PDA

View Full Version : LooknStop Fails Test

darksky
January 26th, 2003, 04:25 PM
Activated LooknStop and imported the Advanced RuleSet. Tested against PC-Flank - even on QuickTest, it failed to stealth Port 80.

Ruleset attached, what can be done to stealth this port?? ???
darksky
January 26th, 2003, 04:27 PM
See PCFlank Test Results below: :(
Klaude
January 27th, 2003, 04:04 PM
-{ Quote: "what can be done to stealth this port??" }-

Create a rule to block port 80. ;)
Klaude
January 27th, 2003, 04:11 PM
In your "Internet Filtering List", looks like...
Frederic
January 27th, 2003, 04:25 PM
Would be interesting to select the http://www.looknstop.com/Fr/images/faq_look.gif as well to see if the packets are seen and not blocked, or not seen at all.

Frederic
SKA
January 27th, 2003, 09:20 PM
Where shud such a rule(Block 80) appear be in the list of advanced rules ?

SKA
Klaude
January 27th, 2003, 11:16 PM
There's no rule to block the port 80 in the advanced rules set I think. So you need to create one if needed, and you put it "at the top" of the list if you wish.
MickeyTheMan
January 28th, 2003, 12:49 AM
Darksy, any reason why you deactivated rule 4 & 5 ?
MickeyTheMan
January 28th, 2003, 12:58 AM
-{ Quote: " quoting: Klaude link=board=13;threadid=6720;start=0#45120 date=1043727378]
There's no rule to block the port 80 in the advanced rules set I think. So you need to create one if needed, and you put it "at the top" of the list if you wish.
" }-
http://itsec.commontology.de/firewalls/lns/block%2080%20outbound.gif

That rule is really to prevent EDexter, spyblocker and similar apps to send out info, which they shouldn't in the first place

BTW, That site is a good place to learn about rules http://itsec.commontology.de/firewalls/lns/lns-rules.html
darksky
January 28th, 2003, 01:15 AM
Added rule for Port 80 - still, LooknStop is failing to stealth port on PCFlank's QuickTest. See below
darksky
January 28th, 2003, 01:16 AM
See below
darksky
January 28th, 2003, 01:17 AM
Still failing to stealth on QuickTest of PCFlank...see test below:
Klaude
January 28th, 2003, 08:37 AM
Weird. :o
Like Frederic said, select the ! to see if the packets are seen and not blocked, or not seen at all.
Check your logs after...
Did you try the test elsewhere ?
Use the "Advanced port scanner" at PCFlank just to scan ONE port, 80 in your case. Same result ?
darksky
January 28th, 2003, 01:28 PM
Hi,

I selected ! and re-ran the test...

My stats are below:

Thanks....
Vampirefo
January 31st, 2003, 02:11 PM
Post your logs, I am guessing your ISP is blocking port 80, meaning your port 80 is not being scanned, your ISP's port 80 is being scanned instead of yours.


Look in your logs, do you see a scan on port 80? I think not.