Author Topic: Kerio is finally back!  (Read 18263 times)

0 Members and 1 Guest are viewing this topic.

Offline rdmaloyjr

  • Super Poster
  • ***
  • Posts: 1864
  • The beatings will continue until morale improves!
    • The Cross
Re: Kerio is finally back!
« Reply #30 on: December 30, 2005, 12:03:17 AM »
Kerio and Comodod both passes ShieldsUP! with no problems at all. See some of those threads we started, especially the one with Comodo. I posted all those screenshots and also screenshots from ShieldsUp!!

ZA freeware doesn't pass tooleaky.exe as mentioned many times in the past. Both Comodo and Kerio, plus of course ZoneAlarm Pro can pass it with no problems. ZA free doesn't have those rules, so it will easily fail.

Here are the results of Shields Up with Kerio 4.2.2 on my machine:

GRC Port Authority Report created on UTC: 2005-12-29 at 22:42:57

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

I hope now maybe a Kerio user may be able to help me get a passing grade with Shields Up.

"Enable predefined network security" is checked by default on my copy of Kerio 4.2.2.

I have no dislike for Kerio.  In fact one of the reasons I'm slow to return to ZA is Kerio starts up quicker than ZA when I boot my computer.  The main reason I'm delaying the return to ZA is I want to be sure I've fixed the crashing problem.  I've upgraded some hardware drivers & I haven't crashed since.  The crashing seemed worse with Kerio than ZA.  If I can get Kerio by Shields Up I may keep it as long as it gives good protection.
"If you want to make a Conservative angry, tell him a lie. If you want to make a Liberal angry, tell him the truth." - Rush Limbaugh

avast! Free    Mbam Pro   Privatefirewll  WinPatrol Plus               Pentium Dual-Core  Windows 7 64bit SP1  8 gigs of RAM

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Kerio is finally back!
« Reply #31 on: December 30, 2005, 03:19:23 AM »
so for example Your ping problem

Network Security > Predefined > Ping and Tracert out / Internet > deny
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline rdmaloyjr

  • Super Poster
  • ***
  • Posts: 1864
  • The beatings will continue until morale improves!
    • The Cross
Re: Kerio is finally back!
« Reply #32 on: December 30, 2005, 03:59:29 AM »
I tried deny on all ping tracerts in & out with Kerio but it still failed.

Dwarden,

Thank you for responding.

As you see above I did deny what you suggest.  Other ICMP packets were by default deny.

Do you think the ping reply could be from something else besides a firewall?   I've done scans with all my antispyware scanners, avast!, BitDefender & ewido.  Everything came up clean.  Kerio has a good reputation or I wouldn't have tried it.  I suspect something is wrong somewhere else.  S.Z.Craftec says "Kerio and Comodod both passes ShieldsUP! with no problems at all."
"If you want to make a Conservative angry, tell him a lie. If you want to make a Liberal angry, tell him the truth." - Rush Limbaugh

avast! Free    Mbam Pro   Privatefirewll  WinPatrol Plus               Pentium Dual-Core  Windows 7 64bit SP1  8 gigs of RAM

Offline Umath

  • Sr. Member
  • ****
  • Posts: 204
Re: Kerio is finally back!
« Reply #33 on: December 30, 2005, 05:19:43 AM »
rdmaloyjr,

Since you wrote that Zone Alarm had passed the ping test, presuming that you are using the same machine under the same condition, logically, Kerio should not let your machine send ping as long as your configuration on Kerio is proper or your system has something wrong exclusively with Kerio.

If you are not sure, how about making an advanced packet filter rule on denying any ICMP in/out communication and check the log column?  By doing this, Kerio would block any ICMP communication and log it.

As I wrote above, the system can shut down Kerio when Kerio keeps logging numerous data, which can flood the system memory in a long period, thogh.  This is why I try not to leave my pc online for a long time.

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Kerio is finally back!
« Reply #34 on: December 30, 2005, 04:20:23 PM »
rdmaloyjr ... ok that's definitely abnormal situation ... You got any special cable/ADSL/wifi router ?

umath ... You can avoid that messing with what KPF logs and what not ...
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline Umath

  • Sr. Member
  • ****
  • Posts: 204
Re: Kerio is finally back!
« Reply #35 on: December 30, 2005, 09:11:29 PM »
rdmaloyjr ... ok that's definitely abnormal situation ... You got any special cable/ADSL/wifi router ?

rdmaloyjr wrote that he/she didn't have the problem with ZA, which makes me think his/her system has a problem with Kerio.

umath ... You can avoid that messing with what KPF logs and what not ...

That's what we normally do but don't we have to let unexpected communications log or prompt at least?  Of course, we can let Kerio deny them without logs once the rules are set but...

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Kerio is finally back!
« Reply #36 on: December 30, 2005, 09:23:42 PM »
Hi rdmaloyjr,

Have you changed your default predefined network security settings, perchance?

They should look like this:



Passing shields up here!
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline rdmaloyjr

  • Super Poster
  • ***
  • Posts: 1864
  • The beatings will continue until morale improves!
    • The Cross
Re: Kerio is finally back!
« Reply #37 on: December 31, 2005, 02:37:48 AM »
FreewheelinFrank,

My default settings are just as you show.  I changed them as Dwarden suggested without success.  I have since reset them to default.

Dwarden,

I don't have any special cable/ADSL/wifi router.  I am on DSL a plain DSL modem.




« Last Edit: December 31, 2005, 02:44:45 AM by rdmaloyjr »
"If you want to make a Conservative angry, tell him a lie. If you want to make a Liberal angry, tell him the truth." - Rush Limbaugh

avast! Free    Mbam Pro   Privatefirewll  WinPatrol Plus               Pentium Dual-Core  Windows 7 64bit SP1  8 gigs of RAM

Offline Umath

  • Sr. Member
  • ****
  • Posts: 204
Re: Kerio is finally back!
« Reply #38 on: December 31, 2005, 06:04:35 AM »
rdmaloyjr, I think your system has a problem with Kerio.  However, why not give a try to what I wrote above as a last shot (while doing this, just temporary uncheck "Enable predefined network security")?  If Kerio fails to log, it means Kerio doesn't recognize any ICMP communication.  In this case, unfortunately, I don't think Kerio can deal with ping seeing the problem persistent even after re-installing.  :-\

Offline Jarmo P

  • Sr. Member
  • ****
  • Posts: 365
    • My Sygate firewall webpage guide
Re: Kerio is finally back!
« Reply #39 on: December 31, 2005, 10:19:49 AM »
As far as I know, I got a few BSOD's running kerio.
What you told umath

"As I wrote above, the system can shut down Kerio when Kerio keeps logging numerous data, which can flood the system memory in a long period, thogh.  This is why I try not to leave my pc online for a long time."

Does not make me very much trust the product :(

So back to my trustworthy Sygate again. Even with loosing a bit outbound control due to local proxy issue with Avast. They get logged in anyways.

Kerio IS very nice with features, but still problems I think with stability.
XP Home, Antivir PE Classic,  kerio 2.1.5 or Sygate 5.5.2710, SSM 2.0.8.583 free, SpywareBlaster, CCleaner, Firefox through webshield and running NoScript extension or in Sandboxie
http://www.kotiposti.net/string/SPF_eng/SPFGuide.html

Offline Umath

  • Sr. Member
  • ****
  • Posts: 204
Re: Kerio is finally back!
« Reply #40 on: January 02, 2006, 09:07:39 AM »
Kerio IS very nice with features, but still problems I think with stability.

That would be my point, too.  I thought Kerio 4.x became stable when compared the memory usage with Kerio 2.x, which shoudn't be a problem for modern systems.  However, after a numerous logs, I found it becomes unstable again.  In my case, I use filtering function of my router, which is not online all the day.  However, I don't recommend Kerio to an individual whose pc is not behind a router.  If someone uses Kerio 4.x without logs, it may make Kerio stable but it also reduces the information which he/she can get.

Nowadays, I think it is desirable for users to use HW firewalls or equivalent protections, at least.  I keep my eyes on Comodo/Kerio personal firewalls but am already wondering if I am going to buy Outpost or something else. :-\

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1787
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Kerio is finally back!
« Reply #41 on: January 02, 2006, 08:20:33 PM »
umath what i meant with suggestion to disable log was to do it for NIPS 'low'
and i set 'medium' ones to just log because i already ran into multiple issues with blocked valid traffic ...

but i'm already covered by linux based firewall infront of this computer so i can do such step w/o fear :) ...

so for prevention i use only HIGH NIPS on this machine (i.e. WMF exploit 1.10 rule from bleeding snort) ...
anyway the exploit seems to be so bad (new variants exploiting RND WMF content rendering any detection in AV/IDS rules nill) i'm forced to install this temporary patch from hexblog.com just for sure ...



https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive