Personal Firewall2 - Still FREE!
 
KERIO Firewall2 passes ALL stealth port and packet exploit tests, uses very little computer resources (less than 1%), and requires only the default firewall rules, unless you want more. Works great with Microsoft XP! FREE for personal use! |
Kerio Personal Firewall version 2.1.4 - 05 August 2002
Download Kerio Personal Firewall (Free)
The KPF is installed easiest with its default rules left intact and in their default order from top to bottom. That's it, end of your firewall install :)
As you open your software applications that access the internet, set a new rule allowing each one if you get the pop-up request to do so. Non-technical and first-time firewall users are recommended to use the default rules installed during the Kerio Personal Firewall installation. They offer ease of use and superior protection.
More advanced users may prefer to use the additional rules listed here for enhanced protection and a better understanding of exactly what is happening, why it is happening, from where it is coming, and where it is going. Most other firewalls tend to "over alert" the user with false-positive intrusion alerts. These annoyances (pop ups, flashing tray icons, etc.) are a thing of the past when the rules and alerts are set up properly in KPF. Then you will be "Stealth" on the internet with the Kerio Personal Firewall (KPF) and these instructions.
If the hackers (more accurately crackers) can't see you, they surely can't crack you. Kerio Personal Firewall is the only personal firewall tested that defeats all the exploits we tried.
Our Win95c stand-alone machine is on the internet and we use two (2) ISPs. We also now have a XP Professional machine, a brand new Dell 8200 2.26 GHz Pentium 4, and we use both the XP built-in firewall and Kerio firewall together at the same time without any problems. The firewall configuration pics above and below are from XP box :) The network bindings are unbound (95 box only) as per Steve Gibson's recommendations on his GRC.com website. To do this, for Windows 95/98 select Start-Menu, Settings, Control Panel, Network, TCP/IP Protocol component, Properties, Bindings and deselect ALL Bindings in the TCP/IP Protocol checkbox(s). You must then REBOOT your computer. The GRC.com website devotes much detail on how to do this, if my one sentence instruction is still unclear.
Both our machine test "Stealth" (perfect) on the GRC.com ShieldsUp port scan website (free) and test "-0" (perfect) on the DSL Reports.com Secure-Me port scan website (free, but requires registration). It also tests perfect on the HackerWhacker scan. Another great new security test site is PC Flank, but it is very busy and may load slowly on computers with phone modems, and without loading some graphics. Kerio Personal Firewall passes ALL stealth tests on the PCFlank website including all the stealth packet tests.
Be sure to download Steve Gibson's free Leak Test v1.1 firewall leak testing utility to check your new stealth invisibility on the internet anytime you're online. The ShieldsUp port scan website is the superior port scan test website on the internet. Using the new Leak Test v1.1 utility is an easy and quick way of verifying that you are stealth. You may be required to use the IP Agent if using Windows 95/98 and DUN 1.4 to get the correct IP address (yours) tested by the port scanner. We are always required to use the IP Agent, or the scanner tests someone else's computer (IP address). This is what being stealth looks like on Steve Gibson's GRC.com ShieldsUp port scan website:
The above is what you want to see. Sample Gibson Research Corporation (http://grc.com) port scan test result from ShieldsUp. Steve Gibson provides a valuable service and lots of good security information for free.
Also note that the rule order from the top to bottom is an important hierarchy in this firewall, and that the rules should generally remain in the same order in which they were originally installed. The default rules are installed with the KPF install, and then the software application rules are added one by one as the Firewall Learning Assistant pop-up appears the first time you open your internet software.
Also note that if you install the new Microsoft DUN 1.4 upgrade for Win95/98 (Dialup only), the KPF firewall may no longer test "Stealth" on the GRC.com port scan website. However, you will test as "all ports blocked" and continue to be secure, although not "Stealth." To remedy this you should remove and reinstall the KPF after you install the DUN 1.4 upgrade.
Unofficial TPF FAQ Custom Rules: The additional unofficial TPF FAQ Custom Rules below are shown in the illustration pics on this page above, and are all listed on the bottom of this page. You can also download a text file copy of them here. They all work, because we have them all installed, although some customization may rarely be required; such as moving apps above any rule(s) that display false positive alerts, etc. The description of each rule is included in the rules set list below.
Important note: Rule 22 blocks and alerts you with a pop-up warning to every unwanted request outgoing from your PC. This could be a spyware/adware app, or a trojan, worm, etc., trying to "phone home." This rule also disables the Rule Assistant learning option that authorizes all your software that you approve one-by-one to "reach out and touch" your ISP, i.e. the "Unknown Outgoing Request Alert" pop-up dialog box, that you will normally approve, unless it is an app. you are not familiar with or don't remember installing - in which case it may be: 1) Microsoft, a spyware app., or a trojan "phoning home;" 2) Something you've forgotten you have installed which would be better off uninstalled anyway. So you do not want to enable Rule 22 until you've given the firewall enough time to alert you to any suspicious outgoing requests coming from inside your PC, and you've already connected with, and approved, all your apps. that you use on the internet. Go ahead now and install the Rule 22 without checking ("X-ing") in the large checkbox in front of the rule. Checking this checkbox later will enable the rule.
Important note: Rule 23 blocks and alerts you to every unwanted request incoming to your PC, also disabling the Rule Assistant learning option just as Rule 22 above does. Enter Rule 23 as shown but don't enable it until you have all of the "kinks" out of your entire rule set as you are installing your software or using it the first time since the firewall install. Also be sure to check the check box that says "ask for action when no rule is found" and let the Rule Assistant show you where any problems are occurring. Go ahead and install the Rule 23 without checking the large checkbox on the left in front of the rule. Checking this checkbox later will enable the rule.
Note: You will have to disable Rule 22 and 23 anytime you install new software that accesses the internet or you will not get the pop-up rule-making Learning-Assistant to help you make a new rule for it..
We also recommend downloading the new free Ad-Aware spyware/adware detecting scanner by Lavasoft. Spyware/adware is invisible software on your computer, usually hidden in other software you downloaded, that sends information about you to others on the internet without your permission. Spyware/adware is now very common, and we found nine (9) different copies and four (4) different applications of spyware/adware on our computer the first time we scanned with this new free software.
Related topics: BHO Cop, Trojan Remover (Checks for and removes 5,280 trojans)
Download
Kerio Personal Firewall version 2.1.4 (Free)
(05 August 2002)
From the Kerio Personal Firewall FAQ (Updated: Sunday, March 13, 2002)
Custom Tiny Personal Firewall (TPF)
Unofficial FAQ Rules - 03 January 2002
(These Rules also work in Kerio
Personal Firewall version 2.1.1 Final)
--------------------------------------------------------------------------------
What are some basic set of rules
for TPF?
(Notify) means => Display alert
box (checkbox).
(Logged) means => Log when this
rule match (checkbox).
Notes:
Rule 1 is the default rule of Tiny
Firewall for loopback.
Rule 2 - 3 are your NetBIOS blocks. Enter them as displayed. Even if you have removed NetBIOS from your Network applet, these will serve to "Notify" you of any attempts. (Of course, this assumes you are NOT legitimately using NetBIOS on your system.)
Rule 4 - 5 allow any application to connect to your Domain Name Servers. If your ISP uses 4 different servers, yours may add and use more or less.
Rule 6 - 10 are the balance of the ICMP rules. Enter them as displayed.
Rule 11 blocks and logs every requests issued to your computer on common ports : FTP, HTTP, POP3, SMTP, Telnet, NetBios, etc.
Rule 12 - 15 are more (AtGuard Default) rules. But you can use for Tiny Firewall now. Once the Trojan Port Blocking rules are activated, these can be deactivated or deleted as they provide duplicate coverage. (I don't use them)
Rule 16 - 17 are the Low and High Trojan Port Blocking rules. Make sure they are set to Log all occurrences. Later you can examine your logs for any programs that are legitimately trying to use these ports. High/Low Trojan Port Blocking rules are not required. But they do "enhance" security, at the cost of increased nuisance. (I don't use them)
Rule 18 - 21 are the "application specific" rules. In general, you'll write one or two rules for each application that you want to access the internet.
Rule 22 blocks and logs every unwanted UDP/TCP requests issued from your PC (could be a trojan, a worm...), this rule disables the learning option (unknown outgoing request).
Rule 23 is the "Block Everything" rule. Enter it as shown but don't enable it until all of the "kinks" are out of your rule set. Let the Rule Assistant (ask for action when no rule is found) work for you to show you where problems are occurring.
= = = = = = = = = = = = = = = =
RULE 1:
Description: Loopback
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: 127.0.0.1
Port type: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 2:
Description: Block Inbound NetBIOS
TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 3:
Description: Block Outbound NetBIOS
TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Port/Range
First Port: 137
Last Port: 139
Action DENY
= = = = = = = = = = = = = = = =
RULE 4:
Description: ISP Domain Name Server
Any App UDP
Protocol: UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Single
Host address: (Your ISP DNS) IP
number
Port type: Single
Port number: 53
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 5:
Description: Other DNS
Protocol: TCP and UDP
Direction: Both
Local Port: Any
Local App.: Any
Remote Address Type: Any
Port type: Single
Port number: 53
Action DENY
= = = = = = = = = = = = = = = =
RULE 6:
Description: Out Needed To Ping And
TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 7:
Description: In Needed To Ping And
TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination
Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 8:
Description: In Block Ping and TraceRoute
ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 9:
Description: Out Block Ping and TraceRoute
ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination
Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 10:
Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination
Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob,
Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address
Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 11:
Description: Block Common Ports (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports:
113,79,21,80,443,8080,143,110,25,23,22,42,53,98
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 12:
Description: Back Orifice Block (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 54320,54321,31337
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 13:
Description: Netbus Block (Logged)
Protocol: TCP
Direction: Incoming
Port type: List of Ports
Local App.: Any
List of Ports: 12456,12345,12346,20034
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 14:
Description: Bootpc (Logged)
Protocol: TCP and UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 68
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 15:
Description: RPCSS (Logged)
Protocol: UDP
Direction: Incoming
Port type: Single port
Local App.: Any
Port number: 135
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 16:
Description: Block Low Trojan Ports
TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 1
Last port number: 79
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 17:
Description: Block High Trojan Ports
TCP UDP (Notify)
Protocol: TCP and UDP
Direction: Both
Port type: Port/range
Local App.: Any
First port number: 5000
Last port number: 65535
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 18:
Description: Internet Explorer-Web
browsing
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below
=> iexplore.exe
Remote Address Type: Any
Port type: Any
List of ports: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 19:
Description: Outlook Express
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below
=> msimn.exe
Remote Address Type: Any
Port type: List of ports
List of ports: 25,110,119,143
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 20:
Description: ICQ Web Access Block
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Only selected below
=> icq.exe
Remote Address Type: Any
Port type: Single port
List of ports: 80
Action DENY
= = = = = = = = = = = = = = = =
RULE 21:
Description: ICQ Application
Protocol: TCP
Direction: Outgoing
Port type: Any
Local App.: Only selected below
=> icq.exe
Remote Address Type: Any
Port type: Single port
List of ports: 5190
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 22:
Description: Block Outbound Unauthorized
Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Outgoing
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
= = = = = = = = = = = = = = = =
RULE 23:
Description: Block Inbound Unknown
Apps TCP UDP
(Notify)
Protocol: TCP and UDP
Direction: Incoming
Port type: Any
Local App.: Any
Remote Address Type: Any
Port type: Any
Action DENY
If you are on a LAN you might need to allow NetBIOS to and from computers on your LAN. You should insert two rules before rule 2 and 3:
RULE 2a:
Description: Trusted Inbound NetBIOS
TCP UDP
Protocol: TCP and UDP
Direction: Incoming
Port type: Port/Range
First Port: 137
Last Port: 139
Local App.: Any
Remote Address Type: Trusted Address
Group
Port type: Any
Action PERMIT
= = = = = = = = = = = = = = = =
RULE 3b:
Description: Trusted Outbound NetBIOS
TCP UDP
Protocol: TCP and UDP
Direction: Outgoing
Local Port: Any
Local App.: Any
Remote Address Type: Trusted Address
Group
Port type: Port/Range
First Port: 137
Last Port: 139
Action PERMIT
= = = = = = = = = = = = = = = =
And you should enter your local IP addresses in the Trusted Address Group list.
= = = = = = = = = = = = = = = =
Rules source: Unofficial Tiny Personal
Firewall FAQ (v2.0.15)