new user of Look'n Stop

[cet]

I have used many firewalls up to now,but mostly with the default configuration.I just won a license of Look'n Stop Firewall from COU and I am eager to use it.My first question is ;do I need a HIPS to complement this firewall? Since I was using Outpost and it had some HIPS in it.
I have been reading rulesets for Look'n Stop,isn't the default configuration enough to use? do I have to make changes?
I use Teamviewer to connect to my parents PC.I do not see any rules for it,how can I make that program work.
I tried Look'n Stop on my virtual machine and I also added the Limewire rule to the standart ruleset but still I cannot connect to Limewire .Is there anything I am doing wrong?
I am also using Open DNS are there any special rules for that?
Thanks in advance. Sorry to ask too many questions.But it is a lightweight super firewall which I want to learn to use.

[cqpreson]

I just know the default rules is far from enough.If you want use your software normally,you will need to set them.I think P v8 ruleset is good choice .

[Triple Helix]

This is what cqpreson was trying to talk about and is Highly recommended! Oh and nice to see you again cet!

http://www.mntolympus.org/

TH

[Frederic]

Quote:

Originally Posted by cet

IMy first question is ;do I need a HIPS to complement this firewall? Since I was using Outpost and it had some HIPS in it.

There is no HIPS feature in Look 'n' Stop, only "pure" firewall features
So the answer to your question is Yes.

Regards,

Frederic

[Creer]

Hi,

I'm also, like cet, new in L'n'S, I have this fw installed on my second computer and I'm really impressed how powerful and light it is.

But, as a new user I have some questions about L'n'S to better understand this product.
- First of all... What does it mean?
Source (PC>>Net) / Destination (Net>>PC) ------- Destination (PC>>Net) / Source (Net>>PC)
is it about outgoing ------- incoming conection?

- What are the differences between these rules:
a) http://img193.imageshack.us/img193/5443/75685199.png
b) http://img148.imageshack.us/img148/3114/66377011.png
c) http://img34.imageshack.us/img34/1457/16180927.png
d) http://img148.imageshack.us/img148/3306/64511593.png
which one is correct? Does both c and d are needed or maybe only a or b? What are the reall differences between these rules?

If the left side is for outgoing conection then if I set it up, and leave right side (incoming conections?) with (All, and All for IP address and TCP/UDP) then it is critical?

But if I select "Direction > Inbound&Outbound" then if port In/Out is the same for one application I have to/should declare it on left and right side?


TIA,
Creer

[Frederic]

Quote:

Originally Posted by Creer

Hi,

I'm also, like cet, new in L'n'S, I have this fw installed on my second computer and I'm really impressed how powerful and light it is.

But, as a new user I have some questions about L'n'S to better understand this product.
- First of all... What does it mean?
Source (PC>>Net) / Destination (Net>>PC) ------- Destination (PC>>Net) / Source (Net>>PC)
is it about outgoing ------- incoming conection?

Source and Destination refer to the IP/TCP/UDP protocol field terminology.
Depending on the direction of the packet, the port and the IP address are Source or Destination (typically your IP address is Source when you send packets PC>>Net, but is a destination address for packets you receive Net>>PC).
Yes, it's another view of outgoing/incoming connections.
For an incoming server connection (when your PC listen to a port and accept packets) a port has to be specified in the "Source (PC>>Net) / Destination (Net>>PC)" side.
For an outgoing client connection (when your PC connect to a server) a port has to be specified in the other side: Destination (PC>>Net) / Source (Net>>PC).

Quote:

- What are the differences between these rules:
a) http://img193.imageshack.us/img193/5443/75685199.png

This one is not correct. Your IP can't be Source and Destination for one specific packet.

Quote:

b) http://img148.imageshack.us/img148/3114/66377011.png

If you want your PC to accept incoming connections on port 32411, this rule is correct.

Quote:

c) http://img34.imageshack.us/img34/1457/16180927.png
d) http://img148.imageshack.us/img148/3306/64511593.png

c+d is equivalent to b.

Quote:

If the left side is for outgoing conection then if I set it up, and leave right side (incoming conections?) with (All, and All for IP address and TCP/UDP) then it is critical?

For an outgoing connection, the port has to be indicated on the "right" side.
Your IP address remains on the "left" side. And eventually you can also specify the IP of the remote server (if you know it) on the "right" side.

Quote:

But if I select "Direction > Inbound&Outbound" then if port In/Out is the same for one application I have to/should declare it on left and right side?

No, most of the time you should not enter the same port on both sides, because the connection port appears only once in the packet (either as a source or as a destination port).
However, for some UDP cases the port can be identical for source and destination in one packet. So it may happens anyway some UDP rules enter the same port on both sides.

Regards,

Frederic

[Creer]

Quote:

Originally Posted by Frederic

Source and Destination refer to the IP/TCP/UDP protocol field terminology.
Depending on the direction of the packet, the port and the IP address are Source or Destination (typically your IP address is Source when you send packets PC>>Net, but is a destination address for packets you receive Net>>PC).
Yes, it's another view of outgoing/incoming connections.
For an incoming server connection (when your PC listen to a port and accept packets) a port has to be specified in the "Source (PC>>Net) / Destination (Net>>PC)" side.
For an outgoing client connection (when your PC connect to a server) a port has to be specified in the other side: Destination (PC>>Net) / Source (Net>>PC).


This one is not correct. Your IP can't be Source and Destination for one specific packet.

If you want your PC to accept incoming connections on port 32411, this rule is correct.

c+d is equivalent to b.

Thank you very much for your explanations Frederic.
Indeed it's not easy to understand it, but after your clarifications I think I understand it a little bit more

Quote:

For an outgoing connection, the port has to be indicated on the "right" side.
Your IP address remains on the "left" side. And eventually you can also specify the IP of the remote server (if you know it) on the "right" side.

OK, so for outgoing connection, the port has to be indicated on the right side, because my PC in that moment is a Destination for other PC's which receive outgoing packets from me, right?

Additionally I have another question - When I login into Windows process looknstop.exe is loading during this all my taskbar icon's looks like this one on the screen (blank). When I close looknstop.exe and start it again - situation looks the same and icons are blank/white for ~2-3 seconds, after that back to the normal. Any ideas why it happens? Is it normal? (I use Windows 7 RC build 7100, 32-bit)


Thanks,
Creer

[Frederic]

Quote:

Originally Posted by Creer

OK, so for outgoing connection, the port has to be indicated on the right side, because my PC in that moment is a Destination for other PC's which receive outgoing packets from me, right?

Hmmm
It's (normally) easier to say that for an outgoing connection your PC tries to connect to a distant port. So, it will send packet to that destination port. So for sent packets (direction PC>>Net) it is a destination port.
And finally it has to be on the "right" side (since it's mentioned "Destination (PC>>Net)..." there).

Quote:

Additionally I have another question - When I login into Windows process looknstop.exe is loading during this all my taskbar icon's looks like this one on the screen (blank). When I close looknstop.exe and start it again - situation looks the same and icons are blank/white for ~2-3 seconds, after that back to the normal. Any ideas why it happens? Is it normal? (I use Windows 7 RC build 7100, 32-bit)
Attachment 213203

Do you mean all icons in the task bar are affected ?
Are you sure it's linked to Look 'n' Stop ? I don't see how/why Look 'n' Stop will cause these icons to be refreshed.
Did you try the same test with another application which adds also its icon in the tray zone ? Maybe it's only related to the size of the tray zone which is updated when the Look 'n' Stop icon is added to the tray zone. Also you can try to hide the Look 'n' Stop from the tray to see if it makes a difference.

Regards,

Frederic

[Bob D]

Quote:

Originally Posted by cet

...My first question is ;do I need a HIPS to complement this firewall?

MHO: It depends on your risk profile. I've been using LnS for years. I have used full-blown HIPs proggies in the past along with LnS, but in lieu of the fact that:
a) I am reasonably security conscious.
b) My box is up to date / patched.
c) Browser is sandboxed.
d) I've no click-happy kids using my machine.
That said, I've uninstalled said HIPs app.s. All I'm running now to supplement my FW is the lightweight WinPatrol.

Quote:

I have been reading rulesets for Look'n Stop,isn't the default configuration enough to use?

LnS's EnhancedRulesSet.rls should suffice.

Cheers

[Creer]

Quote:

Originally Posted by Frederic

Hmmm
It's (normally) easier to say that for an outgoing connection your PC tries to connect to a distant port. So, it will send packet to that destination port. So for sent packets (direction PC>>Net) it is a destination port.
And finally it has to be on the "right" side (since it's mentioned "Destination (PC>>Net)..." there).

So if I would like to block only http port: 80 then this rule is correct?

Quote:

Do you mean all icons in the task bar are affected ?
Are you sure it's linked to Look 'n' Stop ? I don't see how/why Look 'n' Stop will cause these icons to be refreshed.
Did you try the same test with another application which adds also its icon in the tray zone ? Maybe it's only related to the size of the tray zone which is updated when the Look 'n' Stop icon is added to the tray zone. Also you can try to hide the Look 'n' Stop from the tray to see if it makes a difference.

Regards,

Frederic

It depends, one time all taskbar icons are affected other time only few or only one.
It's only connected with L'n'S, others app. which adds icon to task bar works normally.
I was unable to create a screenshot with this event, so I've created a short video clip (~7mb). Could you provide me an e-mail address to which I could send it to you?

Thanks,
Creer

[Frederic]

Quote:

Originally Posted by Creer

So if I would like to block only http port: 80 then this rule is correct?
Attachment 213222

Yes, this is correct for the port.
However, normally you shoud select only "TCP" and not "TCP & UDP" for the protocol.
Also for the IP source (on the left side) you can select "Equal my IP@".
And finally if you want to refine again the rule, for the source/local port (on the left side) you can specify the range to be "In local" (i.e. either 1024-5000 or 49152-65535 depending on the system, it is automatic).

Quote:

It depends, one time all taskbar icons are affected other time only few or only one.
It's only connected with L'n'S, others app. which adds icon to task bar works normally.
I was unable to create a screenshot with this event, so I've created a short video clip (~7mb). Could you provide me an e-mail address to which I could send it to you?

I don't think the video would help, but thanks anyway. It's more experiencing this behaviour that would help to understand why this happens.
If the Look 'n' Stop icon in the tray is hidden, does the problem occur ?
Maybe it is linked to some connections that are being blocked or delayed when Look 'n' Stop is starting. Could you try to disable the Application and Internet filtering, stop Look 'n' Stop and restart it, to see if it makes a difference.

Thanks,

Frederic

[Creer]

Quote:

Originally Posted by Frederic

Yes, this is correct for the port.
However, normally you shoud select only "TCP" and not "TCP & UDP" for the protocol.
Also for the IP source (on the left side) you can select "Equal my IP@".
And finally if you want to refine again the rule, for the source/local port (on the left side) you can specify the range to be "In local" (i.e. either 1024-5000 or 49152-65535 depending on the system, it is automatic).

Got it. Thanks again for clarification.

Quote:

I don't think the video would help, but thanks anyway. It's more experiencing this behaviour that would help to understand why this happens.
If the Look 'n' Stop icon in the tray is hidden, does the problem occur ?
Maybe it is linked to some connections that are being blocked or delayed when Look 'n' Stop is starting. Could you try to disable the Application and Internet filtering, stop Look 'n' Stop and restart it, to see if it makes a difference.

Thanks,

Frederic

When LnS icon in the tray is hidden, the issue still occur.
I disabled both Application and Internet filtering - that not helped, problem still occur. I noticed that not only icons on taskbar are 'refreshing' but also icons on the desktop.
BTW. Is there any method to 'silent' start LnS? I mean without popup LnS window.

Thanks,
Creer

[Frederic]

Quote:

Originally Posted by Creer

When LnS icon in the tray is hidden, the issue still occur.
I disabled both Application and Internet filtering - that not helped, problem still occur. I noticed that not only icons on taskbar are 'refreshing' but also icons on the desktop.

Ok, I don't know what could happen.
Probably a call to a specific Windows API is causing that, but I've no idea which one, since it is the first time we are encoutering that.

Quote:

BTW. Is there any method to 'silent' start LnS? I mean without popup LnS window.

Yes, with a -auto on the command line.
But this is supposed to be already set when Look 'n' Stop starts automatically. So usually you don't have to set it yourself.

Regards,

Frederic

[Sterno]

what is a good HIPS program