Phant0m
September 7th, 2003, 10:17 AM
Phant0m``s Rule-set $v4.1
http://www.wilderssecurity.info/images/Phant0m_Rule-set.PNG
I’m proud to announce the public release of Phant0m`` Rule-set $v4.1; It’s most likely the last version of Phant0m``s Rule-set for Look ‘n’ Stop v2.04p2, any additional updates will be provided via “Importable” rules. I had suspended ARP Security measures by Default of Phant0m`` Rule-set $v4.1 usage, though the two ARP rules for Security measures still exists but disabled by Default. Any Technical Support for ARP Security measures setup will be still available via Look ‘n’ Stop Official English Forum for those who more than interested in getting the Maximum Level Software Security…
Necessary Configuring & Activation required for the following Rules;
DNS-Allowed-1 (By Default this rule uses “Equal Or” Technology which allows you to specify both Primary and Secondary DNS servers using the one rule.)
DNS-Allowed-2 (This is offered to those who has more than 2 DNS servers giving by the rare few ISP)
BOOTP / DHCP
BOOTP / DHCP.
Alright now there’s special Rule-Ordering which needs to be followed;
- Authorizing Incoming TCP Connections to Locally hosted server Software you place the rules just below or above “HTTP-SERV” rule, you can use this “HTTP-SERV” rule for an example of creating server rules. And absolutely ensure you configure the server Application to the rules Application List.
- Authorizing Outgoing TCP Connections from the local Machine you place the rules just below or above “www-http-1=80” rule, you can use this “www-http-1=80” rule for an example of creating Client Applications TCP Outgoing rules.
There are two ICMP rules “ICMP : Ping other (Req)”, & “ICMP : Ping other (Rsp)” which are disabled by Default and if you wish to have PING capabilities you’ll need to Enable these. “ICMP : Ping other (Req)” rule authorizes Outgoing, and “ICMP : Ping other (Rsp)” rule authorizes incoming. In Reference to the “ICMP : Ping other (Rsp)” rule please visit http://www.wilderssecurity.info/pg21.shtml.
“SYN Time” Rule has been updated for time.windows.com & time.nist.gov for Internet time servers.
Following rules that blocks Inbounds without annoying Warnings are;
+microsoft-ds
+Block NetBIOS-ns|dgm
Following rules that blocks Outbounds without annoying Warnings are;
+MSN Privacy Violations
+Block NetBIOS
ICMP : Allow
Regarding FTP issues, please visit http://www.wilderssecurity.info/pg40.shtml.
There as been few additions to the Phant0m``s Rule-set, and http://www.wilderssecurity.info/pg41.shtml has been updated to provide Phant0m``s Rule-set $v4.1 Rule Definition.
Any Questions, Suggestions or comments are much appreciated…
Enjoy!
http://www.wilderssecurity.info/images/Phant0m_Rule-set.PNG
I’m proud to announce the public release of Phant0m`` Rule-set $v4.1; It’s most likely the last version of Phant0m``s Rule-set for Look ‘n’ Stop v2.04p2, any additional updates will be provided via “Importable” rules. I had suspended ARP Security measures by Default of Phant0m`` Rule-set $v4.1 usage, though the two ARP rules for Security measures still exists but disabled by Default. Any Technical Support for ARP Security measures setup will be still available via Look ‘n’ Stop Official English Forum for those who more than interested in getting the Maximum Level Software Security…
Necessary Configuring & Activation required for the following Rules;
DNS-Allowed-1 (By Default this rule uses “Equal Or” Technology which allows you to specify both Primary and Secondary DNS servers using the one rule.)
DNS-Allowed-2 (This is offered to those who has more than 2 DNS servers giving by the rare few ISP)
BOOTP / DHCP
BOOTP / DHCP.
Alright now there’s special Rule-Ordering which needs to be followed;
- Authorizing Incoming TCP Connections to Locally hosted server Software you place the rules just below or above “HTTP-SERV” rule, you can use this “HTTP-SERV” rule for an example of creating server rules. And absolutely ensure you configure the server Application to the rules Application List.
- Authorizing Outgoing TCP Connections from the local Machine you place the rules just below or above “www-http-1=80” rule, you can use this “www-http-1=80” rule for an example of creating Client Applications TCP Outgoing rules.
There are two ICMP rules “ICMP : Ping other (Req)”, & “ICMP : Ping other (Rsp)” which are disabled by Default and if you wish to have PING capabilities you’ll need to Enable these. “ICMP : Ping other (Req)” rule authorizes Outgoing, and “ICMP : Ping other (Rsp)” rule authorizes incoming. In Reference to the “ICMP : Ping other (Rsp)” rule please visit http://www.wilderssecurity.info/pg21.shtml.
“SYN Time” Rule has been updated for time.windows.com & time.nist.gov for Internet time servers.
Following rules that blocks Inbounds without annoying Warnings are;
+microsoft-ds
+Block NetBIOS-ns|dgm
Following rules that blocks Outbounds without annoying Warnings are;
+MSN Privacy Violations
+Block NetBIOS
ICMP : Allow
Regarding FTP issues, please visit http://www.wilderssecurity.info/pg40.shtml.
There as been few additions to the Phant0m``s Rule-set, and http://www.wilderssecurity.info/pg41.shtml has been updated to provide Phant0m``s Rule-set $v4.1 Rule Definition.
Any Questions, Suggestions or comments are much appreciated…
Enjoy!