Kerio vs. Router NAT - blocking spyware

Discussion in 'other firewalls' started by no13, Sep 28, 2004.

Thread Status:
Not open for further replies.
  1. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    I use Kerio v4, and I have a NAT firewall in my Router cum ADSL modem.
    If I configure the Router (which i should, because all traffic is routed through lan), not only am I saving bandwidth, but also performance overheads. But its a pain to configure, because I need to congigure it one rule at a time. I basically need to block some 150 or so adservers whose ip's I've collected. Right now, the bandwidth penalty is very high (because my rule list is HUGE)... One failure and wham, I'll need to reconfigure all 200 of them (incl. the 50 rules for ICMP/ping etc.)

    Do I have any options? Can anyone tell me how I can download Router NAT Firewall's rule list...
    I use a router by SMC.
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If it is denying outbound connections to ad servers have you considered using a hosts file: Blocking Unwanted Parasites with a Hosts File.

    That is a lot of rules for just ICMP :eek:

    I am not familiar with that router or it's rules capabilities. Most firewalls will work on an implicit deny model (anything not permitted is denied). Keep this in mind when creating rule sets and focus on what you want to allow to keep the number of rules manageable. If you can provide a few more details on the router's capabilities, your current rule set, we might be able to offer some suggestions. Also keep in mind things like ads are probably dealt with easier on the PC's themselves with browser options, hosts file or proxy than on the router.

    Regards,

    CrazyM
     
  3. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Thanks about the hosts file - Does it have a large performance penalty too?
    I used to have the customized hosts file winMe but i forgot all about it when I upgraded to Xp.
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Using a hosts file should not impact performance. There are different ones available, varying in size and sites covered. You can easily edit them yourself if you want. The MVPs hosts file in the link above is one of the smaller ones.

    Regards,

    CrazyM
     
  5. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Hey... got a larger hosts file? (171kb feels huge enough, but is there more??)

    Edit: Should i use proxomitron or something? I think the performance penalty is higher there, but I'm not sure... Also, I'm using Kerio, and it doesn't have component control... I used Thermite (link on PC Flank) - If I let the program start, it defeats the firewall. Is there any generic rule for such activity?
     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It's pointless blocking adservers by IP number as they change IP numbers very frequently to try to stop people doing that

    It's much better to use the hosts file to block by name as that rarely changes and new ones can be easily added
     
  7. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Good point about adserver names...but my original question is...
    Is there any util that can get me my ruleset backed up from *hardware NAT Firewall*?
    I fear that this may be an extremely stupid question, bvut I must know.


    Just out of sheer pig-mindedness, I'm going into network programming from next semester onwards(side hobby in college)...So if the util. doesn't exist I'll try to make it.
     
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    you can try blocklist manager by B.I.S.S

    you find a whole internet community there specialized in merging blocked IP's, names of which should blocked and firewalls/tools for blocking such things you want. a lot of firewalls are covered and now use also the snort import (intrusion prevention) the link:
    http://www.bluetack.co.uk/modules.php?name=Content&pa=showpage&pid=1
     
  9. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Got something else in same category? Proxomitron - how is it?
     
  10. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    proximitron is perfect. I use it with kye-u filters and you find it here in the privacy area.
     
  11. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    will do. I'll report back 24 hrs after i installs it. okies?
     
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    you should post it in the privacy area if you want to go further with proximitron app.

    bye
     
  13. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Ok
    But wha happened to NAT rules? I think u cn back up Cisco's ACL... what about other router manufacturers? Is it possible?
     
  14. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The documentation for your router should tell you if it has an option to backup the configuration. As for other routers, configuration options will vary a great deal from basic NAT routers to ones that also provide firewalling, ACL's and more. So to answer your question, yes it is possible, but will depend on the router.

    Regards,

    CrazyM
     
  15. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Thanks. I guess this thread can be closed now, unless someone can show me a util/source code for backing up SMC routers' ruleset.
    Thread should be considered closed if no reply in 24hrs., I guess.
     
  16. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    You could take a look at SMC Networks Forum and post there if a search does not turn up anything.

    Regards,

    CrazyM
     
  17. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    I have 'nother question
    the shields up! test at grc.com shows many ports as closed. When I stealth them (using router configs - i apply "ignore" to all tcp packets in all ports in incoming direction from Public/iinternet interface), then i can't use yahoo messenger, nor can I use ping/tracroute etc. got any solutions?
     
  18. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Your router blocks outgoing packets? Just asking....
     
  19. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    How many machines are hiding behind your NAT router? I'm really curious about your configuration...
     
  20. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    My router blocks what it likes, and just 1 pc is behind router.
     
  21. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    A Network Address Translator that blocks outgoing packets... Uhh, OK...
    I was just curious...
     
  22. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    The router has an inbuilt firewall, my dear dear greenhorn (surely, you jest!)
     
  23. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Yes. I guess you're right... You should know better since its your configuration and you made the rules, right? I really don't know anything about a single PC VPN behind a NAT router that blocks outbound packets that's why I'm here at WSF to ask you and the more knowledgeable members questions. I wish I did so I could contribute something to the discussion. I'm sorry...
     
  24. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Just poking fun man... don't be offended (you saw them throing tacos at each other...the MODS do that!!!)
    Anyways...I DON'T HAVE A CLUE WHAT'S VPN (virtual private network..yes...err.. after that - total blank) ... be slo to judge ppl...I'm not knowledgable, i don't even kno WHY I have a router when only a DSL modem would have done...we're all here to learn...
    <read my sig. - comments??>
     
  25. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    You just don't have a router. You have a NAT router! A computer that can hide more than just a subnet or an entire class c.
    NAT's basic operation is as follows. The addresses inside a stub domain can be reused by any other stub domain. For instance, a single Class A address could be used by many stub domains. Regardless of configuration (static, dynamic, overloading or overlapping) communication is initiated from addresses from within the stub domain thus it would be illogical to configure a NAT to block outbound packets.

    NAT only allows connections that originate inside the stub domain. Essentially, this means that a computer on an external network cannot connect to your computer unless your computer has initiated the contact. You can browse the Internet and connect to a site, and even download a file; but somebody else cannot latch onto your IP address and use it to connect to a port on your computer.

    I don't throw tacos 'cause I'm not a mod. Now who's the greenhorn?
     
Loading...
Thread Status:
Not open for further replies.