Telefonino.net network
 
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. NEI PREFERITI .:: | RSS Forum | RSS News | NEWS web | NEWS software |
| PUBBLICITA' | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | CERCA nel FORUM » |

Torna indietro   WinTricks Forum > Antivirus&Sicurezza > Sicurezza&Privacy

Notices

Rispondi
 
Strumenti discussione
Vecchio 19-11-2003, 16.11.41   #1
sberla54
Hero Member
 
L'avatar di sberla54
 
Registrato: 06-12-2001
Loc.: Bologna
Messaggi: 538
sberla54 promette bene
Kerio - Svchost, Lsass, tcpip driver

Salve ragazzi.
Ho da poco installato e configurato tramite un tutorial Kerio 2.1.5

Il tutto sembra abbastanza semplice...non molto più difficile di ZA.

Ho pero spesso dei dubbi per quanto riguarda alcuni processi di windows che non so se permettere o negare all'accesso a internet.

Ho fatto anche alcune ricerhe qui sul forum...

Si tratta di:

svchost.exe (sul quale ho trovato pareri contrastanti qui sul forum ed il quale è anche aperto per 4 volte nel task manager)

Lsass.exe (aperto nel taskmanager)

tcpip driver (il più strano...mi dice che qualcuno vuole sendarmi qualcosa tramite questo)

Uso winxp pro ed ho il pc in lan con un altro...che però è un server e percui non ha alcun motivo di connettersi al mio pc...

Sono connesso con fibra ottica tramite scheda di rete interna.

Spero sappiate aiutarmi
Mi bastano anhce links ad altre discussioni!

Ciao e grazie!
___________________________________

- http://sberla54.altervista.org - My home page -
sberla54 non è collegato   Rispondi citando
Vecchio 19-11-2003, 22.34.15   #2
IrONia
Guest
 
Messaggi: n/a
http://www.dslreports.com/forum/rema...erio~mode=flat



ciaoooo
  Rispondi citando
Vecchio 19-11-2003, 23.09.19   #3
sberla54
Hero Member
 
L'avatar di sberla54
 
Registrato: 06-12-2001
Loc.: Bologna
Messaggi: 538
sberla54 promette bene
io io te lo dico sempre che sei il migliore
___________________________________

- http://sberla54.altervista.org - My home page -
sberla54 non è collegato   Rispondi citando
Vecchio 19-11-2003, 23.38.59   #4
IrONia
Guest
 
Messaggi: n/a
ooooooo non esageriamo...........



diciamo che uso anch'io kerio



ciaoo
  Rispondi citando
Vecchio 20-11-2003, 15.33.04   #5
sberla54
Hero Member
 
L'avatar di sberla54
 
Registrato: 06-12-2001
Loc.: Bologna
Messaggi: 538
sberla54 promette bene
Quota:
Generic Host Process for Windows this is svhost and rather than input all the ports the ports it uses I simply put any port for a blanket protection from inbound requests that are not wanted. You can change it block to remote port 5000, or you could combine Epmap and SSDP into this rule if you wanted.
Pero nn mi è chiarissima la cosa...

Io l'ho tradotta cosi:
"piuttosto che lasciare aperte tutte le porte semplicemente pongo alcune porte per una protezione generica dalle richieste di connessione in ingresso che non sono volute.
Puoi cambiarlo per bloccare la porta 5000 o puoi combinare Epmap e SSDP in questa rule se vuoi"

A me piacerebbe saperne di sicurezza e connettività...ma purtroppo nn è cosi...
E tutto questo discorso nn mi è troppo chiaro

Iro mi puoi aiutare caritatevolmente tu?

Altra cosa...tu li hai seguiti alla lettere quei consigli? Bloccando tutte le porte e le appz che lui riporta....
___________________________________

- http://sberla54.altervista.org - My home page -
sberla54 non è collegato   Rispondi citando
Vecchio 20-11-2003, 20.39.58   #6
IrONia
Guest
 
Messaggi: n/a
ti allego miei screen...considera che io NON sono in lan




ciaoo
  Rispondi citando
Vecchio 20-11-2003, 20.43.11   #7
IrONia
Guest
 
Messaggi: n/a
qui ti allego regole che uso per Svchost


sul mio pc questo exe ha accesso solo pe ril dns (porta 53) solo per i due dns che uso


per quanto riguarda l aporta 123 è la time....quindi se sincronizzi l'orologio devi lasciarla aperta....


datti una letta a questo

New Ruleset Recommendation for svchost.exe Try this ruleset for svchost.exe:
[SVCHOST SSDP (UPnP) Connection Rule]
Where the protocol is: UDP
Where the remote port is: 1900
Deny It
This rule will Deny SSDP which is used in conjuction with the UPnP service to setup device and control point communication under the UPnP protocol. So if you use UPnP, then you must enable both this rule for SSDP and the rule for the UPnP service.
[SVCHOST UPnP Connection Rule]
Where the protocol is: TCP
Where the direction is: Inbound
Where the local port is: 5000
Deny It
This rule will Deny the UPnP service which is used in conjuction with SSDP to setup device and control point communication under the UPnP protocol. So if you use UPnP, then you must enable both this rule for the UPnP service and the rule for SSDP.
[SVCHOST Time Synchronization Connection Rule]
Where the protocol is: UDP
Where the remote host is: time.windows.com, time.nist.gov
Where the remote port is: 123
Allow It
Needed for auto time synchronization. Deny It if you do not use this feature.
[SVCHOST DNS UDP Connection Rule]
Where the protocol is: UDP
Where the remote host is: <IP or DNS1>, <IP or DNS2>, etc.
Where the remote port is: 53
Allow It
Required for DNS lookups. If you have problems, try enabling the next rule for TCP DOMAIN and see if it helps. If you are unsure about the IP addresses of the DNS servers of your Internet Service Provider, then do not check the box to specify remote host. Your rule should just read, UDP, port(remote) 53, and allow it. If you use this rule, please uncheck the rule for DNS in the Global Rules. There is no need for two rules allowing the same thing.
[SVCHOST DNS (DOMAIN) TCP Connection Rule]
Where the protocol is: TCP
Where the direction is: Outbound
Where the remote port is: 53
Deny It
Notice that this is TCP and the action is to 'Deny It'. I have not found much use for this rule and have never needed it to browse.




[SVCHOST DHCP (IP Address Acquisition) Rule]
Where the protocol is: UDP
Where the direction is: Outbound
Where the remote port is: 67
Where the local port is: 68
Allow It
If you get an IP address for your PC by DHCP, then this rule is required. If you use a Static IP address then you may not need this rule and you can change the action to 'Deny It'. If you use DHCP and are experiencing difficulties getting an IP, try removing the "direction" from the rule. If you use this rule, please uncheck the rule for DHCP in the Global Rules. There is no need for two rules allowing the same thing.
[SVCHOST RPC TCP Connection Rule]
Where the protocol is: TCP
Where the direction is: Inbound
Where the remote port is: 135
Deny It
[SVCHOST RPC UDP Connection Rule]
Where the protocol is: UDP
Where the direction is: Inbound
Where the remote port is: 135
Deny It
Inbound connections from other hosts to your PC on this port is generally not necessary. The people who require such a connection will know it and can change this to 'Allow It'. If you do not know the purpose of RPC on port 135, DO NOT set these rules to 'Allow It'.
[SVCHOST HTTP Connection Rule]
Where the protocol is: TCP
Where the direction is: Outbound
Where the remote port is: 80
Allow It
[SVCHOST HTTPS Connection Rule]
Where the protocol is: TCP
Where the direction is: Outbound
Where the remote port is: 443
Allow It
The HTTP and the HTTPS rules are sometimes required due to the fact that some of Microsoft's Help features may utilize online resources. Without these rules, some help features in Windows may cease to function. My own preference is to deal with port 80 and 443 requests on a per incident basis or try to define specific remote hosts to secure them a little further. But, defining remote hosts has its negative points also because sometimes the IP address changes for a given URL. My recommendation is that you leave both rules above 'Allow It', 'Deny It' (not preferred), or use the 'Allow Once' or 'Block Once' buttons on a per incident basis and do NOT attempt defining remote hosts for these rules.
[SVCHOST Extended TCP Coverage Rule]
Where the protocol is: TCP
Deny It
[SVCHOST Extended UDP Coverage Rule]
Where the protocol is: UDP
Deny It
These two rules are LAST and should ALWAYS be LAST in the list. They basically deny any traffic, without asking, for any activity that is not defined by the rules above them. That will help eliminate the popups. The negative effect is that if you are experiencing a problem using a necessary service that is enabled by svchost.exe, then you will have to check your 'Blocked' logs to find out what is happening.
If you have read my suggestion in this post Svchost, then you will see some differences between the rules that I wrote there and the rules that I have given here. There is a reason for that. Because of the last two rules in this list, only the activity defined by this application rule will be allowed. This is because the application rule for svchost.exe will take priority over any Global Rule defined. So, I had to add a rule for allowing DNS lookups and also DHCP to rules here in order to allow those activities to take place. The Global Rules for these two items and a few more like RPC are rendered useless by the ruleset above. This ruleset should take care of any SVCHOST enabled service. You will also note that I do not have the rule for denying TCP port 1025 in this ruleset. That is because it is no longer needed based on the last two rules for denying TCP and UDP. In fact, the only rules that are required are the 'Allow It' rules that I have listed here because all other activity will be denied by the last two rules. However, I left in the 'Deny It' rules for SSDP, UPnP, TCP DOMAIN, RPC, HTTP, and HTTPS in the case a user would like to modify the permissions for these specific items. If you have any problems with ANY of the UDP rules, try removing the 'direction' and see if that fixes the problem.
Using the ruleset above, no more popups should occur. Please try them if you have time. And, please ask if you have any problems or questions about the rules or ideas that I have presented here.
Follow-up comments regarding ruleset listed above.
I just wanted to write a quick follow up. I created the rules specified above for svchost.exe. After doing that, I unchecked the Global rules for 'Allow DNS Resolving', 'Allow Outgoing DHCP', 'Block Remote Procedure Call (TCP)', and 'Block Remote Procedure Call (UDP)'. These rules should no longer be required as applications specific rules for svchost.exe were created for the same purpose. Then, I tested the ruleset that I have listed above and only found one issue. When I tried to release and renew my IP address using the IP address from my PC using the 'ipconfig' command in an MSDOS Window, I ran into an old Outpost bug, 'Learning Mode'. I tried the solution of operating Outpost in 'Block Most' Policy, but that did not work. This made my attempt to manually release and renew my IP address futile. However, it did NOT affect my PC's ability to gain an IP address during bootup. My suspicion is that this is due to the fact that Outpost operates in 'Allow Most' Policy during bootup or that DHCP IP Acquisition is happening before Outpost can start, not because the rule is functioning properly during bootup.
What does this mean?
1) Dial-up users may have issues with this ruleset. But, as far as I know dial-up users must start Outpost after logging into their ISP so that Outpost properly registers their IP, so it may not really matter. By the way, this is another current Outpost bug.
2) Broadband users will have to avoid releasing and renewing their IP using the 'ipconfig' command from an MSDOS Window. This should not happen often anyway. If it becomes necessary, a broadband user could place the firewall in 'Disable' mode temproarily for the purpose of manually releasing and renewing their IP using the 'ipconfig' command.
The rules are still worth trying though as this problem only seems to affect manual releasing and renewing of IP Addresses using 'ipconfig' and workarounds have been stated here in points 1 and 2 above. Let me know if you try these rules and have any issues.
  Rispondi citando
Vecchio 20-11-2003, 22.33.32   #8
sberla54
Hero Member
 
L'avatar di sberla54
 
Registrato: 06-12-2001
Loc.: Bologna
Messaggi: 538
sberla54 promette bene
grazie
___________________________________

- http://sberla54.altervista.org - My home page -
sberla54 non è collegato   Rispondi citando
Vecchio 20-11-2003, 23.16.18   #9
IrONia
Guest
 
Messaggi: n/a
niente

fammi sapere


ciaoo
  Rispondi citando
Rispondi


Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti)
 
Strumenti discussione

Regole di scrittura
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is ON
Gli smilies sono ON
[IMG] è ON
Il codice HTML è OFF

Vai al forum

Orario GMT +2. Ora sono le: 12.55.48.


E' vietata la riproduzione, anche solo in parte, di contenuti e grafica.
Copyright © 1999-2017 Edizioni Master S.p.A. p.iva: 02105820787 • Tutti i diritti sono riservati
L'editore NON si assume nessuna responsabilità dei contenuti pubblicati sul forum in quanto redatti direttamente dagli utenti.
Questi ultimi sono responsabili dei contenuti da loro riportati nelle discussioni del forum
Powered by vBulletin - 2010 Copyright © Jelsoft Enterprises Limited.