Post Reply 
Does Proxomitron have a speed limitation ?
Jan. 01, 2005, 05:39 AM
Post: #16
 
there are a couple of esoteric vuln.s over at DSLR and Securityfocus, mainly about malformed inbound packets...
I'll try a lookup in my bookmarks... [it's been 12 months since i last saw Kerio 2x, longer since i sorted my bookmarks]
here's some googling fun

http://www.google.com/search?q=kerio+vulnerability
http://www.issociate.de/board/post/134115/...nerability.html
kerio v4 [older v4] http://www.issociate.de/board/post/135915/...nerability.html

<span style='font-size:8pt;line-height:100%'><i><span style='color:#0000FF'>Projekt</span> </span><span style='color:#FF0000'>D</span><span style='color:#008200'>F</span><span style='color:#8449a5'>S</span></i> : <b><span style='color:#0000FF'>projekt</span><span style='color:#FF0000'>d</span><span style='color:#008200'>f</span><span style='color:#8449a5'>s</span></b>[at]<span style='color:BLUE'>g</span><span style='color:RED'>m</span><span style='color:#ce9a31'>a</span><span style='color:BLUE'>i</span><span style='color:#008200'>l</span><span style='color:BLACK'>.</span><span style='color:#8449a5'>com </span><span style='color:BLACK'>: <u>What</u> is it?</span><br>It&#39;s ONLINE <span style='color:#FF0000'><span style='font-size:10pt;line-height:100%'>NOW</span></span>&#33;&#33;&#33;pm me for url. max 250 users. by invite only please.
Add Thank You Quote this message in a reply
Jan. 01, 2005, 05:42 AM
Post: #17
 
http://secunia.com/product/1493/
happy hunting

<span style='font-size:8pt;line-height:100%'><i><span style='color:#0000FF'>Projekt</span> </span><span style='color:#FF0000'>D</span><span style='color:#008200'>F</span><span style='color:#8449a5'>S</span></i> : <b><span style='color:#0000FF'>projekt</span><span style='color:#FF0000'>d</span><span style='color:#008200'>f</span><span style='color:#8449a5'>s</span></b>[at]<span style='color:BLUE'>g</span><span style='color:RED'>m</span><span style='color:#ce9a31'>a</span><span style='color:BLUE'>i</span><span style='color:#008200'>l</span><span style='color:BLACK'>.</span><span style='color:#8449a5'>com </span><span style='color:BLACK'>: <u>What</u> is it?</span><br>It&#39;s ONLINE <span style='color:#FF0000'><span style='font-size:10pt;line-height:100%'>NOW</span></span>&#33;&#33;&#33;pm me for url. max 250 users. by invite only please.
Add Thank You Quote this message in a reply
Jan. 01, 2005, 06:57 PM
Post: #18
 
Odyssey > ? How many connections are your browsers opening to Proxo? ?

How see that ? In Proxomitron ? When I download there are one active connection only, at each file. In Opera the maximum is set to 8 (default) and I don't know the importance of this option.

no13 > I already try Firefox for the test.

? Use the trial of Kerio 4x and see what changes comes up (poor logging abilities and poorer GUI... but fixes a couple of vuln.s in 2x which is now unsupported) At least it can import your 2x rules... ?

Yes he can import but I don't know where rules are located after. I tried Kerio 4.xx one month ago to think about a "After-Kerio 2.1.5" before format (a good occasion to test firewalls, we know that they can make conflicts etc...), it was a disaster, I don't arrive to set rules, I am even not sure if we can set him !

I don't want retry Kerio 4.xx, but I can try with Look'n Stop, who was correct. If I can find the time to that, after all there are festivals, and after the work...

besafe > As it is in my screenshot.
All browsers TCP OUT Remote 127.0.0.1:8080
Proxomitron TCP OUT Remote All IP:21,80,81,119,443,1338,3128,6969,8000,8080,9999
Proximodo same thing.

no13 > Vulnerabilities of Kerio 2.1.5 are essentialy local, so not critical. The "Interface Buffer Overflow and Replay Attack" need to activate the Remote Administration, in a home computer it is not the case. And it concerns 2.1.4 and prior, not 2.1.5 (or there are a small error in the description).
I found in a french security site that the SYN attack needs a volontary attack on your computer, there are few chances to take this. Windows can be set to prevent this problem, see this website for details.
Add Thank You Quote this message in a reply
Jan. 04, 2005, 01:35 AM
Post: #19
 
Nethan:
Sorry about not seeing your config screenshot; sometimes I read a little too fast and miss things. Wink
Have you tried disabling Kerio with proxo running to see if that makes a difference? (hopefully you didn't already say that)
Add Thank You Quote this message in a reply
Jan. 04, 2005, 11:10 PM
Post: #20
 
Nethan;
Quote:Oddysey
Oddysey Wrote:? How many connections are your browsers opening to Proxo? ?
How (do I) see that in Proxomitron ?

You can open either the main Proxo dialog window, or Proxo's log window, and at the very bottom (of either window), you should see the number of active connections. In Proxo's Main dialog window, if you see one or more connections are remaining open after everything is loaded, you can hit the Abort button to kill those open connections. Then see if your surfing speeds up, or at least connects. The log window is better for this operation.

In most cases, you will notice only 1 connection open at a time, unless your page is requesting addtional resources such as image files, stylesheets, etc. The usual OS setting for the maximum number of open connections is 8, but some folks report better success at only 4. Others think that it works better if you set it very high, like 20 or 30. Personally, I don't see any difference in overall speed no matter what maximum number I set. Obviously, there are other factors to consider, and I just haven't taken the time to do as I suggest to others - visit the speed benchmarking sites, and fine-tune my registry settings. I know, shame on me. Sad

While Proxo doesn't make any changes to your registry, there are times when it does not pay to have too many connections open at once. We know that for every connection opened by a browser, Proxo should simply reflect that onto the 'net, and not introduce any delays. However, it is my "gut-feeling" that when one configures his system to do things that are unexpected by other software, then "things go bump in the night". Such a case is amply demonstrated by using a local proxy server as the output of your browser. I'll bet shekels to shillelaughs that the team that wrote your browser never even considered that a user might install a local proxy server (no matter what browser you use)!

Sorry I wasn't more of a help for you.


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jan. 05, 2005, 09:46 PM
Post: #21
 
Hello,

? How (do I) see that in Proxomitron ? ?

Oups Big Teeth Saved for the next use Big Teeth

So, I find the time to try to disable Kerio Smile!

I disable the automatic start of Kerio at each reboot, with the option for that in Kerio and I set Perfsw on "disabled" in the Services options of Windows, by security, and after, I rebooted.

No Kerio at start, correct... I launch the connexion, I try and... No changes, always 25KB/s with Proxomitron Sad

I made many tweaks on the system, the problem can be everything and anything (registry tweaks, or Litestep use, etc...), so I will adapt my download practice in consequence for the moment.
I don't see what modifications can be the problem, specially when I never apply connection tweaks.

At the next format, I will gradually apply my modifications to find what make this problem. But it won't be done before a long moment because I don't need to format now so... :/

Thanks all for your help and the time that you gave me Smile!
Add Thank You Quote this message in a reply
Jan. 05, 2005, 10:26 PM
Post: #22
 
Nethan,
Quote:Thanks all for your help and the time that you gave me Smile!


No problem, mon ami! :P

Do keep us up-to-date with what you learn, OK? Take your time, and come back to this thread when you've got more to report - we'll be waiting. Wink


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jan. 06, 2005, 12:25 AM
Post: #23
 
Nethan Wrote:Thanks all for your help and the time that you gave me Smile!
Good luck.

besafe
Add Thank You Quote this message in a reply
Mar. 21, 2005, 12:48 PM
Post: #24
 
Hello,

As asked, I post a report. The time passed and I find the origin of this limitation.

Of course, do a format is the worst but efficient solution. No limitation exist in a new system, SP2/SP3/SP4 don't have any inpact, Kerio same thing...

The limitation is applied by a software called Zigstack, a small security software that you can find informations and download links easily with Google.
This software has only one function : Apply easily some registry hacks to enable some sleeping Windows protections, like SYN flood attacks protection, etc...

The problem is precisely "SYN flood attacks protection", or called SynAttackProtect in registry (Few Informations here).

I activated ONLY this option in Zigstack, and reboot, and the speed limitation in browsers appears...

I disable it (always by Zigstack) and re-reboot, the speed became normal.

If I have the time, I will try to activate it again to be absolutely sure, but normaly it is it Smile!

Next time that I want upgrade my security, I will try to take informations BEFORE Big Teeth

Cordialy,
Nethan
Add Thank You Quote this message in a reply
Mar. 21, 2005, 11:24 PM
Post: #25
 
Nethan,

Good find! Glad you could figure it out. Cheers

Never heard of zigstack before, and from what you're reporting, not sure that I need to check it out. :o

Now tell us what else you're using for security, OK? Wink


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Mar. 22, 2005, 11:23 AM
Post: #26
 
Very interesting, Nethan. Probably others will run into this problem as well sooner or later.

Just checked and noticed that this value was set to "1" (better protection) in my registry already, and i didn't notice any speed limitations so far -- I have 1 Mbit downstream. I guess you had a value of "2" (best protection) and didn't touch the advanced values? Gotta test that...

sidki
Add Thank You Quote this message in a reply
Mar. 22, 2005, 05:29 PM
Post: #27
 
Hello,

? Now tell us what else you're using for security, OK? ?

Besides Zigstack, no more strange softwares Big Teeth
"Standards" Big Teeth like Kerio 2.1.5, Kaspersky AntiVirus, Spybot S&D are in my system.

sidki3003 >

Yes the value set by Zigstack is "2" (Sources are included, I don't know programming but Pascal/Delphi is not really uncomprehensible : if CheckBox1.Checked then Registry.WriteInteger('SynAttackProtect',2)).

I just made a .REG file to apply this modification without Zigstack, with the value of "2" of course.
After the reboot, The problem reappears <_<

I will retire this modification and reboot to have an ultimate confirmation.
Add Thank You Quote this message in a reply
Mar. 23, 2005, 10:28 PM
Post: #28
 
Sorry for the late report, but I had a hardware problem with my power supply...

The reboot confirmes, this key set at "2" (don't know for "1") is the responsible of the speed limitation in my system, and disable it solves the problem Smile!
Add Thank You Quote this message in a reply
Mar. 26, 2005, 02:20 PM
Post: #29
 
I've tested it for a bit, and i see the problem as well. Although it doesn't look like a connection speed decrease in my case. More like a bottleneck if you have a bunch of simultaneous connections. I've added it to the FAQ that i maintain (General -> Q6).

sidki
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: