PE and Kerio

Discussion in 'Port Explorer' started by Emmanuel, Aug 22, 2003.

Thread Status:
Not open for further replies.
  1. Emmanuel

    Emmanuel Guest

    Just tried PE demo and I'm very impressed. I have a question though. I'm using the Kerio firewall (WIN 95, rules block everything not explicitly allowed by a previous rule). I did not get any alerts from Kerio while using PE even though I did not make any rule to allow it. Is that because it does not open/use any ports or does it somehow bypass Kerio? It seems to work fine but I just want to understand what is going on before I decide to register it/keep it. Thanks.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello Emmanuel and welcome!
    Not using Kerio hard to answer your question but others will jump in for sure.
    In my fw i had to grant PE internet access and i wonder if you did such a thing somehow/somewhere in rules or other ways.
    Do you see actual connections, processses, if you try the utilities like whois and scrolling through spam emails, do you see the emails calling home to get the images displayed for you?
    PE itself doesn't open other ports then connecting to whois servers like you can see in the display.
    Can tell you i really love the tools, PE, TDS, WG and the others, having them all working together and jumping from the one to the other seemlessly, really like this experience!
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello Emmanuel & welcome, PE will only require an outgoing connection when using one of the utilities (see the utilities menu) such as ping & traceroute. At all other times it is passive, just watching & recording the various connections.

    Enjoy Pilli :D
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Jooske, We replied at roughly the same time again :D
     
  5. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Emmanuel, Port Explorer only looks at/analyses existing sockets - it doesn't make any changes to existing sockets, or create any new sockets, so no firewall will alert as there is no reason to alert - nothing is changing. It's like when you run netstat, you wouldn't expect your firewall to alert then either - this is the same with Port Explorer. :)
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I granted PE access to internet in the firewall, routine i guess and to be able to get whois results, but that is always because i ask for it.
     
  7. Emmanuel

    Emmanuel Guest

    Everyone:

    Thank you for your prompt replies! I had not used any of the utilities yet and that explains why I did not get any alerts from Kerio. I just tried whois and sure enough I got an alert. My main interest in the program was the process spying ability but now I love the utilities too (and made appropriate allow rules). Great program!!
     
  8. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Emmanuel,
    To keep things simple you might as well grant Port Explorer full network access, as there are no phone-home capabilities or anything that may warrant concern (feel free to use 3rd party packet-sniffers if you don't believe me) :). Then you'll be able to use all components of Port Explorer without alerts from your firewall.

    Best regards,
    Wayne
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yeah, i love the utilities too, the very handy whois among others.
     
  10. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Some firewalls like to block all programs which even load Winsocks, or load themselves into the LSP like Port Explorer. So it really depends on how paranoid your firewall is, most of them though only will alert when Port Explorer tries to connect to the internet through either "Check for new version" or Whois,Resolve,Ping, etc.

    -Jason-
     
  11. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    It completely depends on your configurations, the program is not application based, its rule based, so when something is already permitted by your rules, it doesn't ask twice so the problem is in your configuration.

    Kerio isn't for everyone as you have to understand what all your rules, and the few settings you have permit otherwise your configuration can be too loose and restrictive at the same time for different things.

    The main reason for things like this are purely loose rules, or people running software proxy servers without restricting access to their localhost.
     
Thread Status:
Not open for further replies.