Kerio 2.1.5 - Unable to Attach TCP Message

Windows 2000 SP4 with Kerio firewall 2.1.5.

After closing port 445 using
either Windows Worms Cleaner or by editing the registry, I get the message
on boot up " Kerio Personal Firewall Driver : Unable to attach 'TCP"
followed by similar messages for other protocols. Google indicates this is
a known bug. Nevertheless, on running the ShieldsUp probe, my computer is
still stealthed despite the error messages. I tried uninstalling Kerio,
closing the port, then reinstalling Kerio, but that didn't fool it.

I can't see any fix for this bug on Google. And after running ShieldsUp, I
don't know if the error message is spurious or a genuine indication of a
problem in the firewall.

Any thoughts? (In the meantime, I have reversed the registry changes so
that port 445 shows as listening but is at least protected by the firewall.)

Thanks.

Martin

Re: Kerio 2.1.5 - Unable to Attach TCP Message

Martin wrote:

> Windows 2000 SP4 with Kerio firewall 2.1.5.

Kerio 2.1.5 was good but it's outdated now (cause of security flaws :-( ).

> After closing port 445 using

Do you need the smb-direct protocol?

> either Windows Worms Cleaner
Whats' this?

> or by editing the registry,

SMBDeviceEnabled=0?

> I get the messageon boot up "Kerio Personal Firewall Driver: Unable to
> attach 'TCP"

Mmmmh, I used Kerio in conjunction with WinNT and that system didn't know
anything abou smb-direct.

> followed by similar messages for other protocols.Google indicates this is
> a known bug. Nevertheless, on running the ShieldsUp probe, my computer
> is still stealthed despite the error messages.

"stealth" is bad, it's a misconfiguration.

> I tried uninstalling Kerio,
> closing the port, then reinstalling Kerio, but that didn't fool it.

What about wipfw? It's actual and very smart ;-)

> I can't see any fix for this bug on Google.
see above.

> Any thoughts? (In the meantime, I have reversed the registry changes
> so that port 445 shows as listening but is at least protected by the
> firewall.)

That's a workaround with security flaws. What does the Kerio FW have to do?
Make it unnecessary (German says: überflüssig == superfluous) or change to
f.e. ipsecpol or wipfw.

HTH
Wolfgang

Re: Kerio 2.1.5 - Unable to Attach TCP Message

Thanks, Wolfgang.

1. Kerio 2.1.5 - is it outdated because of the fragmented-packet
vulnerability
(which I understand can be overcome by using CHX) or are there other
security flaws with it? It's a pity - I like it because it helped me to
understand a little about ports, protocols etc.

2. SMB-direct? I noticeed that ports 135 and 445 were shown as
listening. On Google I found
http://www.claymania.com/windows2000-hardening.html
in which the registry key listed is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBt\P arameters
TransportBindName. Anyway, using "smb direct 445" on Google, I found
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/08 /msg00424.html
which seems helpful.

3. You say stealth is bad - it's a misconfiguration. Could you explain,
please. In my naiivity, on going to sites like ShieldsUp and finding all
common ports "stealthed", I thought everything is good.

4. I went to try and get wipfw at the sourceforge site and downloaded the
files GUI frontend and wipfw-stable and there seems to be some sort of
problem: Winzip tells me they aren't valid archives and at 14.5kb the
downloaded file sizes seem to be correct.

I'd be very grateful for any comments and advice.

Many thanks

Martin







"Wolfgang Ewert" wrote in message
news:ge48t3-pv8.ln1@news.wolfgang.ewert.com...
> Martin wrote:
>
> > Windows 2000 SP4 with Kerio firewall 2.1.5.
>
> Kerio 2.1.5 was good but it's outdated now (cause of security flaws :-( ).
>
> > After closing port 445 using
>
> Do you need the smb-direct protocol?
>
> > either Windows Worms Cleaner
> Whats' this?
>
> > or by editing the registry,
>
> SMBDeviceEnabled=0?
>
> > I get the messageon boot up "Kerio Personal Firewall Driver: Unable to
> > attach 'TCP"
>
> Mmmmh, I used Kerio in conjunction with WinNT and that system didn't know
> anything abou smb-direct.
>
> > followed by similar messages for other protocols.Google indicates this
is
> > a known bug. Nevertheless, on running the ShieldsUp probe, my computer
> > is still stealthed despite the error messages.
>
> "stealth" is bad, it's a misconfiguration.
>
> > I tried uninstalling Kerio,
> > closing the port, then reinstalling Kerio, but that didn't fool it.
>
> What about wipfw? It's actual and very smart ;-)
>
> > I can't see any fix for this bug on Google.
> see above.
>
> > Any thoughts? (In the meantime, I have reversed the registry
changes
> > so that port 445 shows as listening but is at least protected by the
> > firewall.)
>
> That's a workaround with security flaws. What does the Kerio FW have to
do?
> Make it unnecessary (German says: überflüssig == superfluous) or change to
> f.e. ipsecpol or wipfw.
>
> HTH
> Wolfgang
>

Re: Kerio 2.1.5 - Unable to Attach TCP Message

I forgot: Windows Worms Doors Cleaner ....
http://www.firewallleaktester.com/wwdc.htm



Martin


"Martin" wrote in message
news:4503dddc@news.greennet.net...
> Thanks, Wolfgang.
>
> 1. Kerio 2.1.5 - is it outdated because of the fragmented-packet
> vulnerability
> (which I understand can be overcome by using CHX) or are there other
> security flaws with it? It's a pity - I like it because it helped me
to
> understand a little about ports, protocols etc.
>
> 2. SMB-direct? I noticeed that ports 135 and 445 were shown as
> listening. On Google I found
> http://www.claymania.com/windows2000-hardening.html
> in which the registry key listed is
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBt\P arameters
> TransportBindName. Anyway, using "smb direct 445" on Google, I
found
> http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/08 /msg00424.html
> which seems helpful.
>
> 3. You say stealth is bad - it's a misconfiguration. Could you
explain,
> please. In my naiivity, on going to sites like ShieldsUp and finding
all
> common ports "stealthed", I thought everything is good.
>
> 4. I went to try and get wipfw at the sourceforge site and downloaded
the
> files GUI frontend and wipfw-stable and there seems to be some sort of
> problem: Winzip tells me they aren't valid archives and at 14.5kb the
> downloaded file sizes seem to be correct.
>
> I'd be very grateful for any comments and advice.
>
> Many thanks
>
> Martin
>
>
>
>
>
>
>
> "Wolfgang Ewert" wrote in message
> news:ge48t3-pv8.ln1@news.wolfgang.ewert.com...
> > Martin wrote:
> >
> > > Windows 2000 SP4 with Kerio firewall 2.1.5.
> >
> > Kerio 2.1.5 was good but it's outdated now (cause of security flaws
:-( ).
> >
> > > After closing port 445 using
> >
> > Do you need the smb-direct protocol?
> >
> > > either Windows Worms Cleaner
> > Whats' this?
> >
> > > or by editing the registry,
> >
> > SMBDeviceEnabled=0?
> >
> > > I get the messageon boot up "Kerio Personal Firewall Driver: Unable to
> > > attach 'TCP"
> >
> > Mmmmh, I used Kerio in conjunction with WinNT and that system didn't
know
> > anything abou smb-direct.
> >
> > > followed by similar messages for other protocols.Google indicates this
> is
> > > a known bug. Nevertheless, on running the ShieldsUp probe, my
computer
> > > is still stealthed despite the error messages.
> >
> > "stealth" is bad, it's a misconfiguration.
> >
> > > I tried uninstalling Kerio,
> > > closing the port, then reinstalling Kerio, but that didn't fool it.
> >
> > What about wipfw? It's actual and very smart ;-)
> >
> > > I can't see any fix for this bug on Google.
> > see above.
> >
> > > Any thoughts? (In the meantime, I have reversed the registry
> changes
> > > so that port 445 shows as listening but is at least protected by the
> > > firewall.)
> >
> > That's a workaround with security flaws. What does the Kerio FW have to
> do?
> > Make it unnecessary (German says: überflüssig == superfluous) or change
to
> > f.e. ipsecpol or wipfw.
> >
> > HTH
> > Wolfgang
> >
>
>
>
>