Kerio PF 4: I need help

[MLC]

I asked this in comp.security.firewalls but no one answered, so now I hope
in your help

I see in the NIPS (Network Intrusion Detection and Prevention System) logs
that my ISP is blocked as an attack source, with this description:
BAD-TRAFFIC IP Proto 103 (PIM)
and with "medium" priority.

There is a log for this every 30 seconds!

I don't know what it means and I'm wondering if I should allow it (allowing
all the intrusions of "medium" priority), because recently I have many
disconnections from my dial-up, it seems I can't keep the connection alive
for more than a few minutes, and it's veeeery sloooow.

What do you think?

 

[Andreas Kaestner]

MLC ([email protected]) schrieb/wrote:

I see in the NIPS (Network Intrusion Detection and Prevention
System) logs that my ISP is blocked as an attack source, with this
description: BAD-TRAFFIC IP Proto 103 (PIM)
and with "medium" priority.

There is a log for this every 30 seconds!

I don't know what it means

Why not ask your ISP?

 

[MLC]

giovedì 25 agosto 2005 Andreas Kaestner ha scritto:

Why not ask your ISP?

Tried several times today: all I got was an answering machine saying that
they're all busy...

 

[Ray]

I asked this in comp.security.firewalls but no one answered, so now I
hope in your help

snip

What do you think?

Download Kerio 2.15.
http://www.kerio.com/new/kpf_download.html

 

[Anthony R. Gold]

Download Kerio 2.15.
http://www.kerio.com/new/kpf_download.html

At $39 for a single user license Kerio 2.15 is definitely not freeware.

Tony

 

[Kerodo]

At $39 for a single user license Kerio 2.15 is definitely not freeware.

Tony

Wrong. Kerio 2.1.5 is definitely free. Although no longer supported in
any way..

 

[wolfgang schneider]

I don't know what it means and I'm wondering if I should allow it (allowing
all the intrusions of "medium" priority), because recently I have many
disconnections from my dial-up, it seems I can't keep the connection alive
for more than a few minutes, and it's veeeery sloooow.

What do you think?

the low speed of your often broken connection doesn't depend on the
requests to your system ( which could be anything , but i guess are
netbiospackets ) .

first learn a little to controll traffic on your machine , then try
another firewall ( my advice is jetico personal firewall ) , another
provider and another modem . now you should be fine !

 

[elaich]

Download Kerio 2.15.
http://www.kerio.com/new/kpf_download.html

Agreed. Kerio 4 is garbage.

 

[Chrissy Cruiser]

Agreed. Kerio 4 is garbage.

Kerio 2.15 freeware user here concurring.

 

[Chrissy Cruiser]

Agreed. Kerio 4 is garbage.

Elaich, I blew out my DSL "modem" and had to replace it. Kerio 2.15 doesn't
like it. Any idea where I should look in the logfile to see where Kerio is
blocking the new modem?

 

[elaich]

Elaich, I blew out my DSL "modem" and had to replace it. Kerio 2.15
doesn't like it. Any idea where I should look in the logfile to see
where Kerio is blocking the new modem?

Kerio (or any other firewall I know of) doesn't block modems. It blocks
programs and processes. Most likely you don't have the proper driver for
the new modem, or it didn't install properly.

 

[Aaron]

I asked this in comp.security.firewalls but no one answered, so now I
hope in your help

I see in the NIPS (Network Intrusion Detection and Prevention System)
logs that my ISP is blocked as an attack source, with this
description: BAD-TRAFFIC IP Proto 103 (PIM)
and with "medium" priority.

There is a log for this every 30 seconds!

I don't know what it means and I'm wondering if I should allow it
(allowing all the intrusions of "medium" priority), because recently I
have many disconnections from my dial-up, it seems I can't keep the
connection alive for more than a few minutes, and it's veeeery
sloooow.

What do you think?

That's why I love the idea of IDS rules in personal firewalls. They tend
to send cryptic messages that are beyond the ken of most homeusers.

Hard to say what "BAD-TRAFFIC IP Proto 103 (PIM)" is without knowing what
network packets are actually triggering this rule. Have you asked the
Kerio people?

 

[Chrissy Cruiser]

Kerio (or any other firewall I know of) doesn't block modems. It blocks
programs and processes. Most likely you don't have the proper driver for
the new modem, or it didn't install properly.

I think your right even though it works like a champ. Kerio can block
TCP/IP though and that's what I think is happening. Why would an improper
driver be the cause?

 

[MLC]

venerdì 26 agosto 2005 Aaron ha scritto:

That's why I love the idea of IDS rules in personal firewalls. They tend
to send cryptic messages that are beyond the ken of most homeusers.

Really :-\

Hard to say what "BAD-TRAFFIC IP Proto 103 (PIM)" is without knowing what
network packets are actually triggering this rule. Have you asked the
Kerio people?

I've just done it, after having read this your post.
Let's hope.

 

[David]

I think your right even though it works like a champ. Kerio can block
TCP/IP though and that's what I think is happening. Why would an improper
driver be the cause?

Kerio trashed my computer quite thoroughly.

 

[elaich]

Kerio trashed my computer quite thoroughly.

Which Kerio? I've never heard of Kerio 2 trashing anybody's computer. When
I tried Kerio 4, everything started running like molasses.