1. Home
  2. Networking Firewalls
  3. Kerio 2.1.5 - Unable to Attach TCP Message

Kerio 2.1.5 - Unable to Attach TCP Message

Windows 2000 SP4 with Kerio firewall 2.1.5.

After closing port 445 using either Windows Worms Cleaner or by editing the registry, I get the message on boot up " Kerio Personal Firewall Driver : Unable to attach 'TCP" followed by similar messages for other protocols. Google indicates this is a known bug. Nevertheless, on running the ShieldsUp probe, my computer is still stealthed despite the error messages. I tried uninstalling Kerio, closing the port, then reinstalling Kerio, but that didn't fool it.

I can't see any fix for this bug on Google. And after running ShieldsUp, I don't know if the error message is spurious or a genuine indication of a problem in the firewall.

Any thoughts? (In the meantime, I have reversed the registry changes so that port 445 shows as listening but is at least protected by the firewall.)

Thanks.

Martin

Reply to
Martin
Loading thread data ...

Kerio 2.1.5 was good but it's outdated now (cause of security flaws :-( ).

Do you need the smb-direct protocol?

Whats' this?

SMBDeviceEnabled=0?

Mmmmh, I used Kerio in conjunction with WinNT and that system didn't know anything abou smb-direct.

"stealth" is bad, it's a misconfiguration.

What about wipfw? It's actual and very smart ;-)

see above.

That's a workaround with security flaws. What does the Kerio FW have to do? Make it unnecessary (German says: überflüssig == superfluous) or change to f.e. ipsecpol or wipfw.

HTH Wolfgang

Reply to
Wolfgang Ewert

Thanks, Wolfgang.

  1. Kerio 2.1.5 - is it outdated because of the fragmented-packet vulnerability (which I understand can be overcome by using CHX) or are there other security flaws with it? It's a pity - I like it because it helped me to understand a little about ports, protocols etc.

  1. SMB-direct? I noticeed that ports 135 and 445 were shown as listening. On Google I found
    formatting link
    which the registry key listed is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBt\Parameters TransportBindName. Anyway, using "smb direct 445" on Google, I found
    formatting link
    seems helpful.

  2. You say stealth is bad - it's a misconfiguration. Could you explain, please. In my naiivity, on going to sites like ShieldsUp and finding all common ports "stealthed", I thought everything is good.

  1. I went to try and get wipfw at the sourceforge site and downloaded the files GUI frontend and wipfw-stable and there seems to be some sort of problem: Winzip tells me they aren't valid archives and at 14.5kb the downloaded file sizes seem to be correct.

I'd be very grateful for any comments and advice.

Many thanks

Martin

Reply to
Martin

I forgot: Windows Worms Doors Cleaner ....

formatting link

Martin

Reply to
Martin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.