Understanding IRC settings

Discussion in 'other firewalls' started by FireDancer, Sep 22, 2003.

Thread Status:
Not open for further replies.
  1. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Hi all,

    I reformatted my 15 year old daughters computer last night and decided it might be better to install Kerio 2.1.5
    as it has a better configureability then ZA Free. I set up her computer to be a bit more secure and am trying to teach her about security... at least what I know about
    spam spyware maleware viruses and trojans and the like.

    Anyways after the format and install of updates and software I was informed that there was no way she was
    going to live a minute longer with out Yahoo messanger and MSN messanger!!!!!

    First off just so I know I am correct Yahoo and MSN are considerd IRC correct? Internet Relay Chat. I have never used anything like a chat before as it does not interest me ... if I want to chat I can pick up the phone :rolleyes:. I have her all set up with rules for DHCP, ICMP, Custom Server (DNS), LOOPBACK and what not along with applications.

    When I loaded these chat programs I watched carfully for what kind of protocal it was asking for. It seems that
    Yahoo wants a basic TCP connect out , so that was not to big a problem but MSN wants to send/recieve UDP on port 7001 but operates under a TCP connect only for ports 80, 443 and 1861 I belive. Is this port 7001 used for FTP? or am I way off here? What I did was created a few rules such as these... as for now UDP from MSN is denyed.

    Yahoo TCP out local 1024-5000 any/any remote port 80
    MSN TCP out local 1024-5000 any/any remote ports 80, 443, 1861

    I am not sure I need that UDP for MSN as it is working fine but I want it to be secure as possible for her. She is not useing any kind of File Tranfer for her or the friends she chats with so I assume the TCP connects are all she needs for chatting. If any one could maybe give me some input/advise on how to set these Chat programs up in Kerio 2.1.5 I would greatly appreciate it.

    Regards,

    ~FIREDANCER~
     
  2. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Well, As for MSN, I use Sygate on ym computer, but block off port 7001 and I use MSN, and have no problems (I cant send or receieve files with it blocked myself) But, Yahoo, and MSN are not IRC, IRC has its own clients (http://www.mIRC.com/ etc) IRC is a actualy chatroom, where as MSN and Yahoo are Instant Messangers, (Anyone who can, feel free to correct me also)
     
  3. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    To be honest with you in the end Kerio will be more secure when properly configured, but it will take much longer to setup Kerio then it would to setup ZA since you don't know what you need to allow for the programs. While you can do remote admin to her computer, you will have much work ahead of you making sure everything works.

    IM programs are not considered like IRC configurations, and as far as configuring them goes, I suggest you do some real research to have all the functions work.

    With the few times others have used Yahoo on my computer here is a very loose ruleset:

    Main rule
    TCP
    outbound
    local: any
    Remote:
    any address
    ports: 80, 5000, 5001, 5050
    allow.

    Voice chat
    udp
    both directions.
    local: any
    remote:
    any address
    port: 5000

    There will also be a different updated program, just let it outbound tcp 80.


    I never did any file transferring so that is something you will have to figure out....

    Something you might try is using almost all access rules, find the ranges they use, allow those, and block the ports/ranges they are listening on for their outbound communications.

    Outbound local ports1024-5000 to any address on any port
    Inbound local ports 5001-65535 from any address on any port.


    From there make it logging, and you can close the ranges after you have viewed the logs.

    Good luck, you have some work ahead of you making a configuration invisible to the user. I've done it before, and found that its something that is never done unless you leave the cofiguration open enough to allow for possible new connections which are legit. For example, letting the browser outbound to any address so when she downloads something from a ftp site its not blocked, or has a prompt to deal with when passive ftp will use a huge port range.
     
  4. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Hey Firedancer , I think we can get to the stage of our security that we end up not being able to access many of the simple things that internet usage can be for . I have a 16 yr old son and asked him what he thought as he only stays with me for the skool holidays (and its currently skool holidays ). he recons as soon as you are not looking that firewall will be dumped as you are stopping her taking part in all the activities that she likes to do with her freinds . Although you have the best intentions , its maybe going to be safer to run with Zone alarm , or something equally simpler that is set with simple default settings but safe.and will not interfere with her chats. Hope you dont mind me throwing in my 2 cents worth . As far as file sharing with MSN and Yahoo go you can configure them to have her anti virus scan any files that are transferred . That being safe to do just incase there are any files transmitted , which they all do any ways . I recon that to keep it simple is the safest way with our childrens settings as they im many cases are really not into the things that we are who seem to lurk around sites like here :) any way good luck.
     
  5. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I do have to agree that ZA would be better for kids since they are prone to removing software they don't like, but then again you could just take away their computer for an entire month for removing/disabling your security software. They don't need a computer, they don't need to chat on IM programs, and there is always the library if they really need to use a computer :cool:
     
  6. BWMerlin

    BWMerlin Registered Member

    Joined:
    Aug 11, 2003
    Posts:
    71
    I would have to strongly suggest that u do not take the computer away other wise u will never here the end of it. Then their are several other things that they can do to u that will make life hell (credit cards can go missing verious ph. calls will not be passed on and so on) for u until u return the computer.
     
  7. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    Solar and BlitzenZues,

    I belive I have got my problem licked and just so you both know I have raised 4 responcible and wonderful children. :D Anyways what I have done is I first asked her if she knew what and how to transfer files and she calmly said no....thanks god for small miracles :). She is 15 going on 25 LOL and she does actually listen to me ( I am so lucky).

    She said all she wants to do is chat so with that in mind and what BlitzenZues explained to me in earlier post I did some checking with a log file and this is what I came up with and consistantly the Im's wanted these ports below

    Yahoo IM updater TCP 1024/5000 local remote port 80
    Yahoo IM EXE TCP out 1024/5000 local remote port 80
    Yahoo IM EXE UDP both any/any (no file transfer)

    Note: Yahoo can use 5000, 5001, 5050... I figure if I limit to one port that = less trouble.allthough I might have to change that at later date... we will see.

    MSN EXE TCP out 1024/5000 local remote port 443, 1863
    MSN EXE TCP out any local, remote port 80 DENY
    (to keep web page from opening constantly)
    MSN EXE UDP both any/any (no file transfer)

    allthough now that I look at it I could of added UDP to my second MSN rule to stop file transfers. I could probably narrow down the local ports for these programs to further tighten the rules.. I will give that some thought tomorrow. Any thoughts
    or advise would br greatly appreciated. :D

    Again very nice work BlitzenZues on the Template I look forward to reading more closley tomorrow. Have a good night all

    and very best wishes/regards,

    ~FIREDANCER~
     
Loading...
Thread Status:
Not open for further replies.