Kerio's Primary DNS Server Rule

P

PCR

In order to end 17 years of intense study after just 4 or so, I hope for
a quick answer to the following question. Here is my Kerio "Primary DNS
Server" rule, got from some expert & currently modified only in that I
now include the entire NetZero/Juno address range (where earlier I tried
to determine just the ones NetZero seemed to want to use)...

Primary DNS Server rule

Protocol: UDP, both directions
Local Endpoint-- Ports: 1024-5000
-- Application: Any
Remote Endpoint-- Address: Entire NetZero/Juno range
-- Port: 53

ANY app can use it, as currently written. Here are the ones I've
caught...

(a) EXEC.EXE NetZero Internet
(b) IEXPLORE.EXE
(c) no owner << eeek?
(d) AVAST.SETUP
(e) ASHMAISV.EXE avast! e-Mail Scanner Service
(f) PFWADMIN.EXE Kerio Personal Firewall Console

Here's the "no owner". There is only this one, but I haven't been
tracking this rule long...

2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.44.74:53->localhost:1055, Owner: no owner

Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no program
actually named AVAST.SETUP, & no .exe at all in the folder mentioned...

2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
SOFTWARE\AVAST4\SETUP\AVAST.SETUP

Questions...

(1) Is it legit for IE to be using it?

(2) Should I block PFWADMIN.EXE?
[NOTE: In another rule (probably by yosponge)
PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]

(3) I guess I must get rid of that "no owner",
but could it just be some kind of Kerio glitch?

(4) Am I leaving myself prone to mayhem by letting
ANY app use this rule-- as the "expert" coded it?
But, why hasn't it happened yet-- or has it????

(4) Why is it restricted to using ports 1024-5000 & 53?


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
G

gram pappy

Reply, (sorry not a quick answer) in-line below:

"PCR" <pcrrcp@netzero.net> wrote in message
news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
In order to end 17 years of intense study after just 4 or so, I hope for
a quick answer to the following question. Here is my Kerio "Primary DNS
Server" rule, got from some expert & currently modified only in that I
now include the entire NetZero/Juno address range (where earlier I tried
to determine just the ones NetZero seemed to want to use)...

Primary DNS Server rule

Protocol: UDP, both directions
Local Endpoint-- Ports: 1024-5000
-- Application: Any
Remote Endpoint-- Address: Entire NetZero/Juno range
-- Port: 53

ANY app can use it, as currently written. Here are the ones I've
caught...

(a) EXEC.EXE NetZero Internet
(b) IEXPLORE.EXE
(c) no owner << eeek?
(d) AVAST.SETUP
(e) ASHMAISV.EXE avast! e-Mail Scanner Service
(f) PFWADMIN.EXE Kerio Personal Firewall Console

Here's the "no owner". There is only this one, but I haven't been
tracking this rule long...

2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.44.74:53->localhost:1055, Owner: no owner

Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no program
actually named AVAST.SETUP, & no .exe at all in the folder mentioned...

2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
SOFTWARE\AVAST4\SETUP\AVAST.SETUP

Questions...

(1) Is it legit for IE to be using it?
Yes, as long as Remote IP is in NetZero IP Range.

(2) Should I block PFWADMIN.EXE?
[NOTE: In another rule (probably by yosponge)
PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]
Yes, I use a combination of Spunge, Shaolin and BlitzenZeus
rulesets. They block both Persfw and Pfwadmin.

(3) I guess I must get rid of that "no owner",
but could it just be some kind of Kerio glitch?
Don't see problem as long as Remote IP is in NetZero IP Range.

(4) Am I leaving myself prone to mayhem by letting
ANY app use this rule-- as the "expert" coded it?
But, why hasn't it happened yet-- or has it????
No, standard for ISP DNS servers.

(4) Why is it restricted to using ports 1024-5000 & 53?
I assume you are refering to Local ports 1024-5000, some say
to narrow down even more to 1031-4999. See Steve Gibson as
to why. https://www.grc.com/port_1024.htm
And I assume you are refering to Remote port 53, that is normal
for ISP DNS servers.
-
gram


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
I

Ian

If you're using a NAT router you can generally set the firewall to only allow
incoming DNS replies from the router's IP address. (and if you like from the
ISP's nameservers too) - packets from a source port of 53 shouldn't be
arriving from anywhere else, if they do, then they are suspicious.

HST, win9x doesn't have the DNS-client vulnerabilities that NT/XP does.
AFAIK a 9x system cannot easily be attacked by way of intentionally-malformed
DNS packets, so the need to filter DNS is questionable.
 
B

BoB

On Mon, 23 Jul 2007 00:07:16 -0500, "gram pappy"
<nospam@example.invalid> wrote:

>Reply, (sorry not a quick answer) in-line below:
>
>"PCR" <pcrrcp@netzero.net> wrote in message
>news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
>
>Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no program
>actually named AVAST.SETUP, & no .exe at all in the folder mentioned...
>
>2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
>localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
>SOFTWARE\AVAST4\SETUP\AVAST.SETUP


AVAST.SETUP appears to be established only during updates.

Under Avast Advanced tab|Application's MD5, Paths and MD5
check will show 'bad path' and 'app does not exist'.
This is normal.

BoB
 
P

PCR

BoB wrote:
| On Mon, 23 Jul 2007 00:07:16 -0500, "gram pappy"
| <nospam@example.invalid> wrote:
|
|>Reply, (sorry not a quick answer) in-line below:
|>
|>"PCR" <pcrrcp@netzero.net> wrote in message
|>news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
|>
|>Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no program
|>actually named AVAST.SETUP, & no .exe at all in the folder
|>mentioned...
|>
|>2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
|>localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
|>SOFTWARE\AVAST4\SETUP\AVAST.SETUP
|
|
| AVAST.SETUP appears to be established only during updates.
|
| Under Avast Advanced tab|Application's MD5, Paths and MD5
| check will show 'bad path' and 'app does not exist'.
| This is normal.

Thanks, BoB. I think you mean...
"Kerio icon, Administration, Advanced button, Application's MD5 tab"

You are right that "C:\PROGRAM FILES\ALWIL
SOFTWARE\AVAST4\SETUP\AVAST.SETUP" is also listed there. I guess it is
some kind of invisible subtask or "thread" or "handle" or something
started by another avast! program-- because there is nothing named
"AVAST.SETUP" that I can find in any folder I've got. Let me see whether
it shows up in Process Explorer... it DOESN'T show in any window as
anything-- but, I guess it is as you say. It will come/go on an as
needed basis. I guess it has to be legit.

I'm still trying to digest the other responses, & will post to them
after my 2nd walk.


| BoB

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
C

Curt Christianson

I think it's his second walk to the refrigerator! <rvvf>

--
HTH,
Curt

Windows Support Center
www.aumha.org
Practically Nerded,...
http://dundats.mvps.org/Index.htm

"PCR" <pcrrcp@netzero.net> wrote in message
news:%23eca5YXzHHA.988@TK2MSFTNGP02.phx.gbl...
| BoB wrote:
|| On Mon, 23 Jul 2007 00:07:16 -0500, "gram pappy"
|| <nospam@example.invalid> wrote:
||
||>Reply, (sorry not a quick answer) in-line below:
||>
||>"PCR" <pcrrcp@netzero.net> wrote in message
||>news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
||>
||>Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no program
||>actually named AVAST.SETUP, & no .exe at all in the folder
||>mentioned...
||>
||>2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
||>localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
||>SOFTWARE\AVAST4\SETUP\AVAST.SETUP
||
||
|| AVAST.SETUP appears to be established only during updates.
||
|| Under Avast Advanced tab|Application's MD5, Paths and MD5
|| check will show 'bad path' and 'app does not exist'.
|| This is normal.
|
| Thanks, BoB. I think you mean...
| "Kerio icon, Administration, Advanced button, Application's MD5 tab"
|
| You are right that "C:\PROGRAM FILES\ALWIL
| SOFTWARE\AVAST4\SETUP\AVAST.SETUP" is also listed there. I guess it is
| some kind of invisible subtask or "thread" or "handle" or something
| started by another avast! program-- because there is nothing named
| "AVAST.SETUP" that I can find in any folder I've got. Let me see whether
| it shows up in Process Explorer... it DOESN'T show in any window as
| anything-- but, I guess it is as you say. It will come/go on an as
| needed basis. I guess it has to be legit.
|
| I'm still trying to digest the other responses, & will post to them
| after my 2nd walk.
|
|
|| BoB
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| Should things get worse after this,
| PCR
| pcrrcp@netzero.net
|
|
 
P

PCR

Curt Christianson wrote:
| I think it's his second walk to the refrigerator! <rvvf>

There's nothing in my own refrigerator, Christianson-- I swear to the
Pope! It's not even plugged in anymore! I have to walk at least once a
day, or I will not eat.

| --
| HTH,
| Curt
|
| Windows Support Center
| www.aumha.org
| Practically Nerded,...
| http://dundats.mvps.org/Index.htm
|
| "PCR" <pcrrcp@netzero.net> wrote in message
| news:%23eca5YXzHHA.988@TK2MSFTNGP02.phx.gbl...
|| BoB wrote:
||| On Mon, 23 Jul 2007 00:07:16 -0500, "gram pappy"
||| <nospam@example.invalid> wrote:
|||
|||>Reply, (sorry not a quick answer) in-line below:
|||>
|||>"PCR" <pcrrcp@netzero.net> wrote in message
|||>news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
|||>
|||>Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no
|||>program actually named AVAST.SETUP, & no .exe at all in the folder
|||>mentioned...
|||>
|||>2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
|||>localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
|||>SOFTWARE\AVAST4\SETUP\AVAST.SETUP
|||
|||
||| AVAST.SETUP appears to be established only during updates.
|||
||| Under Avast Advanced tab|Application's MD5, Paths and MD5
||| check will show 'bad path' and 'app does not exist'.
||| This is normal.
||
|| Thanks, BoB. I think you mean...
|| "Kerio icon, Administration, Advanced button, Application's MD5 tab"
||
|| You are right that "C:\PROGRAM FILES\ALWIL
|| SOFTWARE\AVAST4\SETUP\AVAST.SETUP" is also listed there. I guess it
|| is some kind of invisible subtask or "thread" or "handle" or
|| something started by another avast! program-- because there is
|| nothing named "AVAST.SETUP" that I can find in any folder I've got.
|| Let me see whether it shows up in Process Explorer... it DOESN'T
|| show in any window as anything-- but, I guess it is as you say. It
|| will come/go on an as needed basis. I guess it has to be legit.
||
|| I'm still trying to digest the other responses, & will post to them
|| after my 2nd walk.
||
||
||| BoB
||
|| --
|| Thanks or Good Luck,
|| There may be humor in this post, and,
|| Naturally, you will not sue,
|| Should things get worse after this,
|| PCR
|| pcrrcp@netzero.net

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
P

PCR

gram pappy wrote:
| Reply, (sorry not a quick answer) in-line below:

It's quicker than I've been these past four years, gram pappy, thanks.
Also, my own beloved grandfather, himself, could shovel snow quicker
than me some 22 years ago in his 90's! More below...

| "PCR" <pcrrcp@netzero.net> wrote in message
| news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
| In order to end 17 years of intense study after just 4 or so, I hope
| for a quick answer to the following question. Here is my Kerio
| "Primary DNS Server" rule, got from some expert & currently modified
| only in that I now include the entire NetZero/Juno address range
| (where earlier I tried to determine just the ones NetZero seemed to
| want to use)...
|
| Primary DNS Server rule
|
| Protocol: UDP, both directions
| Local Endpoint-- Ports: 1024-5000
| -- Application: Any
| Remote Endpoint-- Address: Entire NetZero/Juno range
| -- Port: 53
|
| ANY app can use it, as currently written. Here are the ones I've
| caught...
|
| (a) EXEC.EXE NetZero Internet
| (b) IEXPLORE.EXE
| (c) no owner << eeek?
| (d) AVAST.SETUP
| (e) ASHMAISV.EXE avast! e-Mail Scanner Service
| (f) PFWADMIN.EXE Kerio Personal Firewall Console
|
| Here's the "no owner". There is only this one, but I haven't been
| tracking this rule long...
|
| 2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted: In UDP,
| 64.136.44.74:53->localhost:1055, Owner: no owner
|
| Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no program
| actually named AVAST.SETUP, & no .exe at all in the folder
| mentioned...
|
| 2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
| localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
| SOFTWARE\AVAST4\SETUP\AVAST.SETUP
|
| Questions...
|
| (1) Is it legit for IE to be using it?

Gram pappy: Yes, as long as Remote IP is in NetZero IP Range.

Me: What makes that safe? Can some app grab control of IE & do bad
things with this?

| (2) Should I block PFWADMIN.EXE?
| [NOTE: In another rule (probably by yosponge)
| PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]

Gram pappy: Yes, I use a combination of Spunge, Shaolin and
BlitzenZeus rulesets. They block both Persfw
and Pfwadmin.

Me: I'm a mishmosh, myself, possibly of the same experts.
But finally I want to know what it's about!

| (3) I guess I must get rid of that "no owner",
| but could it just be some kind of Kerio glitch?


Gram pappy: Don't see problem as long as Remote IP
is in NetZero IP Range.

Me: Why? NOW, probably due to better tracking, I've got SIX
more of those so far today. They always are INCOMING...

2,[24/Jul/2007 15:09:06] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.44.74:53->localhost:1589, Owner: no owner

2,[24/Jul/2007 15:09:20] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.44.74:53->localhost:1641, Owner: no owner

2,[24/Jul/2007 15:09:22] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.28.121:53->localhost:1641, Owner: no owner

2,[24/Jul/2007 15:09:58] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.44.74:53->localhost:1702, Owner: no owner

2,[24/Jul/2007 15:10:54] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.44.74:53->localhost:1880, Owner: no owner

2,[24/Jul/2007 15:10:58] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.44.74:53->localhost:1884, Owner: no owner

| (4) Am I leaving myself prone to mayhem by letting
| ANY app use this rule-- as the "expert" coded it?
| But, why hasn't it happened yet-- or has it????

Gram pappy: No, standard for ISP DNS servers.

Me: What prevents an ill result when any app can do it?

|
| (4) Why is it restricted to using ports 1024-5000 & 53?

Gram pappy: I assume you are refering to Local ports 1024-5000,
some say to narrow down even more to 1031-4999.
See Steve Gibson as to why.
https://www.grc.com/port_1024.htm
And I assume you are refering to Remote port 53,
that is normal for ISP DNS servers.

Me: OK, I'm clicking that now. You are right in your assumptions.
Are you implying-- so long as it goes to & comes from Port 53,
NetZero will assure no foul play is involved?

| -
| gram
|
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| Should things get worse after this,
| PCR
| pcrrcp@netzero.net

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
P

PCR

Ian wrote:
| If you're using a NAT router you can generally set the firewall to
| only allow incoming DNS replies from the router's IP address.

Thanks, Ian. That may apply to someone else, but not to me.

| (and if
| you like from the ISP's nameservers too) - packets from a source port
| of 53 shouldn't be arriving from anywhere else, if they do, then they
| are suspicious.

Let's see... looks like, yea... some expert's rule I've copied called
"DNS Alert (Log, Alert)" DOES block UDP/TCP both directions, any local
port, any application, any address, port 53. It is the next rule AFTER
the Primary DNS Server rule, meaning it won't hinder that one. SO... I'm
good with that!

It USED to happen a lot, like...

1,[17/Jul/2007 22:29:10] Rule 'DNS Alert (Log, Alert)': Blocked: In UDP,
64.136.44.74:53->localhost:1030, Owner: C:\PROGRAM
FILES\NETZERO\EXEC.EXE

HOWEVER, I haven't seen it since allowing the Primary DNS Server to have
all Netzero/Juno addresses. I guess I was right to do that.

Hmph! I've just inexplicably been bumped off the NET! Usually, NetZero
puts up a warning timer requestor for me to click, but I didn't get one
just now. (I did earlier, but clicked it in time!) Here is the last item
in my Kerio .log...

2,[24/Jul/2007 16:55:00] Rule 'ZCast': Permitted: Out TCP,
localhost:2048->64.136.44.66:6789, Owner: C:\PROGRAM
FILES\NETZERO\EXEC.EXE

Can that be what bumped me off?

| HST, win9x doesn't have the DNS-client vulnerabilities that NT/XP
| does. AFAIK a 9x system cannot easily be attacked by way of
| intentionally-malformed DNS packets, so the need to filter DNS is
| questionable.

Does a packet have to be malformed to do ill? Why can't a well-formed
one do it?
 
P

PCR

Updating...

PCR wrote:
| gram pappy wrote:
|| Reply, (sorry not a quick answer) in-line below:
|
| It's quicker than I've been these past four years, gram pappy, thanks.
| Also, my own beloved grandfather, himself, could shovel snow quicker
| than me some 22 years ago in his 90's! More below...
|
|| "PCR" <pcrrcp@netzero.net> wrote in message
|| news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
|| In order to end 17 years of intense study after just 4 or so, I hope
|| for a quick answer to the following question. Here is my Kerio
|| "Primary DNS Server" rule, got from some expert & currently modified
|| only in that I now include the entire NetZero/Juno address range
|| (where earlier I tried to determine just the ones NetZero seemed to
|| want to use)...
||
|| Primary DNS Server rule
||
|| Protocol: UDP, both directions
|| Local Endpoint-- Ports: 1024-5000
|| -- Application: Any
|| Remote Endpoint-- Address: Entire NetZero/Juno range
|| -- Port: 53
||
|| ANY app can use it, as currently written. Here are the ones I've
|| caught...
||
|| (a) EXEC.EXE NetZero Internet
|| (b) IEXPLORE.EXE
|| (c) no owner << eeek?
|| (d) AVAST.SETUP
|| (e) ASHMAISV.EXE avast! e-Mail Scanner Service
|| (f) PFWADMIN.EXE Kerio Personal Firewall Console
||
|| Here's the "no owner". There is only this one, but I haven't been
|| tracking this rule long...
||
|| 2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted: In
|| UDP,
|| 64.136.44.74:53->localhost:1055, Owner: no owner
||
|| Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no program
|| actually named AVAST.SETUP, & no .exe at all in the folder
|| mentioned...
||
|| 2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
|| localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
|| SOFTWARE\AVAST4\SETUP\AVAST.SETUP
||
|| Questions...
||
|| (1) Is it legit for IE to be using it?
|
| Gram pappy: Yes, as long as Remote IP is in NetZero IP Range.
|
| Me: What makes that safe? Can some app grab control of IE & do bad
| things with this?
|
|| (2) Should I block PFWADMIN.EXE?
|| [NOTE: In another rule (probably by yosponge)
|| PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]
|
| Gram pappy: Yes, I use a combination of Spunge, Shaolin and
| BlitzenZeus rulesets. They block both Persfw
| and Pfwadmin.
|
| Me: I'm a mishmosh, myself, possibly of the same experts.
| But finally I want to know what it's about!

Update: I've blocked PFWADMIN.EXE now too
so far, nothing untoward has happened.

|| (3) I guess I must get rid of that "no owner",
|| but could it just be some kind of Kerio glitch?
|
|
| Gram pappy: Don't see problem as long as Remote IP
| is in NetZero IP Range.
|
| Me: Why? NOW, probably due to better tracking, I've got SIX
| more of those so far today. They always are INCOMING...
|
| 2,[24/Jul/2007 15:09:06] Rule 'Primary DNS Server': Permitted: In UDP,
| 64.136.44.74:53->localhost:1589, Owner: no owner
|
| 2,[24/Jul/2007 15:09:20] Rule 'Primary DNS Server': Permitted: In UDP,
| 64.136.44.74:53->localhost:1641, Owner: no owner
|
| 2,[24/Jul/2007 15:09:22] Rule 'Primary DNS Server': Permitted: In UDP,
| 64.136.28.121:53->localhost:1641, Owner: no owner
|
| 2,[24/Jul/2007 15:09:58] Rule 'Primary DNS Server': Permitted: In UDP,
| 64.136.44.74:53->localhost:1702, Owner: no owner
|
| 2,[24/Jul/2007 15:10:54] Rule 'Primary DNS Server': Permitted: In UDP,
| 64.136.44.74:53->localhost:1880, Owner: no owner
|
| 2,[24/Jul/2007 15:10:58] Rule 'Primary DNS Server': Permitted: In UDP,
| 64.136.44.74:53->localhost:1884, Owner: no owner
|
|| (4) Am I leaving myself prone to mayhem by letting
|| ANY app use this rule-- as the "expert" coded it?
|| But, why hasn't it happened yet-- or has it????
|
| Gram pappy: No, standard for ISP DNS servers.
|
| Me: What prevents an ill result when any app can do it?
|
||
|| (4) Why is it restricted to using ports 1024-5000 & 53?
|
| Gram pappy: I assume you are refering to Local ports 1024-5000,
| some say to narrow down even more to 1031-4999.
| See Steve Gibson as to why.
| https://www.grc.com/port_1024.htm
| And I assume you are refering to Remote port 53,
| that is normal for ISP DNS servers.
|
| Me: OK, I'm clicking that now. You are right in your assumptions.
| Are you implying-- so long as it goes to & comes from Port 53,
| NetZero will assure no foul play is involved?

Update: Clicking that URL produces a requestor saying
"Revocation
information for the security certificate for this
site is not
available". I click NOT to proceed, but the site
has already
loaded, anyhow. But it's going to take several
readings
before I can even formulate a question. One
thing: Port
5000 isn't mentioned there-- only 1024-1030 &
maybe
1433 and 1434.

|| -
|| gram
||
||
|| --
|| Thanks or Good Luck,
|| There may be humor in this post, and,
|| Naturally, you will not sue,
|| Should things get worse after this,
|| PCR
|| pcrrcp@netzero.net
 
C

Curt Christianson

You know PCR...somehow I believe you!

Take care.

--
HTH,
Curt

Windows Support Center
www.aumha.org
Practically Nerded,...
http://dundats.mvps.org/Index.htm

"PCR" <pcrrcp@netzero.net> wrote in message
news:uIlL6QizHHA.4816@TK2MSFTNGP04.phx.gbl...
| Curt Christianson wrote:
|| I think it's his second walk to the refrigerator! <rvvf>
|
| There's nothing in my own refrigerator, Christianson-- I swear to the
| Pope! It's not even plugged in anymore! I have to walk at least once a
| day, or I will not eat.
|
|| --
<snipped>
 
P

PCR

Curt Christianson wrote:
| You know PCR...somehow I believe you!

It's actually true. It began during my second big diet some 7 years ago.

| Take care.

You too.

| --
| HTH,
| Curt
|
| Windows Support Center
| www.aumha.org
| Practically Nerded,...
| http://dundats.mvps.org/Index.htm
|
| "PCR" <pcrrcp@netzero.net> wrote in message
| news:uIlL6QizHHA.4816@TK2MSFTNGP04.phx.gbl...
|| Curt Christianson wrote:
||| I think it's his second walk to the refrigerator! <rvvf>
||
|| There's nothing in my own refrigerator, Christianson-- I swear to the
|| Pope! It's not even plugged in anymore! I have to walk at least once
|| a day, or I will not eat.
||
||| --
| <snipped>

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
G

gram pappy

in-line below:

>PCR <pcrrcp@netzero.net> wrote:
> Updating...
>
>> PCR wrote:
>>> gram pappy wrote:
>>> Reply, (sorry not a quick answer) in-line below:
>>>
>> It's quicker than I've been these past four years, gram pappy,
>> thanks. Also, my own beloved grandfather, himself, could shovel snow
>> quicker than me some 22 years ago in his 90's! More below...
>>
>>>> "PCR" <pcrrcp@netzero.net> wrote in message
>>>> news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
>>>> In order to end 17 years of intense study after just 4 or so, I
>>>> hope
>>>> for a quick answer to the following question. Here is my Kerio
>>>> "Primary DNS Server" rule, got from some expert & currently
>>>> modified
>>>> only in that I now include the entire NetZero/Juno address range
>>>> (where earlier I tried to determine just the ones NetZero seemed to
>>>> want to use)...
>>>>
>>>> Protocol: UDP, both directions
>>>>
>>>> Local Endpoint-- Ports: 1024-5000
>>>> -- Application: Any
>>>> Remote Endpoint-- Address: Entire NetZero/Juno range
>>>> -- Port: 53
>>>> ANY app can use it, as currently written. Here are the ones I've
>>>> caught...
>>>>
>>>> (a) EXEC.EXE NetZero Internet
>>>> (b) IEXPLORE.EXE
>>>> (c) no owner << eeek?
>>>> (d) AVAST.SETUP
>>>> (e) ASHMAISV.EXE avast! e-Mail Scanner Service
>>>> (f) PFWADMIN.EXE Kerio Personal Firewall Console
>>>>
>>>> Here's the "no owner". There is only this one, but I haven't been
>>>> tracking this rule long...
>>>>
>>>> 2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted: In
>>>> UDP,
>>>> 64.136.44.74:53->localhost:1055, Owner: no owner
>>>>
>>>> Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no
>>>> program actually named AVAST.SETUP, & no .exe at all in the folder
>>>> mentioned...
>>>>
>>>> 2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
>>>> localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
>>>> SOFTWARE\AVAST4\SETUP\AVAST.SETUP
>>>>
>>>> Questions...
>>>>
>>>> (1) Is it legit for IE to be using it?
>>>>
>>> Gram pappy: Yes, as long as Remote IP is in NetZero IP Range.
>>>
>> Me: What makes that safe? Can some app grab control of IE & do bad
>> things with this?
>>
I don't know, but the experts say you must allow this DNS rule to access
the internet.

>>>> (2) Should I block PFWADMIN.EXE?
>>>> [NOTE: In another rule (probably by yosponge)
>>>> PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]
>>>>
>>> Gram pappy: Yes, I use a combination of Spunge, Shaolin and
>>> BlitzenZeus rulesets. They block both Persfw
>>> and Pfwadmin.
>>
>> Me: I'm a mishmosh, myself, possibly of the same experts.
>> But finally I want to know what it's about!
>>
> Update: I've blocked PFWADMIN.EXE now too
> so far, nothing untoward has happened.
>
Looking back at my yosponge data, on his web page he says it is
usually safe to allow PERSFW.EXE, but in his ruleset he has it
blocked?...!!! I have blocked both for years...

>>>> (3) I guess I must get rid of that "no owner",
>>>> but could it just be some kind of Kerio glitch?
>>>>
>>> Gram pappy: Don't see problem as long as Remote IP
>>> is in NetZero IP Range.
>>>
>> Me: Why? NOW, probably due to better tracking, I've got SIX
>> more of those so far today. They always are INCOMING...
>>
>> 2,[24/Jul/2007 15:09:06] Rule 'Primary DNS Server': Permitted: In
>> UDP,
>> 64.136.44.74:53->localhost:1589, Owner: no owner
>>
>> 2,[24/Jul/2007 15:09:20] Rule 'Primary DNS Server': Permitted: In
>> UDP,
>> 64.136.44.74:53->localhost:1641, Owner: no owner
>>
>> 2,[24/Jul/2007 15:09:22] Rule 'Primary DNS Server': Permitted: In
>> UDP,
>> 64.136.28.121:53->localhost:1641, Owner: no owner
>>
>> 2,[24/Jul/2007 15:09:58] Rule 'Primary DNS Server': Permitted: In
>> UDP,
>> 64.136.44.74:53->localhost:1702, Owner: no owner
>>
>> 2,[24/Jul/2007 15:10:54] Rule 'Primary DNS Server': Permitted: In
>> UDP,
>> 64.136.44.74:53->localhost:1880, Owner: no owner
>>
>> 2,[24/Jul/2007 15:10:58] Rule 'Primary DNS Server': Permitted: In
>> UDP,
>> 64.136.44.74:53->localhost:1884, Owner: no owner
>>
If I set a last rule to block all other incomming TCP, I will get these.
I
have read to not have such a rule... Other causes are shown here:
http://www.mynetwatchman.com/kb/res-falsepos.htm

>>>> (4) Am I leaving myself prone to mayhem by letting
>>>> ANY app use this rule-- as the "expert" coded it?
>>>> But, why hasn't it happened yet-- or has it????
>>>>
>>> Gram pappy: No, standard for ISP DNS servers.
>>>
>> Me: What prevents an ill result when any app can do it?
>>>
I don't think so, but if you want to tighten this down you can set up a
seperate rule for NetZero's primary and secondary DNS servers. Last
I looked they have three(64.036.16.21, 64.136.20.21, 64.136.28.21).

>>>> (4) Why is it restricted to using ports 1024-5000 & 53?
>>>>
>>> Gram pappy: I assume you are refering to Local ports 1024-5000,
>>> some say to narrow down even more to
>>> 1031-4999.
>>> See Steve Gibson as to why.
>>> https://www.grc.com/port_1024.htm
>>> And I assume you are refering to Remote port
>>> 53,
>>> that is normal for ISP DNS servers.
>>>
>> Me: OK, I'm clicking that now. You are right in your assumptions.
>> Are you implying-- so long as it goes to & comes from Port
>> 53, NetZero will assure no foul play is involved?
>>
> Update: Clicking that URL produces a requestor saying
> "Revocation information for the security certificate for this site is
> not
> available". I click NOT to proceed, but the site has already loaded,
> anyhow. But it's going to take several readings before I can even
> formulate a question. One thing: Port 5000 isn't mentioned there--
> only
> 1024-1030 & maybe 1433 and 1434.
>
At the top of that grc page is a search box left of "Jump" type in 5000
then click Jump and it will go right to it. Can use the jump box to look
up
any port info...

Other ref info:
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html#persfire
Down a ways on this page is a good section on Personal firewalls.
In that section is a broken link to master firewall guru Robert
Graham...
Remember? I sent you this l-o-n-g web page link about last year.
(no bonking on head ) Good head smoking stuff in there... The good
link:
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html

Another good l-o-n-g firewall web page:
http://www.dslreports.com/faq/security/2.5.1._Kerio_and_pre-v3.0_Tiny_PFW

OK, a short firewall port web page:
http://www.ja.net/cert/bcp/lanports.html

good night, err, good morning...
>>> -
>>> gram
>>>
>>>> --
>>>> Thanks or Good Luck,
>>>> There may be humor in this post, and,
>>>> Naturally, you will not sue,
>>>> Should things get worse after this,
>>>> PCR
>>>> pcrrcp@netzero.net
 
P

PCR

gram pappy wrote:
| in-line below:
|
|>PCR <pcrrcp@netzero.net> wrote:
|> Updating...
|>
|>> PCR wrote:
|>>> gram pappy wrote:
|>>> Reply, (sorry not a quick answer) in-line below:
|>>>
|>> It's quicker than I've been these past four years, gram pappy,
|>> thanks. Also, my own beloved grandfather, himself, could shovel snow
|>> quicker than me some 22 years ago in his 90's! More below...
|>>
|>>>> "PCR" <pcrrcp@netzero.net> wrote in message
|>>>> news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
|>>>> In order to end 17 years of intense study after just 4 or so, I
|>>>> hope
|>>>> for a quick answer to the following question. Here is my Kerio
|>>>> "Primary DNS Server" rule, got from some expert & currently
|>>>> modified
|>>>> only in that I now include the entire NetZero/Juno address range
|>>>> (where earlier I tried to determine just the ones NetZero seemed
|>>>> to want to use)...
|>>>>
|>>>> Protocol: UDP, both directions
|>>>>
|>>>> Local Endpoint-- Ports: 1024-5000
|>>>> -- Application: Any
|>>>> Remote Endpoint-- Address: Entire NetZero/Juno range
|>>>> -- Port: 53
|>>>> ANY app can use it, as currently written. Here are the ones I've
|>>>> caught...
|>>>>
|>>>> (a) EXEC.EXE NetZero Internet
|>>>> (b) IEXPLORE.EXE
|>>>> (c) no owner << eeek?
|>>>> (d) AVAST.SETUP
|>>>> (e) ASHMAISV.EXE avast! e-Mail Scanner Service
|>>>> (f) PFWADMIN.EXE Kerio Personal Firewall Console
|>>>>
|>>>> Here's the "no owner". There is only this one, but I haven't been
|>>>> tracking this rule long...
|>>>>
|>>>> 2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted: In
|>>>> UDP,
|>>>> 64.136.44.74:53->localhost:1055, Owner: no owner
|>>>>
|>>>> Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no
|>>>> program actually named AVAST.SETUP, & no .exe at all in the folder
|>>>> mentioned...
|>>>>
|>>>> 2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
|>>>> localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
|>>>> SOFTWARE\AVAST4\SETUP\AVAST.SETUP
|>>>>
|>>>> Questions...
|>>>>
|>>>> (1) Is it legit for IE to be using it?
|>>>>
|>>> Gram pappy: Yes, as long as Remote IP is in NetZero IP Range.
|>>>
|>> Me: What makes that safe? Can some app grab control of IE & do bad
|>> things with this?
|>>
| I don't know, but the experts say you must allow this DNS rule to
| access the internet.

More study is warranted, I'm sure. HOWEVER, a new rule that blocks IE
from all NetZero addresses-- UDP/TCP, both directions, all ports...
showed all continues to work-- even uploads & downloads, even at FTP
sites. I took a download from...
ftp://ftp.microsoft.com/

And at...
http://www.speakeasy.net/speedtest

.... uplaods & downloads were happening at approximately the same speeds
with the new rule switched on or off!

|>>>> (2) Should I block PFWADMIN.EXE?
|>>>> [NOTE: In another rule (probably by yosponge)
|>>>> PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]
|>>>>
|>>> Gram pappy: Yes, I use a combination of Spunge, Shaolin and
|>>> BlitzenZeus rulesets. They block both Persfw
|>>> and Pfwadmin.
|>>
|>> Me: I'm a mishmosh, myself, possibly of the same experts.
|>> But finally I want to know what it's about!
|>>
|> Update: I've blocked PFWADMIN.EXE now too
|> so far, nothing untoward has happened.
|>
| Looking back at my yosponge data, on his web page he says it is
| usually safe to allow PERSFW.EXE, but in his ruleset he has it
| blocked?...!!! I have blocked both for years...

I'm blocking both too now-- but I remain vigilant for the first sign of
a catastrophe & will continue to remain so for six years!

|>>>> (3) I guess I must get rid of that "no owner",
|>>>> but could it just be some kind of Kerio glitch?
|>>>>
|>>> Gram pappy: Don't see problem as long as Remote IP
|>>> is in NetZero IP Range.
|>>>
|>> Me: Why? NOW, probably due to better tracking, I've got SIX
|>> more of those so far today. They always are INCOMING...
|>>
|>> 2,[24/Jul/2007 15:09:06] Rule 'Primary DNS Server': Permitted: In
|>> UDP,
|>> 64.136.44.74:53->localhost:1589, Owner: no owner
|>>
|>> 2,[24/Jul/2007 15:09:20] Rule 'Primary DNS Server': Permitted: In
|>> UDP,
|>> 64.136.44.74:53->localhost:1641, Owner: no owner
|>>
|>> 2,[24/Jul/2007 15:09:22] Rule 'Primary DNS Server': Permitted: In
|>> UDP,
|>> 64.136.28.121:53->localhost:1641, Owner: no owner
|>>
|>> 2,[24/Jul/2007 15:09:58] Rule 'Primary DNS Server': Permitted: In
|>> UDP,
|>> 64.136.44.74:53->localhost:1702, Owner: no owner
|>>
|>> 2,[24/Jul/2007 15:10:54] Rule 'Primary DNS Server': Permitted: In
|>> UDP,
|>> 64.136.44.74:53->localhost:1880, Owner: no owner
|>>
|>> 2,[24/Jul/2007 15:10:58] Rule 'Primary DNS Server': Permitted: In
|>> UDP,
|>> 64.136.44.74:53->localhost:1884, Owner: no owner
|>>
| If I set a last rule to block all other incomming TCP, I will get
| these. I
| have read to not have such a rule... Other causes are shown here:
| http://www.mynetwatchman.com/kb/res-falsepos.htm

I've read through that thrice-- but more readings will be necessary! I'm
thinking, the way to kill the no owner's is to code 4 DNS Server rules--
one for each app I want to allow...

(a) EXEC.EXE NetZero Internet
(b) AVAST.SETUP
(c) ASHMAISV.EXE avast! e-Mail Scanner Service
(d) ASHWEBSV.EXE avast! Web Scanner

I'm going to try that soon! No other app will be allowed to use the
NetZero addresses to send/receive DNS after that!

|>>>> (4) Am I leaving myself prone to mayhem by letting
|>>>> ANY app use this rule-- as the "expert" coded it?
|>>>> But, why hasn't it happened yet-- or has it????
|>>>>
|>>> Gram pappy: No, standard for ISP DNS servers.
|>>>
|>> Me: What prevents an ill result when any app can do it?
|>>>
| I don't think so, but if you want to tighten this down you can set up
| a seperate rule for NetZero's primary and secondary DNS servers. Last
| I looked they have three(64.036.16.21, 64.136.20.21, 64.136.28.21).

Well, I used to have just four addresses in my Primary DNS Server rule,
but recently I've included the entire NetZero/Juno range into it.
Therefore, I divine this one rule acts BOTH as a primary & a secondary--
& then some!

|>>>> (4) Why is it restricted to using ports 1024-5000 & 53?
|>>>>
|>>> Gram pappy: I assume you are refering to Local ports 1024-5000,
|>>> some say to narrow down even more to
|>>> 1031-4999.
|>>> See Steve Gibson as to why.
|>>> https://www.grc.com/port_1024.htm
|>>> And I assume you are refering to Remote port
|>>> 53,
|>>> that is normal for ISP DNS servers.
|>>>
|>> Me: OK, I'm clicking that now. You are right in your assumptions.
|>> Are you implying-- so long as it goes to & comes from Port
|>> 53, NetZero will assure no foul play is involved?
|>>
|> Update: Clicking that URL produces a requestor saying
|> "Revocation information for the security certificate for this site is
|> not
|> available". I click NOT to proceed, but the site has already loaded,
|> anyhow. But it's going to take several readings before I can even
|> formulate a question. One thing: Port 5000 isn't mentioned there--
|> only
|> 1024-1030 & maybe 1433 and 1434.
|>
| At the top of that grc page is a search box left of "Jump" type in
| 5000 then click Jump and it will go right to it. Can use the jump box
| to look up
| any port info...

OK, thanks. These are referring to "local endpoint" ports, which are
ports here in my machine. Here, currently, is the last 'Primary DNS
Server' to happen...

2,[27/Jul/2007 17:40:38] Rule 'Primary DNS Server': Permitted: In UDP,
64.136.28.120:53->localhost:1321, Owner: C:\PROGRAM FILES\ALWIL
SOFTWARE\AVAST4\ASHMAISV.EXE

That was 5 minutes ago-- but I have no port 1321 open for any of the 3
ASHMAISV.EXE showing in Kerio. Looks like these ports are created &
closed on an as needed basis. Is it ASHMAISV.EXE that will create a port
5000, if it needs to? That should be OK, if it is avast! doing it, I
think, especially as the rule only permits avast! remote addresses.
Therefore...

Wouldn't I be OK to restrict DNS by application, instead of worrying
over ports?

| Other ref info:
|
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html#persfire
| Down a ways on this page is a good section on Personal firewalls.
| In that section is a broken link to master firewall guru Robert
| Graham...
| Remember? I sent you this l-o-n-g web page link about last year.
| (no bonking on head ) Good head smoking stuff in there... The good
| link:
|
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
|
| Another good l-o-n-g firewall web page:
|
http://www.dslreports.com/faq/security/2.5.1._Kerio_and_pre-v3.0_Tiny_PFW
|
| OK, a short firewall port web page:
| http://www.ja.net/cert/bcp/lanports.html

Uhuh, thanks. Those are the ones I've been reading these part 4 years,
yea. BUT they always require at least one more additional reading! OK,
yea, thanks, gram pappy.

| good night, err, good morning...

Good evening. And thanks again.

|>>> -
|>>> gram
|>>>
|>>>> --
|>>>> Thanks or Good Luck,
|>>>> There may be humor in this post, and,
|>>>> Naturally, you will not sue,
|>>>> Should things get worse after this,
|>>>> PCR
|>>>> pcrrcp@netzero.net

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
G

gram pappy

PCR <pcrrcp@netzero.net> wrote:
> gram pappy wrote:
>| in-line below:
>|
>|>PCR <pcrrcp@netzero.net> wrote:
>|> Updating...
>|>
>|>> PCR wrote:
>|>>> gram pappy wrote:
>|>>> Reply, (sorry not a quick answer) in-line below:
>|>>>
>|>> It's quicker than I've been these past four years, gram pappy,
>|>> thanks. Also, my own beloved grandfather, himself, could shovel
>|>> snow quicker than me some 22 years ago in his 90's! More below...
>|>>
>|>>>> "PCR" <pcrrcp@netzero.net> wrote in message
>|>>>> news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
>|>>>> In order to end 17 years of intense study after just 4 or so, I
>|>>>> hope
>|>>>> for a quick answer to the following question. Here is my Kerio
>|>>>> "Primary DNS Server" rule, got from some expert & currently
>|>>>> modified
>|>>>> only in that I now include the entire NetZero/Juno address range
>|>>>> (where earlier I tried to determine just the ones NetZero seemed
>|>>>> to want to use)...
>|>>>>
>|>>>> Protocol: UDP, both directions
>|>>>>
>|>>>> Local Endpoint-- Ports: 1024-5000
>|>>>> -- Application: Any
>|>>>> Remote Endpoint-- Address: Entire NetZero/Juno range
>|>>>> -- Port: 53
>|>>>> ANY app can use it, as currently written. Here are the ones I've
>|>>>> caught...
>|>>>>
>|>>>> (a) EXEC.EXE NetZero Internet
>|>>>> (b) IEXPLORE.EXE
>|>>>> (c) no owner << eeek?
>|>>>> (d) AVAST.SETUP
>|>>>> (e) ASHMAISV.EXE avast! e-Mail Scanner Service
>|>>>> (f) PFWADMIN.EXE Kerio Personal Firewall Console
>|>>>>
>|>>>> Here's the "no owner". There is only this one, but I haven't been
>|>>>> tracking this rule long...
>|>>>>
>|>>>> 2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted: In
>|>>>> UDP,
>|>>>> 64.136.44.74:53->localhost:1055, Owner: no owner
>|>>>>
>|>>>> Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no
>|>>>> program actually named AVAST.SETUP, & no .exe at all in the
>|>>>> folder mentioned...
>|>>>>
>|>>>> 2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
>|>>>> localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
>|>>>> SOFTWARE\AVAST4\SETUP\AVAST.SETUP
>|>>>>
>|>>>> Questions...
>|>>>>
>|>>>> (1) Is it legit for IE to be using it?
>|>>>>
>|>>> Gram pappy: Yes, as long as Remote IP is in NetZero IP Range.
>|>>>
>|>> Me: What makes that safe? Can some app grab control of IE & do bad
>|>> things with this?
>|>>
>| I don't know, but the experts say you must allow this DNS rule to
>| access the internet.
>
> More study is warranted, I'm sure. HOWEVER, a new rule that blocks IE
> from all NetZero addresses-- UDP/TCP, both directions, all ports...
> showed all continues to work-- even uploads & downloads, even at FTP
> sites. I took a download from...
> ftp://ftp.microsoft.com/
>
> And at...
> http://www.speakeasy.net/speedtest
>
> ... uplaods & downloads were happening at approximately the same
> speeds with the new rule switched on or off!
>
Yes it is a puzzle, I just have never seen DNS server rules to block
applications.
I now only use NetZero(free) as a backup ISP, as my primary ISP is now
Xanadoo Wireless and it too allows DNS, server port 53 access for:
AVG AV update
Internet Explorer
Outlook Express
Firefox
SpywareBlaster update
Don't know why these are not using there own rules and ports I have
set...!!! more digging, more study is right.

>|>>>> (2) Should I block PFWADMIN.EXE?
>|>>>> [NOTE: In another rule (probably by yosponge)
>|>>>> PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]
>|>>>>
>|>>> Gram pappy: Yes, I use a combination of Spunge, Shaolin and
>|>>> BlitzenZeus rulesets. They block both Persfw
>|>>> and Pfwadmin.
>|>>
>|>> Me: I'm a mishmosh, myself, possibly of the same experts.
>|>> But finally I want to know what it's about!
>|>>
>|> Update: I've blocked PFWADMIN.EXE now too
>|> so far, nothing untoward has happened.
>|>
>| Looking back at my yosponge data, on his web page he says it is
>| usually safe to allow PERSFW.EXE, but in his ruleset he has it
>| blocked?...!!! I have blocked both for years...
>
> I'm blocking both too now-- but I remain vigilant for the first sign
> of a catastrophe & will continue to remain so for six years!
>
>|>>>> (3) I guess I must get rid of that "no owner",
>|>>>> but could it just be some kind of Kerio glitch?
>|>>>>
>|>>> Gram pappy: Don't see problem as long as Remote IP
>|>>> is in NetZero IP Range.
>|>>>
>|>> Me: Why? NOW, probably due to better tracking, I've got SIX
>|>> more of those so far today. They always are INCOMING...
>|>>
>|>> 2,[24/Jul/2007 15:09:06] Rule 'Primary DNS Server': Permitted: In
>|>> UDP,
>|>> 64.136.44.74:53->localhost:1589, Owner: no owner
>|>>
>|>> 2,[24/Jul/2007 15:09:20] Rule 'Primary DNS Server': Permitted: In
>|>> UDP,
>|>> 64.136.44.74:53->localhost:1641, Owner: no owner
>|>>
>|>> 2,[24/Jul/2007 15:09:22] Rule 'Primary DNS Server': Permitted: In
>|>> UDP,
>|>> 64.136.28.121:53->localhost:1641, Owner: no owner
>|>>
>|>> 2,[24/Jul/2007 15:09:58] Rule 'Primary DNS Server': Permitted: In
>|>> UDP,
>|>> 64.136.44.74:53->localhost:1702, Owner: no owner
>|>>
>|>> 2,[24/Jul/2007 15:10:54] Rule 'Primary DNS Server': Permitted: In
>|>> UDP,
>|>> 64.136.44.74:53->localhost:1880, Owner: no owner
>|>>
>|>> 2,[24/Jul/2007 15:10:58] Rule 'Primary DNS Server': Permitted: In
>|>> UDP,
>|>> 64.136.44.74:53->localhost:1884, Owner: no owner
>|>>
>| If I set a last rule to block all other incomming TCP, I will get
>these.
>| I have read to not have such a rule... Other causes are shown here:
>| http://www.mynetwatchman.com/kb/res-falsepos.htm
>
> I've read through that thrice-- but more readings will be necessary!
> I'm thinking, the way to kill the no owner's is to code 4 DNS Server
> rules-- one for each app I want to allow...
>
> (a) EXEC.EXE NetZero Internet
> (b) AVAST.SETUP
> (c) ASHMAISV.EXE avast! e-Mail Scanner Service
> (d) ASHWEBSV.EXE avast! Web Scanner
>
> I'm going to try that soon! No other app will be allowed to use the
> NetZero addresses to send/receive DNS after that!
>
Good luck...!!!

>|>>>> (4) Am I leaving myself prone to mayhem by letting
>|>>>> ANY app use this rule-- as the "expert" coded it?
>|>>>> But, why hasn't it happened yet-- or has it????
>|>>>>
>|>>> Gram pappy: No, standard for ISP DNS servers.
>|>>>
>|>> Me: What prevents an ill result when any app can do it?
>|>>>
>| I don't think so, but if you want to tighten this down you can set up
>| a seperate rule for NetZero's primary and secondary DNS servers. Last
>| I looked they have three(64.136.16.21, 64.136.20.21, 64.136.28.21).
>
> Well, I used to have just four addresses in my Primary DNS Server
> rule, but recently I've included the entire NetZero/Juno range into
> it. Therefore, I divine this one rule acts BOTH as a primary & a
> secondary-- & then some!
>
I too use the NetZero address range for DNS servers. Just don't know why
DNS is overriding the application rules...

>|>>>> (4) Why is it restricted to using ports 1024-5000 & 53?
>|>>>>
>|>>> Gram pappy: I assume you are refering to Local ports 1024-5000,
>|>>> some say to narrow down even more to
>|>>> 1031-4999.
>|>>> See Steve Gibson as to why.
>|>>> https://www.grc.com/port_1024.htm
>|>>> And I assume you are refering to Remote port
>|>>> 53,
>|>>> that is normal for ISP DNS servers.
>|>>>
>|>> Me: OK, I'm clicking that now. You are right in your assumptions.
>|>> Are you implying-- so long as it goes to & comes from Port
>|>> 53, NetZero will assure no foul play is involved?
>|>>
>|> Update: Clicking that URL produces a requestor saying
>|> "Revocation information for the security certificate for this site
>|> is not
>|> available". I click NOT to proceed, but the site has already
>|> loaded, anyhow. But it's going to take several readings before I
>|> can even formulate a question. One thing: Port 5000 isn't mentioned
>|> there-- only
>|> 1024-1030 & maybe 1433 and 1434.
>|>
>| At the top of that grc page is a search box left of "Jump" type in
>| 5000 then click Jump and it will go right to it. Can use the jump box
>| to look up
>| any port info...
>
> OK, thanks. These are referring to "local endpoint" ports, which are
> ports here in my machine. Here, currently, is the last 'Primary DNS
> Server' to happen...
>
> 2,[27/Jul/2007 17:40:38] Rule 'Primary DNS Server': Permitted: In UDP,
> 64.136.28.120:53->localhost:1321, Owner: C:\PROGRAM FILES\ALWIL
> SOFTWARE\AVAST4\ASHMAISV.EXE
>
> That was 5 minutes ago-- but I have no port 1321 open for any of the 3
> ASHMAISV.EXE showing in Kerio. Looks like these ports are created &
> closed on an as needed basis. Is it ASHMAISV.EXE that will create a
> port 5000, if it needs to? That should be OK, if it is avast! doing
> it, I think, especially as the rule only permits avast! remote
> addresses. Therefore...
>
> Wouldn't I be OK to restrict DNS by application, instead of worrying
> over ports?
>
Have not read about or seen examples of this...

>| Other ref info:
>|
> http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html#persfire
>| Down a ways on this page is a good section on Personal firewalls.
>| In that section is a broken link to master firewall guru Robert
>| Graham... Remember? I sent you this l-o-n-g web page link about
>| last year. (no bonking on head ) Good head smoking stuff in there...
>| The good link:
>|
> http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
>|
>| Another good l-o-n-g firewall web page:
>|
> http://www.dslreports.com/faq/security/2.5.1._Kerio_and_pre-v3.0_Tiny_PFW
>|
>| OK, a short firewall port web page:
>| http://www.ja.net/cert/bcp/lanports.html
>
> Uhuh, thanks. Those are the ones I've been reading these part 4 years,
> yea. BUT they always require at least one more additional reading! OK,
> yea, thanks, gram pappy.
>
>| good night, err, good morning...
>
> Good evening. And thanks again.
>
When you get Kerio rules all set up, are even now, you can go to GRC's
Shields UP!! page and test for holes in your firewall. On 2nd page do
the first three test. Some say firewall port test results showing
'Stealth'
are misleading,,, but this test will quickly show any open ports... If
you
get a Kerio popup wanting access during test, deny it, and your logs
will
have quite a few denials recorded... The Link:

https://www.grc.com/x/ne.dll?bh0bkyd2


>|>>> -
>|>>> gram
>|>>>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> Should things get worse after this,
> PCR
> pcrrcp@netzero.net
 
P

PCR

PCR wrote:

....snip
| More study is warranted, I'm sure. HOWEVER, a new rule that blocks IE
| from all NetZero addresses-- UDP/TCP, both directions, all ports...
| showed all continues to work-- even uploads & downloads, even at FTP
| sites. I took a download from...
| ftp://ftp.microsoft.com/
|
| And at...
| http://www.speakeasy.net/speedtest
|
| ... uplaods & downloads were happening at approximately the same
| speeds with the new rule switched on or off!

WRONG! Oooops, unfortunately the rule was permitting access-- not
denying it! When the oversight was corrected & the FTP site was
clicked... looked like OE froze. Behind it was a requestor saying that
the FTP was loaded, BUT some function(s) would not work. Therefore...

IE must be allowed UPD, both directions, at the NetZero addresses for
full NET functionality. Sorry!
 
P

PCR

gram pappy wrote:
| PCR <pcrrcp@netzero.net> wrote:
|> gram pappy wrote:
|>| in-line below:
|>|
|>|>PCR <pcrrcp@netzero.net> wrote:
|>|> Updating...
|>|>
|>|>> PCR wrote:
|>|>>> gram pappy wrote:
|>|>>> Reply, (sorry not a quick answer) in-line below:
|>|>>>
|>|>> It's quicker than I've been these past four years, gram pappy,
|>|>> thanks. Also, my own beloved grandfather, himself, could shovel
|>|>> snow quicker than me some 22 years ago in his 90's! More below...
|>|>>
|>|>>>> "PCR" <pcrrcp@netzero.net> wrote in message
|>|>>>> news:%23GMM4FIzHHA.4712@TK2MSFTNGP04.phx.gbl...
|>|>>>> In order to end 17 years of intense study after just 4 or so, I
|>|>>>> hope
|>|>>>> for a quick answer to the following question. Here is my Kerio
|>|>>>> "Primary DNS Server" rule, got from some expert & currently
|>|>>>> modified
|>|>>>> only in that I now include the entire NetZero/Juno address range
|>|>>>> (where earlier I tried to determine just the ones NetZero seemed
|>|>>>> to want to use)...
|>|>>>>
|>|>>>> Protocol: UDP, both directions
|>|>>>>
|>|>>>> Local Endpoint-- Ports: 1024-5000
|>|>>>> -- Application: Any
|>|>>>> Remote Endpoint-- Address: Entire NetZero/Juno range
|>|>>>> -- Port: 53
|>|>>>> ANY app can use it, as currently written. Here are the ones I've
|>|>>>> caught...
|>|>>>>
|>|>>>> (a) EXEC.EXE NetZero Internet
|>|>>>> (b) IEXPLORE.EXE
|>|>>>> (c) no owner << eeek?
|>|>>>> (d) AVAST.SETUP
|>|>>>> (e) ASHMAISV.EXE avast! e-Mail Scanner Service
|>|>>>> (f) PFWADMIN.EXE Kerio Personal Firewall Console
|>|>>>>
|>|>>>> Here's the "no owner". There is only this one, but I haven't
|>|>>>> been tracking this rule long...
|>|>>>>
|>|>>>> 2,[20/Jul/2007 21:15:04] Rule 'Primary DNS Server': Permitted:
|>|>>>> In UDP,
|>|>>>> 64.136.44.74:53->localhost:1055, Owner: no owner
|>|>>>>
|>|>>>> Here is one "AVAST.SETUP". ODD, but I guess legit-- I have no
|>|>>>> program actually named AVAST.SETUP, & no .exe at all in the
|>|>>>> folder mentioned...
|>|>>>>
|>|>>>> 2,[17/Jul/2007 22:30:14] Rule 'Avast! UDP': Permitted: Out UDP,
|>|>>>> localhost:1045->64.136.44.74:53, Owner: C:\PROGRAM FILES\ALWIL
|>|>>>> SOFTWARE\AVAST4\SETUP\AVAST.SETUP
|>|>>>>
|>|>>>> Questions...
|>|>>>>
|>|>>>> (1) Is it legit for IE to be using it?
|>|>>>>
|>|>>> Gram pappy: Yes, as long as Remote IP is in NetZero IP Range.
|>|>>>
|>|>> Me: What makes that safe? Can some app grab control of IE & do
|>|>> bad things with this?
|>|>>
|>| I don't know, but the experts say you must allow this DNS rule to
|>| access the internet.
|>
|> More study is warranted, I'm sure. HOWEVER, a new rule that blocks IE
|> from all NetZero addresses-- UDP/TCP, both directions, all ports...
|> showed all continues to work-- even uploads & downloads, even at FTP
|> sites. I took a download from...
|> ftp://ftp.microsoft.com/
|>
|> And at...
|> http://www.speakeasy.net/speedtest
|>
|> ... uplaods & downloads were happening at approximately the same
|> speeds with the new rule switched on or off!
|>

| Yes it is a puzzle, I just have never seen DNS server rules to block
| applications.

SORRY... I set that IE rule up just right-- BUT forgot to click to DENY
the access. When denied, the FTP site announced it wouldn't fully work.
The message was hidden behind a frozen OE screen. SO...

You & those experts were right, IE must have UDP access to the NetZero
sites, port 53, for full functionality at FTP sites, anyhow. Here is one
of six log entries, all involving "localhost:1025", but with various
NetZero addresses...

1,[28/Jul/2007 13:15:24] Rule 'DNS Alert (Log, Alert)': Blocked: Out
UDP, localhost:1205->64.136.44.74:53, Owner: C:\PROGRAM FILES\INTERNET
EXPLORER\IEXPLORE.EXE

No good! It's GOT to be allowed-- or don't go clicking an FTP site!

| I now only use NetZero(free) as a backup ISP, as my primary ISP is now
| Xanadoo Wireless and it too allows DNS, server port 53 access for:
| AVG AV update
| Internet Explorer
| Outlook Express
| Firefox
| SpywareBlaster update
| Don't know why these are not using there own rules and ports I have
| set...!!! more digging, more study is right.

Agreed. So... I've added IE to the other 4 that are explicitely
allowed...

(a) EXEC.exe NetZero Internet
(b) AVAST.SETUP
(c) ASHMAISV.exe avast! e-Mail Scanner Service
(d) ASHWEBSV.exe avast! Web Scanner
(e) IExplore.exe

Let's see how that goes, & whether the "no owner's" can be stopped that
way & uneventfully.

So far, still so good preventing PFWADMIN.exe & RPCSS.exe any UPD/TCP
access at all. Others I prevent that way are PERSFW.exe, CIJ3P2PS.exe, &
RNAAPP.exe.

|>|>>>> (2) Should I block PFWADMIN.EXE?
|>|>>>> [NOTE: In another rule (probably by yosponge)
|>|>>>> PersFW.exe (Kerio Personal Firewall Engine) IS blocked.]
|>|>>>>
|>|>>> Gram pappy: Yes, I use a combination of Spunge, Shaolin and
|>|>>> BlitzenZeus rulesets. They block both
|>|>>> Persfw and Pfwadmin.
|>|>>
|>|>> Me: I'm a mishmosh, myself, possibly of the same experts.
|>|>> But finally I want to know what it's about!
|>|>>
|>|> Update: I've blocked PFWADMIN.EXE now too
|>|> so far, nothing untoward has happened.
|>|>
|>| Looking back at my yosponge data, on his web page he says it is
|>| usually safe to allow PERSFW.EXE, but in his ruleset he has it
|>| blocked?...!!! I have blocked both for years...
|>
|> I'm blocking both too now-- but I remain vigilant for the first sign
|> of a catastrophe & will continue to remain so for six years!
|>
|>|>>>> (3) I guess I must get rid of that "no owner",
|>|>>>> but could it just be some kind of Kerio glitch?
|>|>>>>
|>|>>> Gram pappy: Don't see problem as long as Remote IP
|>|>>> is in NetZero IP Range.
|>|>>>
|>|>> Me: Why? NOW, probably due to better tracking, I've got SIX
|>|>> more of those so far today. They always are INCOMING...
|>|>>
|>|>> 2,[24/Jul/2007 15:09:06] Rule 'Primary DNS Server': Permitted: In
|>|>> UDP,
|>|>> 64.136.44.74:53->localhost:1589, Owner: no owner
|>|>>
|>|>> 2,[24/Jul/2007 15:09:20] Rule 'Primary DNS Server': Permitted: In
|>|>> UDP,
|>|>> 64.136.44.74:53->localhost:1641, Owner: no owner
|>|>>
|>|>> 2,[24/Jul/2007 15:09:22] Rule 'Primary DNS Server': Permitted: In
|>|>> UDP,
|>|>> 64.136.28.121:53->localhost:1641, Owner: no owner
|>|>>
|>|>> 2,[24/Jul/2007 15:09:58] Rule 'Primary DNS Server': Permitted: In
|>|>> UDP,
|>|>> 64.136.44.74:53->localhost:1702, Owner: no owner
|>|>>
|>|>> 2,[24/Jul/2007 15:10:54] Rule 'Primary DNS Server': Permitted: In
|>|>> UDP,
|>|>> 64.136.44.74:53->localhost:1880, Owner: no owner
|>|>>
|>|>> 2,[24/Jul/2007 15:10:58] Rule 'Primary DNS Server': Permitted: In
|>|>> UDP,
|>|>> 64.136.44.74:53->localhost:1884, Owner: no owner
|>|>>
|>| If I set a last rule to block all other incomming TCP, I will get
|>| these. I have read to not have such a rule... Other causes are
|>| shown here: http://www.mynetwatchman.com/kb/res-falsepos.htm
|>
|> I've read through that thrice-- but more readings will be necessary!
|> I'm thinking, the way to kill the no owner's is to code 4 DNS Server
|> rules-- one for each app I want to allow...
|>
|> (a) EXEC.EXE NetZero Internet
|> (b) AVAST.SETUP
|> (c) ASHMAISV.EXE avast! e-Mail Scanner Service
|> (d) ASHWEBSV.EXE avast! Web Scanner

IEXPLORE had to be added in!

|>
|> I'm going to try that soon! No other app will be allowed to use the
|> NetZero addresses to send/receive DNS after that!
|>
| Good luck...!!!

Thanks. Well, you know, I've just added IExplore to it for FTP access
(at least). Soon, I will go online again & see whether that settles it.
Hopefully, nothing else will require DNS access to those NetZero sites &
all continues to work! Then, it will be on to fine tune my other rules!

|>|>>>> (4) Am I leaving myself prone to mayhem by letting
|>|>>>> ANY app use this rule-- as the "expert" coded it?
|>|>>>> But, why hasn't it happened yet-- or has it????
|>|>>>>
|>|>>> Gram pappy: No, standard for ISP DNS servers.
|>|>>>
|>|>> Me: What prevents an ill result when any app can do it?
|>|>>>
|>| I don't think so, but if you want to tighten this down you can set
|>| up a seperate rule for NetZero's primary and secondary DNS servers.
|>| Last I looked they have three(64.136.16.21, 64.136.20.21,
|>| 64.136.28.21).
|>
|> Well, I used to have just four addresses in my Primary DNS Server
|> rule, but recently I've included the entire NetZero/Juno range into
|> it. Therefore, I divine this one rule acts BOTH as a primary & a
|> secondary-- & then some!
|>

| I too use the NetZero address range for DNS servers. Just don't know
| why DNS is overriding the application rules...

What do you mean by overriding the rules? Do you mean you don't know why
IE (for example) uses NetZero addresses instead of MS addresses? I
wonder... if I code a rule in Kerio permitting IE to have UDP access to
MS addresses-- would it stop using the NetZero ones?

|>|>>>> (4) Why is it restricted to using ports 1024-5000 & 53?
|>|>>>>
|>|>>> Gram pappy: I assume you are refering to Local ports 1024-5000,
|>|>>> some say to narrow down even more to
|>|>>> 1031-4999.
|>|>>> See Steve Gibson as to why.
|>|>>> https://www.grc.com/port_1024.htm
|>|>>> And I assume you are refering to Remote port
|>|>>> 53,
|>|>>> that is normal for ISP DNS servers.
|>|>>>
|>|>> Me: OK, I'm clicking that now. You are right in your assumptions.
|>|>> Are you implying-- so long as it goes to & comes from Port
|>|>> 53, NetZero will assure no foul play is involved?
|>|>>
|>|> Update: Clicking that URL produces a requestor saying
|>|> "Revocation information for the security certificate for this site
|>|> is not
|>|> available". I click NOT to proceed, but the site has already
|>|> loaded, anyhow. But it's going to take several readings before I
|>|> can even formulate a question. One thing: Port 5000 isn't mentioned
|>|> there-- only
|>|> 1024-1030 & maybe 1433 and 1434.
|>|>
|>| At the top of that grc page is a search box left of "Jump" type in
|>| 5000 then click Jump and it will go right to it. Can use the jump
|>| box to look up
|>| any port info...
|>
|> OK, thanks. These are referring to "local endpoint" ports, which are
|> ports here in my machine. Here, currently, is the last 'Primary DNS
|> Server' to happen...
|>
|> 2,[27/Jul/2007 17:40:38] Rule 'Primary DNS Server': Permitted: In
|> UDP,
|> 64.136.28.120:53->localhost:1321, Owner: C:\PROGRAM FILES\ALWIL
|> SOFTWARE\AVAST4\ASHMAISV.EXE
|>
|> That was 5 minutes ago-- but I have no port 1321 open for any of the
|> 3 ASHMAISV.EXE showing in Kerio. Looks like these ports are created &
|> closed on an as needed basis. Is it ASHMAISV.EXE that will create a
|> port 5000, if it needs to? That should be OK, if it is avast! doing
|> it, I think, especially as the rule only permits avast! remote
|> addresses. Therefore...
|>
|> Wouldn't I be OK to restrict DNS by application, instead of worrying
|> over ports?
|>
| Have not read about or seen examples of this...

I'm going to shoot for it, beginning with this DNS rule. In the end, the
only rules with "any application" in them will be DENIAL's. All of the
PERMIT's I hope to be on a per application basis! And they ONLY will be
permitted to addresses I know are legit. That's the plan!

Too bad Kerio doesn't allow a list of applications in a single rule,
though, as it does do with ports & addresses. SO, currently I have 5 DNS
Server rules now-- instead of just one. However, I'd have half a
million, if addresses & ports were singular too!

|>| Other ref info:
|>|
|>
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html#persfire
|>| Down a ways on this page is a good section on Personal firewalls.
|>| In that section is a broken link to master firewall guru Robert
|>| Graham... Remember? I sent you this l-o-n-g web page link about
|>| last year. (no bonking on head ) Good head smoking stuff in
|>| there... The good link:
|>|
|>
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
|>|
|>| Another good l-o-n-g firewall web page:
|>|
|>
http://www.dslreports.com/faq/security/2.5.1._Kerio_and_pre-v3.0_Tiny_PFW
|>|
|>| OK, a short firewall port web page:
|>| http://www.ja.net/cert/bcp/lanports.html
|>
|> Uhuh, thanks. Those are the ones I've been reading these part 4
|> years, yea. BUT they always require at least one more additional
|> reading! OK, yea, thanks, gram pappy.
|>
|>| good night, err, good morning...
|>
|> Good evening. And thanks again.
|>
| When you get Kerio rules all set up, are even now, you can go to GRC's
| Shields UP!! page and test for holes in your firewall. On 2nd page do
| the first three test. Some say firewall port test results showing
| 'Stealth'
| are misleading,,, but this test will quickly show any open ports... If
| you
| get a Kerio popup wanting access during test, deny it, and your logs
| will
| have quite a few denials recorded... The Link:
|
| https://www.grc.com/x/ne.dll?bh0bkyd2

Thanks. I may have been there & passed before. However, I will go again
when through with my current machinations.

|
|>|>>> -
|>|>>> gram
|>|>>>
|> --
|> Thanks or Good Luck,
|> There may be humor in this post, and,
|> Naturally, you will not sue,
|> Should things get worse after this,
|> PCR
|> pcrrcp@netzero.net

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
Should things get worse after this,
PCR
pcrrcp@netzero.net
 
You must log in or register to reply here.

Similar threads

R
What is "DNS Server Forward Rule - TCP/UDP 645HD8HD73BD83H-DH73D37-D37DG3"???
Replies
0
Views
199
Rick_Firewire
R
A
Cannot connect to internet - Windows can't communicate with the device or resource (primary DNS server)
Replies
0
Views
295
AminYa
A
Back
Top Bottom