I know this has been discussed to death..... but I tried a few other FW/AV combos before settling back to OP/NOD as the best combo I could find that met my requirements. The problem I noted on reinstalling OP6/NOD3 is that the automated rules are, I believe, wrong. The automated rules for ekrn.exe are allow DNS, TCP out all and inbound 30606 TCP all. After setting up my system and putting it in the DMZ off the router, port 30606 shows either open or closed on various port scanners. Adding the "My_Computer" macro for a remote address in the ekrn.exe rules makes the port stealthed on all port scans. Question is, has anyone else tried this and if so does it create problems? If the additional setting is correct and more secure how does one get Agnitum to update their ruleset? Again, sorry for dragging out the dead horse.... :D
I know this has been discussed to death..... If the additional setting is correct and more secure how does one get Agnitum to update their rule set? Again, sorry for dragging out the dead horse.... :DHello msrourke,
The more restrictive my_computer setting is definitely more correct than an allow all. The rule to allow all lets the proxy respond to the network traffic and it reports closed. The restriction to only the computer itself allows Outpost to drop the packets instead (stealth).
The way to get the rules improved, in theory anyway, is to participate in ImproveNet. Another would be to write to support and ask them why the engineers think the proxy needed to be accessed FROM any address.
 I could use some help again...
 Lost Licences |
Sorry, but more on NOD proxy...