|
Posted by Kerodo on July 31, 2006, 5:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
q_q_anonymous@yahoo.co.uk says...
> i'm trying kerio out, it seems to have a bad port logger. not picking
> up smtp or pop. I wonder if sygate would've seen it. (ethereal sees it)
> Why should kerio miss that out? How is it deciding what to miss out?
>
>
> Sometimes when browsing , page weren't loading up, a little red arrow
> flashes on the icon.
>
> I disabled kerio and immediately the page loaded up.
>
> I opened the port logger and then went to logs..firewall log, to see
> what it was blocking.
> (unlike sygate, it doesn't include blocked connections in the scren of
> the port logger. It's elsewhere)
>
> I saw it had blocked " SSDP " - particularly. There was Listening on
> my machine 192.168.14.4:1900 svchost.exe , it was blocking incoming
> connections from my "NAT router" 192.168.1.1:20xy: to my machine.
>
> I thought PFWs didn't block svchost.exe Anyhow, even after adding a
> rule to allow my router to connect to me (from any port) to me @ 1900,
> I was still getting red arrows and inaccessible and a list of SSDP
> blocked. I haven't noticed a problem loading up pages though.
> I then noticed, that amongst all the ALLOWED including allowed for
> outgoing svchost.exe, there was a deny for incoming to my port 1900 -
> svchost.exe.
>
> Is it using a strict policy - white list. Or a black list. It looks
> like a "white list", many svchost.exe rules allowed. But I've just seen
> an explicit rule to *deny* SSDP incoming - from any ip any port onto my
> machine's port 1900. If it's a whitelist, why should it be necessary
> to say that? And isn't it a silly thing to deny anyway, it should be
> permitted in the white list! I have amended it to permit it from my
> router any port. to my comp port 1900.
>
> If only sygate was fixed. It kicks kerio to pluto. Is there any way to
> nullify whatever security problem sygate has with the open windows?!!
>
>
> Actually, on trying to post this, Kerio gave 2 flashes of a red arrow
> poitning upwards, like giving me the finger. And it fails to post.
> Listing nothing under blocked. disabling kerio lets me send this
> post!! I guess that problem is unique, but the rest probably are
> typical.
>
>
How Kerio 2.1.5 works or doesn't work is totally dependant upon your
rule set. If something's not working, then your rules are to blame. As
a starting point, you might try BZ's rules. You can find them here:
http://www.dslreports.com/forum/remark,8023708
Read the thread and download the rule set and then modify them to suit
your own personal needs. Kerio 2 is great if you know what you're
doing, but if you don't, you can create a complete mess..
--
Kerodo
| 
XML site map