Test To Simulate Running Without a Firewall

Kerio 2.1.5 with Rules configured
to permit all traffic Inbound< - >Outbound

November 26 - 29, 2005


image
Home system, Stand-alone computer, dial-up

Win2K, SP4

Deep Freeze

RegDefend   (evaluation version for monitoring during this test)

Anti-Executable   (installed to log any alerts at drive-by download during this test)


GRC Port Scan

All ports are closed (not Stealth) by the OS except Port 135, which I left open to test:
  • disabling of DCOM (msblaster worm exploit)
  • and Messenger Services (Pop-up messenger spam)
image


Some Loggings


Port 135 Probe - msblaster

from www.keyfocus.net:

     If attacked by the Blaster worm you will see the following two events in quick succession.
  • Port 135
  • Port 4444

image

No suspicious behavior was noted; no security alerts to install anything.

Probing a group of ports
image

Port 25 SMTP Probe
image

Other
image image image image

image

image

image image

etc...

Conclusion

It is possible to have inbound protection without a firewall.

Disclaimer:

I am not recommending this for others.

image