Any
    Action: DENY
    = = = = = = = = = = = = = = = =
    RULE 8:
    Description: IE Cache
    Protocol: UDP
    Direction: Outgoing
    Port type: Any
    Local App: Only selected below => iexplore.exe
    Remote Address Type: Single address => 127.0.0.1
    Port type: Any
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE 9:
    Description: Internet Explorer-Web browsing
    Protocol: TCP
    Direction: Outgoing
    Port type: Any
    Local App.: Only selected below => iexplore.exe
    Remote Address Type: Any
    Port type: List of ports
    List of ports: 80,8080,3128,443,20,21
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE 10:
    Description: Outlook Express
    Protocol: TCP
    Direction: Outgoing
    Port type: Any
    Local App.: Only selected below => msimn.exe
    Remote Address Type: Any
    Port type: List of ports
    List of ports: 25,110,119,143
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE 11:
    Description: Block Incoming/Outbound Unauthorized Apps(Notify)
    Protocol: Any
    Direction: Incoming/Outgoing
    Port type: Any
    Local App.: Any
    Remote Address Type: Any
    Port type: Any
    Action DENY
    If you are on a LAN you might need to allow NetBIOS to and from computers on your LAN. You should insert two rules before rule 1:
    RULE a:
    Description: Trusted Inbound NetBIOS TCP UDP
    Protocol: TCP and UDP
    Direction: Incoming
    Port type: Port/Range
    First Port: 137
    Last Port: 139
    Local App.: Any
    Remote Address Type: Trusted Address Group
    Port type: Any
    Action PERMIT
    = = = = = = = = = = = = = = = =
    RULE b:
    Description: Trusted Outbound NetBIOS TCP UDP
    Protocol: TCP and UDP
    Direction: Outgoing
    Local Port: Any
    Local App.: Any
    Remote Address Type: Trusted Address Group
    Port type: Port/Range
    First Port: 137
    Last Port: 139
    Action PERMIT
     
Loading...
Thread Status:
Not open for further replies.