kerio connections

[raptors892004]

I installed the free kerio firewall yesterday (still in trial mode for now) and I've been getting those connections to the Kerio GUI program a couple of times during the day now.. I just wondered what they are.. Attached is a screenshot of the log showing those connections

EDIT: Those shown connection attempts are like 2-3 secs apart from each other.. There were numerous connections such as those at 9am and now those 2 secs apart (about 20 of them) were at 3pm.. I may have to swtich firewalls, don't I?

EDIT2: All of those connections are targeted towards port 1027 on my pc.. Is that for windows component or something?

[richcornucopia]

I looked up a few of those and they are from Asia Pacific Network Information Centre. Do you have a router? When this ips appeared were you using an p2p progams?

[raptors892004]

The morning IPs were from those Asia Network center as well and no, no p2p running.. Just F@H client and pogo.com .. I posted here in case this was an exploit attempt or something.. I also had AVG free running but I disabled automatic updating before so I know its not checking or anything.. Hope anyone helps

[Voltageman]

Port 1027 can also be associated with ICKiller Trojan....Run a security scan, and see what you get...

https://www.grc.com/x/ne.dll?bh0bkyd2 --Try that scan..Click on proceed, and find All Service Ports, and click that..

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym --Or try the Symantec scan..

Just for reference, my pc is completely stealth, and I am in my DMZ...If you have open ports, you may want to investigate further...

[raptors892004]

I have no reason to have that trojan.. No p2p or malware installed on my pc guaranteed.. I have spyware blaster, ad-aware, spybot and AVG running plus I don't visit those scam (unsafe) sites, so I'm pretty sure no trojan is in my system.. I'll run an AVG scan anyways, but I doubt if it finds anything.. I blocked port 1025 in my firewall also and all my service ports were stealth

[Voltageman]

You're probably fine then...Just figured I'd post it just in case..Can never be too careful..

The internet is like a free hooker that hasn't used a rubber in 20 years(even though she wouldnt live that long)

[resopalrabotnick]

i don't know what internet you use, mine doesn't have any malware/adware/spyware/viruses on it.

it might well be the mother of that trojan looking for infected systems to integrate into it's bot collective.

[raptors892004]

One of the accessing points is a dedicated server.. Ah well, all ports are stealth and no viruses/trojans present.. I'm good.. Thanks for all the replies.. I got attemps on ports 1028, 1029 before too but I never looked into who in particular tried to access them.. Thanks again for the replies

[resopalrabotnick]

and that dedicated server might be controlling botnets. bastards.

[Blunted 2]

well i have kerio personal firewall and its good if you set it up right but if setup wrong its an open door.  also if you read some of kerio.com kerio ersonal firewall is gonna be dis-continued at the end of december and i now use win route firewall.   

[Blunted 2]

also my connections read 4 in and 4 out with nothing connected and mine does not do that so something is not right with yours.  to stop that goto network settings and put an x on all kerio personal firewall  and when you update which wont be many more cause its being dis-continued  just switch to another firewall.  anyway here is my connections  just sitting on the net.

[raptors892004]

So if its discontinued, won't I still be able to use the installed one I have or will they make me uninstall it?

[raptors892004]

also my connections read 4 in and 4 out with nothing connected and mine does not do that so something is not right with yours.  to stop that goto network settings and put an x on all kerio personal firewall  and when you update which wont be many more cause its being dis-continued  just switch to another firewall.  anyway here is my connections  just sitting on the net.

You have those ports open that I disabled access to (1029, 1028, 1027).. You can see Kerio GUI is listening at them in your pic.. That is what my concern was (about those service ports)..  Visit https://www.grc.com/x/ne.dll?bh0bkyd2 to test your service ports and see what you have open (click on the link, then proceed, then service ports to test)

[raptors892004]

http://www.kerio.com/kerio-pr-us-2005-2885.html

There will still be a free version available plus paid one will cost less

[Blunted 2]

i passed all the tests there and every port was stealth

[Voltageman]

i passed all the tests there and every port was stealth

Stealth is the way to be.....Can't attack what you can't see...

That test only does the first 1056, but is still a good test...

Try these..

http://scan.sygate.com/prequickscan.html  -quick scan

http://scan.sygate.com/prestealthscan.html -stealth scan

http://scan.sygate.com/pretrojanscan.html -Trojan port scan

http://scan.sygate.com/pretcpscan.html -TCP port scan

http://scan.sygate.com/preudpscan.html -UDP port scan

[Blunted 2]

owned 

[boywonder]

Tested using XP's FireWall:

FILE SHARING

YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

COMMON PORTS

Your system has achieved a perfect "TruStealth" rating. Not a single packet

[Blunted 2]

all the tests took a bit but try them out

[boywonder]

I'll give'm a shot tommorow

[Blunted 2]

yea one of them took quite a bit for it to complete and there is 5. 

[Voltageman]

yea one of them took quite a bit for it to complete and there is 5.

[Blunted 2]

it took quite a bit for them all to finish, maybe 30 minutes

[raptors892004]

Trojan scan test took me about 20 minutes (not 30 like the website said) and all ports were stealth

[boywonder]

I recently removed EZ Firewall ( Z A ) so I'm using XP's firewall.

Ran all the test everything came out squeaky clean. So why not go with XP's firewall?