PDA

View Full Version : Software firewall rule for 'Dos' ping...



Greg S
30-03-2004, 12:12 PM
... using XP's Command Prompt to ping a site or server, my requests always time out even when my Kerio is set to it's learn mode. I have to switch it off to get a ping result.

So, is it safe to allow full up/down access (TCP I assume) for the port, even when I'm not using the facility - given that an open port is open to intrusions while not in use.

And... sad I am :8} what port does Ping use.. and same in as out?

Thanks!

Barnabas
30-03-2004, 02:00 PM
Hi Greg,
from what I understand, and Ill be the first to admit that it isn't much, ping doesn't actually use a port, its part of the ICMP protocol, which is different to TCP/IP. (Im struggling to remember my data comms paper at uni so sorry if Im wrong).
I havent used Kerio before but see if there is an option to allow ICMP traffic.
Hope that helps, Im open to corrections if Im wrong.
B.

Murray P
30-03-2004, 02:11 PM
Kerio: Network Security window > Predefined tab > Ping & Tracert In + Ping & Tracert out and other ICMP Packets, permit or deny in either trusted or internet zones. I permit within the Trusted (LAN) but deny for Internet. If I need to ping somewhere on the net I just enable it in Kerio then reset when to my pref's done.

Cheers Murray P

Greg S
30-03-2004, 04:26 PM
Thanks both! ICMP DOH! I just disabled all those defaults when I first set up Kerio.

Cheerz!