Kerio Winroute packet filter settings
Results 1 to 4 of 4

Thread: Kerio Winroute packet filter settings

  1. January 19th, 2005, 08:03 PM #1
    Byan
    Byan is offline Virtual PC Surgeon!
    Join Date
    Jul 2003
    Posts
    1,255

    Kerio Winroute packet filter settings

    I have been messing around with kerio WinRoute 4.2.5.., its basically a software router.

    I noticed that unless I open all incoming connections, I am unable to establish any connection.., and whenever I try to connect somewhere, a bunch of droped incoming packets are logged

    I have a rule that allows all packets of already established connections

    I think that some of these packets are for DNS and such, and thats why I cannot open any new connections.

    I would like to make some sort of rule(s) to allow only the packets I need

    also, if a connection already exists, then I can still recieve stuff from it, such as if there was a download going, and I can still use Trillian unless I disconnect it, and try to reconnect.

    part of log-
    [19/Jan/2005 18:26:06] Packet filter: ACL 2:1 line1: deny packet in id=2329 : UDP 209.244.0.4:53 -> 4.229.x45067
    [19/Jan/2005 18:26:07] Packet filter: ACL 2:1 line1: deny packet in id=2331 : UDP 209.244.0.4:53 -> 4.229.x45067
    [19/Jan/2005 18:26:09] Packet filter: ACL 2:1 line1: deny packet in id=2336 : UDP 209.244.0.4:53 -> 4.229.x45067
    [19/Jan/2005 18:26:09] Packet filter: ACL 2:1 line1: deny packet in id=2337 : UDP 209.244.0.3:53 -> 4.229.x45068
    [19/Jan/2005 18:26:13] Packet filter: ACL 2:1 line1: deny packet in id=2344 : UDP 209.244.0.3:53 -> 4.229.x45068
    [19/Jan/2005 18:26:13] Packet filter: ACL 2:1 line1: deny packet in id=2345 : UDP 209.244.0.4:53 -> 4.229.x:45067
    [19/Jan/2005 18:26:14] Packet filter: ACL 2:1 line1: deny packet in id=2350 : TCP 4.229.207.117:4296 -> 4.229.x:135
    [19/Jan/2005 18:26:15] Packet filter: ACL 2:1 line1: deny packet in id=2351 : TCP 4.229.120.22:1665 -> 4.229.x:445
    [19/Jan/2005 18:26:20] Packet filter: ACL 2:1 line1: deny packet in id=2354 : Protocol 2, 209.244.187.136 -> 224.0.0.1
    [19/Jan/2005 18:26:49] Packet filter: ACL 2:1 line1: deny packet in id=2364 : TCP 4.229.198.137:3660 -> 4.229.x:445
    [19/Jan/2005 18:26:50] Packet filter: ACL 2:1 line1: deny packet in id=2365 : Protocol 2, 209.244.187.136 -> 224.0.0.1
    [19/Jan/2005 18:27:05] Packet filter: ACL 2:1 line1: deny packet in id=2369 : TCP 4.229.135.63:3391 -> 4.229x:445
    [19/Jan/2005 18:33:20] Packet filter: ACL 2:1 line1: drop packet in id=4168 : Protocol 2, 209.244.187.136 -> 224.0.0.1
    [19/Jan/2005 18:33:31] Packet filter: ACL 2:1 line1: drop packet in id=4276 : TCP 4.229.141.1:2537 -> 4.229.x:445
    [19/Jan/2005 18:33:33] Packet filter: ACL 2:1 line1: drop packet in id=4293 : TCP 4.229.141.1:2537 -> 4.229.x:445
    [19/Jan/2005 18:33:50] Packet filter: ACL 2:1 line1: drop packet in id=4417 : Protocol 2, 209.244.187.136 -> 224.0.0.1
    [19/Jan/2005 18:33:56] Packet filter: ACL 2:1 line1: drop packet in id=4419 : UDP 209.244.0.3:53 -> 4.229.x:45105
    [19/Jan/2005 18:33:56] Packet filter: ACL 2:1 line1: drop packet in id=4420 : TCP 4.229.198.219:2008 -> 4.229.x:445
    [19/Jan/2005 18:33:57] Packet filter: ACL 2:1 line1: drop packet in id=4422 : UDP 209.244.0.4:53 -> 4.229.x:45106
    [19/Jan/2005 18:33:58] Packet filter: ACL 2:1 line1: drop packet in id=4423 : TCP 4.229.66.61:1843 -> 4.229.x:135
    [19/Jan/2005 18:33:58] Packet filter: ACL 2:1 line1: drop packet in id=4425 : UDP 209.244.0.4:53 -> 4.229.x45106
    [19/Jan/2005 18:34:00] Packet filter: ACL 2:1 line1: drop packet in id=4430 : TCP 4.229.198.219:2008 -> 4.229.x:445
    [19/Jan/2005 18:34:00] Packet filter: ACL 2:1 line1: drop packet in id=4433 : UDP 209.244.0.3:53 -> 4.229.x:45105
    [19/Jan/2005 18:34:00] Packet filter: ACL 2:1 line1: drop packet in id=4434 : UDP 209.244.0.4:53 -> 4.229.x:45106
    [19/Jan/2005 18:34:01] Packet filter: ACL 2:1 line1: drop packet in id=4440 : TCP 4.229.66.61:1843 -> 4.229.x:135
    [19/Jan/2005 18:34:02] Packet filter: ACL 2:1 line1: drop packet in id=4441 : TCP 4.229.189.67:2385 -> 4.229.x:445
    [19/Jan/2005 18:34:03] Packet filter: ACL 2:1 line1: drop packet in id=4442 : TCP 4.229.189.69:1518 -> 4.229.x:445
    [19/Jan/2005 18:34:04] Packet filter: ACL 2:1 line1: drop packet in id=4445 : UDP 209.244.0.3:53 -> 4.229.x:45105
    [19/Jan/2005 18:34:04] Packet filter: ACL 2:1 line1: drop packet in id=4446 : UDP 209.244.0.4:53 -> 4.229.x:45106
    [19/Jan/2005 18:34:09] Packet filter: ACL 2:1 line1: drop packet in id=4449 : ICMP 128.242.106.66 -> 4.229.x type 3 code 10
    [19/Jan/2005 18:34:14] Packet filter: ACL 2:1 line1: drop packet in id=4454 : ICMP 128.242.106.66 -> 4.229.x type 3 code 10
    [19/Jan/2005 18:34:20] Packet filter: ACL 2:1 line1: drop packet in id=4456 : ICMP 128.242.106.66 -> 4.229.x type 3 code 10
    [19/Jan/2005 18:34:20] Packet filter: ACL 2:1 line1: drop packet in id=4457 : Protocol 2, 209.244.187.136 -> 224.0.0.1
    [19/Jan/2005 18:34:25] Packet filter: ACL 2:1 line1: drop packet in id=4459 : ICMP 128.242.106.66 -> 4.229.x type 3 code 10
    [19/Jan/2005 18:34:25] Packet filter: ACL 2:1 line1: drop packet in id=4460 : TCP 4.229.141.250:2700 -> 4.229.x:445
    [19/Jan/2005 18:34:28] Packet filter: ACL 2:1 line1: drop packet in id=4461 : TCP 4.229.189.69:3996 -> 4.229.x445
    [19/Jan/2005 18:34:29] Packet filter: ACL 2:1 line1: drop packet in id=4462 : TCP 4.229.141.250:2700 -> 4.229.x:445
    [19/Jan/2005 18:34:38] Packet filter: ACL 2:1 line1: drop packet in id=4466 : TCP 4.229.36.25:2596 -> 4.229.x:135

    thanx in advanced,
    Byan
    Reply With Quote Reply With Quote
  2. January 19th, 2005, 08:23 PM #2
    fink's Avatar
    fink
    fink is offline Site Moderator
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    26,543
    I've edited out your personal IP address for your own privacy and security and moved this to networking where it may be a better fit.
    _____________________
    cat lovers click here
    Reply With Quote Reply With Quote
  3. January 19th, 2005, 09:11 PM #3
    Byan
    Byan is offline Virtual PC Surgeon!
    Join Date
    Jul 2003
    Posts
    1,255
    I wasn't sure of which forum to put it into..
    Networking seems to be more the hardware aspect of it
    Sequirity seems to have to do with firewalls and such, which would have to do with preventing intrusions
    Internet Software has to do with software protocals and such..


    I was gonna edit out my IP but I had to leave soon, so I decided that giving my dynamic IP out (which is now something else), would not really matter..
    Reply With Quote Reply With Quote
  4. January 19th, 2005, 10:45 PM #4
    Byan
    Byan is offline Virtual PC Surgeon!
    Join Date
    Jul 2003
    Posts
    1,255
    I looked up what some of these ports are.., and I discovered that 135 is port the blaster worm uses, and 445 is the one that sasser uses, just about all the packets are to those ports..

    so, I blocked out all TCP unestablished incoming packets.., and I can still surf the internet and such.., so its seems that all I need are the incoming udp packets....
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules