Kerio Rules

Discussion in 'other firewalls' started by jaxson, Feb 21, 2003.

Thread Status:
Not open for further replies.
  1. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Just to add to LWM's reply...

    The entries for PERSFW and PFWADMIN are just the firewall communicating with itself and are also normal. If you want less clutter, there is an option under settings to disable/enable seeing those entries (and others).

    Regards,

    CrazyM
     
  2. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Thx guys.

    I just noticed those options CrazyM, I think I will use some to get rid of the clutter. Do you have some of them ticked?

    LowWaterMark:

    I have disabled NetBIOS completely now using those instructions. So it's safe to delete the NetBIOS rules in Kerio now? I also noticed that when I disabled it the things started listening on port 445, after looking at a link of yours I have now disabled this port to. All I have now is svchost on port 135 and after reading some posts people say they couldn't boot into windows when they disabled it and you yourself don't reccomend it either so I think I will leave that.

    I have read guides before on 2K services and have adjusted mine accordingly, but many that were automatic it told me to set to manual. But should I set some of these manual to disable alotogether? Here are some screenies.
     

    Attached Files:

  3. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Continued...
     

    Attached Files:

  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,247
    Location:
    New England
    Most of the services I don't want to start I set to Manual. I like this better than disable for some because this will allow them to start if another service calls upon them. Unless it is something I considered insecure, I believe setting to Manual is good enough.

    There were only a couple that I set to Disable because I really wanted them off, and a Manual setting didn't prevent them from starting (because some other process was triggering them). For myself, I don't need the DHCP Client (I'm on an ADSL PPPoE connection that doesn't use DHCP), and Manual wouldn't prevent it from starting, so I set it to Disable.

    I also set "Automatic Updates" to Disable (because I really wanted that one dead! ;) ), plus a couple that aren't on Windows 2000 but are included on XP.

    Manual should be fine unless you are worried about a particular service. Your list of Services looks really clean!

    Oh, and of course, everytime I've done a major update at Windows Update, Microsoft re-enables and restarts Automatic Updates. :mad:
     
  5. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Will probably leave it as it is then. Do you reccomend a site that does a thorough port scan, as I want to do with with Kerio turned off to see what ports are closed without my firewall on. Or can I do it another way?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,489
    Location:
    Netherlands
    Hi jaxson,

    You will find a lot of usefull testsites here: http://www.wilderssecurity.com/showthread.php?t=6341

    Regards,

    Pieter
     
  7. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Hey

    I just ran most of them with Kerio off, and all ports are closed apart from 135, which i'm not sure about closing.

    Although 1 scan also said port 31337 was open

    And another scan said it was stealthed.

    What does this port do? And is there a way I can confirm as 2 scans contradict eachother.
     
  8. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Just read this on port 135:

    http://www.uksecurityonline.com/husdg/windows2000/close135.htm
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,247
    Location:
    New England
    Some people do run okay with port 135 closed, but many don't. I wouldn't close it (and I didn't, as noted in the other thread I referenced in a previous post).

    As far as port 31337, just bring up a DOS/CMD window and run a "netstat -an" command to see if anything is actually listening on that port. If nothing is listening, than the scanning site is either wrong or your ISP could be intercepting that port for something purpose, before it reaches your machine. In any case, if nothing is listening, you have nothing to worry about. If it is open on your system, then it becomes a matter of tracking it to the program holding the port open and proceeding from there.
     
  10. jaxson

    jaxson Registered Member

    Joined:
    Feb 21, 2003
    Posts:
    33
    Thx

    Just done that and no it's not listening or even listed.

    Lots of ports listed on the left hand side that aren't listening either, what they doing?
     
  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,247
    Location:
    New England
    Could be any number of things, as you saw from your Kerio active connections screen, (same data - just presented differently)... Different programs holding open connections for different purposes.

    In the screen shots below, you see the execution of a netstat command, twice. The first one was immediately after I used IE to connect to two different websites (fairly verbose ones - with lots of images, ads, etc.) The second netstat command was a minute or so later. I hadn't done anything, just waited. The excess connections closed in the amount of time that passed between the two netstat commands. I wouldn't worry about ports opened by IE while browsing.

    If I'm also at a port scanning website at the same time I'm doing other browsing, these IE ports won't appear to be open to the scanner because they are busy in the established connections to the other sites.
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.