PDA

View Full Version : Kerio Personal Fire wall Alerts



Smurf
18-08-2003, 04:12 PM
Having installed Kerio Personal Firewall on my laptop I am now facing a learning curve with the interpretation of Incoming Alerts. I am finding the Help files for this novice are not particularly helpful in assisting the decision as to whether to accept or deny certain alerts.
My question therefore is:
Is there anyway of determining safely whether to accept or deny access to my computer?. eg the following alert was received:
On the basis that I was not sure I denied access.

na-148-243-211-222 na.avantel.net nx
(148.243.211.222 wants to send ICMP packet to your machine.
Details about application
tcpip kernal driver

This is the second of such alerts

Greg S
18-08-2003, 04:49 PM
A definitive answer to your question is quite difficult. The way I learned it way back when, was to do a lot of trial and error.... block everything manually, and if something doesn't work, create a new, exclusive, rule to allow it.

There's also a somewhat helpful manual that you can download from Kerio's website

Murray P
18-08-2003, 04:49 PM
Know anybody in central America Smurf? anantel.net appears to be a Mexican ISP. Why you would be getting traffic directly from that ISP or someone who uses it, I would be suspicious of.

I take it that, this is the process whereby you set up your permissions. If you get aquery from Kerio and your not sure what it is or you're suspicious, block it but make sure that its set to ask again, don't make it a rule at this stage untill you know its not blocking something essential. I take ity youve given permission to your mail and browser clients.

Cheers Murray P

tommy
18-08-2003, 04:56 PM
You can usually deny almost all incoming alerts. I cannot think of any right now that would need to be allowed access but if you find that you are unable to access a certain site you can then look at your firewall to see if it needs to give access permission to the affected site. A good FAQ on Kerio is available here:
http://www.blarp.com/faq/faqmanager.cgi?toc=kerio

Peter H
18-08-2003, 05:34 PM
Tommy
Thanks for that site - always wondered what the red & green arrows meant. While I am typing this, someone is trying to send a "Tcpip kernel driver" to me. Any idea what this is?
Bye

tommy
18-08-2003, 06:14 PM
Peter: I am not quite sure what the "Tcpip kernel driver" is but I don't let them in myself. Have found another couple of Outpost/Kerio FAQ pages in my bookmarks that are good reading, though they are not for the most recent versions of these firewalls:
http://www.broadbandreports.com/faq/security/
http://www.dslreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW

Some of the general questions and answers could also interest users of other firewalls.

Peter H
18-08-2003, 06:31 PM
Thanks for that. Looks like I'm in for some reading.
Bye