kerio215 stealth to closed

Discussion in 'other firewalls' started by pin, Oct 10, 2003.

Thread Status:
Not open for further replies.
  1. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    hey,

    i tried searching the forums about this but couldn't find what i was looking for, maybe someone can help.

    i'm getting loads of connections attempts from (i'm fairly certain) kazaa. i read on another site that the attempts will stop once the machine realizes i'm not running kazaa! apparently if i simply have the port closed but not stealthed, then a return packet will be sent saying as much. but i don't know how to unstealth a port in kerio 2.1.5. is there a way? or is there another workaround?
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Its common to happen on dynamic connections, and it will go away on its own. As long as your blocking them your fine, you don't need to worry about it.

    If you really want to, Kazaa uses udp so you would have to allow the packet inbound, and allow icmp 3 outbound to send the closed respose since its a connectionless protocol. If they have icmp 3 blocked inbound they won't get the port closed respose, so it wouldn't help anyway so you can't guarantee they get the respose to stop trying to connect.

    Kerio was not designed to run with closed responses, but another option is running as a internet gateway also on the misc tab which will let your os reply with a closed respose to ports without listening programs. This includes your rules letting icmp 3 outbound for udp closed resposes. If you want to try this, neither of the logging settings on the misc tab can be enabled with the gateway setting enabled, and you will likely have to edit some of your rules to compensate for the change. This also means you cannot use a block all rule at the end of your ruleset.

    If your just tired of seeing them in you logs go into the admistration -> Advanced -> Misc Tab: Uncheck 'log packets addressed to unopened ports' as you don't have a program listening on them anyway, and 'log suspicious packets' which logs 95% garbage like timed out ACKknowledgement packets.
     
  3. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    thx for the info, i appreciate it!
     
Loading...
Thread Status:
Not open for further replies.