how-to block ads
|
Caution
@verizon.net
| reply to Qwerky
Re: Kerio 4.2.3 packet filter rule
Since you have a choice why not just go wint Windows Messenger and see how things go. My gues is that you wil run into the same sort of problem but try it and see.
The outbound UPD should not be required. Have you tried not allowing it ?
To many Ports being used. The use of 443 would be a concern to me. I will try looking into that.
Your solution may be to install Trillian. First open an account with Windows Messenger. Afterwards you could access that account with Trillian. Trillian is more secure but of course you do have to properly set it. Which is easy. Plus with Trillian you can also use yahoo messenger, and one or two others I think. Get the free version. You can download it at filehippo dot com.
LoL, as for my getting better health wise, nope, no chance of that happening but what the hell such is life. | |
Qwerky
join:2006-05-24
Adanac
| said by Caution :
LoL, as for my getting better health wise, nope, no chance of that happening but what the hell Hi Caution! Sorry to hear that, but best wishes anyway.
such is life. That's the second time I read that within a few hours. The other was a quote--famous last words of Australia's notorious Ned Kelly  .
Thanks very much for finding all that information. Too many ports being used--I agree! Windows Live Messenger requires one to log in with name/password (I have no idea whether Windows Messenger or Trillian does the same), which I suppose would account for port 443 (https). I can see port 1863 for its service, and standard port 80, but the rest are beyond belief.
Today before starting WLM, I added a block rule below the allow rules described above, blocking all ports/services/addresses for that .exe. WLM took a very long time signing in, but after that it has worked fine all day. Note that I use it only for simple keyboard messages back and forth.
So yes, as of now it is allowed only TCP/80,443,8163 and UDP/7001. Tomorrow, if I'm feeling brave, I will disallow the UDP rule and see what happens. What would it use UDP for anyway?
I am very hesitant to take very large steps at this point, as 1) Kerio is very susceptible to crashing when creating rules from pop-ups. I've been meaning for a long time to move over to Comodo since it seems to be highly thought of, 2) I need the system to function without interrupt for work, especially with this new contract, and 3) large time constraints and deadlines at the moment.
--
Mr. Qwerky - The Lone Stranger
Hi-Ho Tinfoil, Away!
| |
The Snowman
Premium
join:2007-05-20
 ·Verizon Online DSL
|
What OS are you using ? If it's NOT Vista than you could take a look at Kerio 2.15 (but only if you know how to make rules for it). Comodo from what I hear is a real pain with the pop-up's........a Comodo user would better know if it is or not.....point being...just be sure you don't swap out for something worse than what you are already experiencing. People tend to forget that some of the older firewalls still do a fine job.
In your caae I honestly do not think that changing firewalls will really help much. Your problem is not with the firewall its with Windows Live Messenger.
Yes, you really should consider Trillian. I know it works with Windows Messenger......that should do the job for you just as well as that Live garbage.
If you get an infection or your client does....it's going to be passed from computer to computer.....LoL, you defintely never want to infect a client's computer.
Friend you are fighting with a PitBull using Live Messenger. Microsoft does not give anything without wanting more in return. You really need to rid yourself of that thing quickly.
Kerio worked for you before this.....stick with what works for you........its not a Kerio problem.
Not much more can be offered to you in the way of suggestions under the circumstances........I understand you are just trieing to do your job....un-fortunately, Windows Live Messenger is a pain in the buttocks.....why make life hard...find something else to use. | |
Qwerky
join:2006-05-24
Adanac
| Hello Snowman, and thanks for the reply. I'm using XP SP2 with Sunbelt Kerio. Yes, I agree 100% the problem here is not Kerio, but WLM. I was wanting to get away from Kerio (long before this issue came up) because of it's horrible habit of crashing the system when creating a new rule via a pop-up. I was looking at Comodo because some of the comparative testing showed it ranked very high, while Kerio ranked very low in those particular tests. However, I'm not anxious to take such a large step at the moment; perhaps when I have more time.
This evening I've been doing a little testing with WLM, while closely monitoring my firewall log. First, I disabled the UDP rule, and WLM continues to operate (I see the UDP blocked in the log, but it is infrequent).
From what I can see, it appears that WLM likes to use port 1863 when the user signs in; I don't see it after that, though I'm not actually passing messages with anyone at the moment. After the login, I see a lot of WLM traffic to ports 80 and 443, so those ports are apparently necessary. I even tried signing in with port 1863 blocked, and it did eventually succeed, though it took somewhat longer. So it would appear that 1863 is for login, 80,443 for messages, and UDP is not required for operation. I will have a better idea if this is so, tomorrow when I actually message someone.
I did notice, however, that the IP blocks 209.67.0.0 - 209.67.255.255 and 216.34.207.0 - 216.34.207.255 are both associated with the ads that appear in WLM, as I see them in the log when the add changes. Sam Spade says they both belong to Savvis [the latter group to Valueclick (Savvis)]. I blocked both these groups, and WLM continued to log in and function. During the brief time I tested with them blocked, I didn't see any adds appear (though there may also be other blocks used by WLM for ads). I hope that may be of help to some other WLM user who doesn't want to see the ads. I'm going to leave these groups blocked and make sure I can still message with WLM tomorrow.
Now that you've mentioned infections spreading via WLM, I am concerned. Is Trillian immune to such? Since it has been twice recommended now, I will try to find time to give it a look. Thank you both for the recommendation!
--
Mr. Qwerky - The Lone Stranger
Hi-Ho Tinfoil, Away!
| |
|
