LNS from Outpost

I'm an outpost / Zonelabs user thought I'd give LNS a try.

I have loaded it - seems light and functional.

I haveloaded the enhanced rules and turned on Stateful inspection, Advanced mode - didn't notice a change, DNS watch and THread injection.

A number of applications have now asked for access - they appear to be able to do anything that the global rules allow.

In the application window I can select app and then edit it appears to allow pos to add restriction to particular apps - the dialogue is not very informative? Do people add extra per app restriction or rely on the packet rules. I noticed some rules for apps like p2p not svchost etc.



I did load Phant0m's v6 rules but they blocked Proxitron and Firefox? not sure why.

 

i personally just rely on packet rules. also for phant0ms ruleset make sure u correctly set the dns and dhcp rules. i have hardened my windows xp and i have nod32, ewido and regrun so i doubt id get easily infected or hacked.

 

THanks - I see my error no name or ip resolution

Your config sound very like mine - adding Proxitron + PG

I'm gonna try some leak test a bit later

 

Not sure how good these test are
http://www.atelierweb.com/awft/
From Site
One: Attempts to load a copy of the default browser and patch it in memory before it executes. Defeats the weakest PFs.
Two: Creates a thread on a loaded copy of the default browser. Old trick, but most firewalls still fail.
Three: Creates a thread on Windows Explorer. Another old trick, but almost every firewall still fail.
Four: Attempts to load a copy of the default browser from within Windows Explorer and patch it in memory before execution. Defeats PFs which require authorization for an application to load another one (succeeding on Technique 1) - Windows Explorer is normally authorized. This test usually succeeds, unless the default browser is blocked from accessing the Internet.
Five: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, loads a copy and patches it in memory before execution from within a thread on Windows Explorer. Very difficult test for PFWs!
Six: Performs an heuristic search for proxies and other software authorized to access the Internet on port 80, requests the user to select one of them, then creates a thread on the select process. Another difficult nut to crack for PFWs!


But with Phant0m's v6 rules - Stateful inspection on - DNS watch on and Injection on LNS passed all

Outpost did not pass test 5 on my system - component contro lset to Normal - I guess it would pass on Max. Not tried as Process Guard or Appdefend block this test


Quite a few of Phant0m's v6 rules are not active by default any guidance on which to turn on or I guess not - would be appreciated .......they are quite difficult to understand

 

Another problem with Internet filtering enabled with any rules set I cannot post at Wilders - the submit button does not complete

Any Ideas what this could be - seems to happen with direct or proxy based connections

 

Perhaps an issue with fragmented packet which are blocked.
Is there any information in the log about the packets that are blocked ?

Frederic

 

Yeh - a reboot fixed the problem drove me mad for about 30 mins

 

I don't think that I have the DNS and DCHP rules correct yet and help with the above would also be apreciated.

 

the way i set those rules is this: i go to the start menu, click on run, and type "cmd" and press enter. at the prompt i type "ipconfig /all". DHCP Servers are for the BOOTP/DHCP rule (i only have one rule enabled), DNS servers are for the DNS-Allowed rule, and Physical Address is for the Anti-Mac spoofing rule. also remember to enable the rules (green checkmark)

 

Thanks I followed these instructions - works well now

https://www.wilderssecurity.com/showthread.php?t=115785