Need some help about Kerio PF

[YLAP]

I know it's an antivirus forum, but maybe who has Kerio PF could answer to my question. Should I allow this connection? I denied it this time.

[kamulko]

I don't know... but here you can see the traceroute and the whois of the IP!!!

[YLAP]

Yep...  It can't be good thing so I think I've done rigth with creating rule to block this connection all the times.


I think i'll swith kerio to sygate, as all these pop ups keeps me anoying! 

[FreewheelinFrank]

Deny all external connection attempts (red) and tick the create a rule box if there is one.

(Unless of course you need to accept an incoming connection: MSN needs to do this if you want to accept files. I believe you also need to allow inbound connections if you want to host an online game or create a web server.)

Check in Network Security>Appllications. Internet in should have a red cross for every application unless you're really sure you need to accept connections.

In cases like this you did the right thing to deny it. But make the rule permanent because Kerio GUI doesn't need to accept connections.



This certainly looks like a hacking attempt.

Isn't china the new hacker hotspot?

[FreewheelinFrank]

Make your rules permanent and you won't have any more pop-ups, Ylap.

Kerio is a strong firewall and you get intrusion protection with the free version which you don't with Sygate.

Sygate detects intrusions but it doesn't block them. Guess what happens when it detects them? A pop-up.

You'd be jumping out of the frying pan into the fire!

[kamulko]

Our pcs are under continuos scanning. Is normal. The real (but different) problem is in the map. As you can see, EVERY query from Italy to non-European addresses follow the same backbone route: STOCKTON. I see it when I verify the traceroute of my queries to Asia and Australia or New Zealand. This is a sign of the sourveillance of Europeans users by USA. Where is the privacy? Where is the freedom?   When I try to query for the Whois of this unknown server in the USA, I have always the same automatic reply: "You are not authirized... etcetera"... eheheh...  ... Big Brother live and rule our communications. :'(.. and he is not yellow faced

[YLAP]

thanks kamulko. I'll have it in mind.  I've just deleted all kerio configuration (set to default) and now I'm very closely configuring it from zero.

[YLAP]

Deny all external connection attempts (red) and tick the create a rule box if there is one.

(Unless of course you need to accept an incoming connection: MSN needs to do this if you want to accept files. I believe you also need to allow inbound connections if you want to host an online game or create a web server.)

Seems I need incoming connection for IE, as I can't browse in my ISP ftp server. But how about normal surfing then? Is it safe?  On the other hand I can handle with kerio pop ups then surfing ftp as everytime i just need to press "permit" once everytime i go to other folder....

[FreewheelinFrank]

I use SmartFTP to connect to my ISP ftp server and it doesn't need to accept incoming connections. IE and firefox don't either.

Why does your ISP server need to connect to IE? I'd be a bit worried about having IE allowed to accept incoming connections too. I'm afraid this is outside my experience.

Don't forget to visit ShieldsUp! to check your configuration when you've finished.

[YLAP]

If I deny incoming connection in IE or FilleZilla I can't receive file list or directory tree (on FileZilla). And kerio reports incoming connection.

[FreewheelinFrank]

Hmmm. Got me baffled. 

Maybe somebody else can help you out.

[FreewheelinFrank]

Of course you could always create a custom rule to allow connections from your ISP ftp address.

[YLAP]

If I deny incoming connection in IE or FilleZilla I can't receive file list or directory tree (on FileZilla). And kerio reports incoming connection.

Seems to be safe, as Lietuvos Telekomas is my ISP. It's report about this Ip adress:

Look Up Domain or IP Information

% Information related to '212.59.0.0 - 212.59.31.255'

inetnum:      212.59.0.0 - 212.59.31.255
org:          ORG-LT1-RIPE
netname:      LT-LIETUVOS-980407
descr:        Lietuvos Telekomas
country:      LT
admin-c:      VD176-RIPE
tech-c:       LTIN1-RIPE
status:       ALLOCATED PA
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    AS8764-MNT
mnt-routes:   AS8764-MNT
source:       RIPE # Filtered

organisation:   ORG-LT1-RIPE
org-name:       Lietuvos Telekomas
org-type:       LIR
address:        28 Savanoriu avenue
address:        LT-03501
address:        Vilnius
address:        Lithuania
phone:          +370 2 629992
fax-no:         +370 5 2783736
admin-c:        VD176-RIPE
admin-c:        JS3667-RIPE
mnt-ref:        AS8764-MNT
mnt-ref:        RIPE-NCC-HM-MNT
mnt-by:         RIPE-NCC-HM-MNT
source:         RIPE # Filtered

person:       Valentina Dubovskaja
address:      Savanoriu 28
address:      LT-2600 Vilnius
address:      Lithuania
phone:        +370 5 2367120
fax-no:       +370 5 2150787
nic-hdl:      VD176-RIPE
mnt-by:       TELECOMLT-MNT
source:       RIPE # Filtered

person:         Lithuanian Telecom IP NCC
address:        Savanoriu 28
address:        LT-03501 Vilnius
address:        Lithuania
remarks:        *******************************************************
remarks:        * ABUSE CONTACT: abuse@takas.lt in case of violation, *
remarks:        * illegal activity, scans, probes, spam, etc.         *
remarks:        *******************************************************
phone:          +370 5 2367082
nic-hdl:        LTIN1-RIPE
mnt-by:         TELECOMLT-MNT
source:         RIPE # Filtered
abuse-mailbox:  abuse@takas.lt

% Information related to '212.59.12.0/22AS8764'

route:        212.59.12.0/22
descr:        LT-TELEKOMAS
origin:       AS8764
mnt-by:       AS8764-MNT
source:       RIPE # Filtered

[YLAP]

After half an hour seems successfully created advanced rule for my ftp. 

[YLAP]

Damn! Stupid ftp!  Local point 0.0.0.0 but port is changing everytime I go to next directory!  RRRRR....


At last!  I'm so tired! But now seems to work fine as I left only IP address in advanced rule. Going to sleep now. Bye, and see you tomorrow.