SPF and and WIN32 Kernel Core Comp...

Discussion in 'other firewalls' started by Detox, Aug 1, 2002.

Thread Status:
Not open for further replies.
  1. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    OK, as an application I have told my SPF to block

    WINDOWS\System\kernel32.dll

    but it just doesn't seem to want to... this thing is still showing access all over my traffic log... I dunno what it does but I want to make it stop, and can't figure out how. I haven't added any rules to this thing before and wonder if someone who has knows how to make a rule to stop this application since blocking it as an application isn't doing the job??
     
  2. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Oh, dunno if it matters but the log in Sygate shows the "rule name" as applied to each situation, and every time kernel gets through (a lot!) the rulesname shown is

    GUI%GUICONFIG#RULE@NBENABLEYOU#ALLOW-UDP
     
  3. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    *bump* :oops:
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
  5. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Sir no sir!

    But now that I know about it, I will do it tonight sir!
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hope you'll let us all know if you've found what you are looking for, sir :D

    regards.

    paul
     
  7. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hm, I did an "advanced" configuration on the application and I'll wait n see if that worked. I hadn't known there was more stuff to choose from than just "blocking", but hope it'll work. If not, I'll look deeper.. hehe
     
  8. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hm well that advanced stuff did NOT do the truck, for some reason Sygate just did NOT want to block that "kernal" crap...

    Anyway I just paid attention for a bit and noticed that all incoming and outgoing traffic from kernal was going through ports 137 and/or 138, and was always UDP. So, I made my first advanced rule to block all UDP on ports 137 and 138, worked like a charm ;-)
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Detox,

    Congrats! :cool:

    regards.

    paul
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Ports 137 and 138 belong to your Netbios according to: http://www.portsdb.org/bin/portsdb.cgi?portnumber=138&protocol=UDP&String=

    Regards,

    Pieter
     
  11. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Come on guys quit making me look so nooby in here!

    No really I asked about Netbios once before and still kinda don't know what exactly it does, but I have had no ill effects (that I am aware of) since blocking these ports... Might I find some? Or be having some I don't know about?
     
Thread Status:
Not open for further replies.