Kerio 2.1.5 - Unable to Attach TCP Message

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Windows 2000 SP4 with Kerio firewall 2.1.5.

After closing port 445 using
either Windows Worms Cleaner or by editing the registry, I get the message
on boot up " Kerio Personal Firewall Driver : Unable to attach 'TCP"
followed by similar messages for other protocols.   Google indicates this is
a known bug.   Nevertheless, on running the ShieldsUp probe, my computer is
still stealthed despite the error messages.    I tried uninstalling Kerio,
closing the port, then reinstalling Kerio, but that didn't fool it.

I can't see any fix for this bug on Google.   And after running ShieldsUp, I
don't know if the error message is spurious or a genuine indication of a
problem in the firewall.

Any thoughts?      (In the meantime, I have reversed the registry changes so
that port 445 shows as listening but is at least protected by the firewall.)

Thanks.

Martin




Re: Kerio 2.1.5 - Unable to Attach TCP Message
Martin wrote:

Quoted text here. Click to load it

Kerio 2.1.5 was good but it's outdated now (cause of security flaws :-( ).

Quoted text here. Click to load it

Do you need the smb-direct protocol?

Quoted text here. Click to load it
Whats' this?

Quoted text here. Click to load it

SMBDeviceEnabled=0?

Quoted text here. Click to load it

Mmmmh, I used Kerio in conjunction with WinNT and that system didn't know
anything abou smb-direct.

Quoted text here. Click to load it

"stealth" is bad, it's a misconfiguration.

Quoted text here. Click to load it

What about wipfw? It's actual and very smart ;-)
 
Quoted text here. Click to load it
see above.


That's a workaround with security flaws. What does the Kerio FW have to do?
Make it unnecessary (German says: überflüssig == superfluous) or change to
f.e. ipsecpol or wipfw.

HTH
        Wolfgang


Re: Kerio 2.1.5 - Unable to Attach TCP Message
Thanks, Wolfgang.

1. Kerio 2.1.5 - is it outdated because of the fragmented-packet
vulnerability
(which I understand can be overcome by using CHX) or are there other
security flaws with it?     It's a pity - I like it because it helped me to
understand a little about ports, protocols etc.

2.  SMB-direct?        I noticeed that ports 135 and 445 were shown as
listening.    On Google I found
http://www.claymania.com/windows2000-hardening.html
in which the registry key listed is
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBt\\Parameters
TransportBindName.        Anyway, using "smb direct 445"  on Google, I found
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00424.html
which seems helpful.

3.   You say stealth is bad - it's a misconfiguration.    Could you explain,
please.     In my naiivity, on going to sites like ShieldsUp and finding all
common ports "stealthed", I thought everything is good.

4.   I went to try and get wipfw at the sourceforge site and downloaded the
files GUI frontend and wipfw-stable and there seems to be some sort of
problem: Winzip tells me they aren't valid archives and at 14.5kb the
downloaded file sizes seem to be correct.

I'd be very grateful for any comments and advice.

Many thanks

Martin







Quoted text here. Click to load it
is
changes
do?
Quoted text here. Click to load it





Re: Kerio 2.1.5 - Unable to Attach TCP Message
I forgot: Windows Worms Doors Cleaner ....
http://www.firewallleaktester.com/wwdc.htm



Martin


Quoted text here. Click to load it
to
found
explain,
all
the
:-( ).
Quoted text here. Click to load it
know
computer
to



Site Timeline