UDP non-Stealthed

[AAP]

Hello,To all

Well here i go again back to L&S ran a test
on it all was great but for this one here

UDP non-Stealthed Huh any help at all please

Good luck

Hey,Paul

[Phant0m]

Hey AAP

You can E-mail the rule-set to me and i can take a look for yea and e-mail back with the information on the culprit rule if you like...

[AAP]

Hi, Phant0m

Thanks where do i send it or how i don't see
an E-Mail anywhere let me know please but i
am safe for now Yes/No & do i copy &
send you the rules

Thank you

[Phant0m]

Hey AAP

My E-mail is in my wilders profile (Phant0m@wilderssecurity.info)...

You can send me the entire rule-set file and i'll take a gander at it for yea...

[AAP]

Hi,Phant0m

Ok thanks send it now by AAPlus

on it's way

Good luck

[Phant0m]

Hey AAP

Where did you get "UDP non-Stealthed" from?
I checked the rule-set and there is no rule except for the DHCP rule which doesn't specify the DHCP server.

[AAP]

Hi,Phant0m

It was at PC Flank


Packet' type Status
TCP "ping" stealthed
TCP NULL stealthed
TCP FIN stealthed
TCP XMAS stealthed
UDP non-stealthed

i hope this helps you or i should say help me hehe

Good luck

[Phant0m]

Hey AAP

The EnhancedRulesSet.rls (Default rule-set) you've sent me blocks these types of packets, "Block : All other packets" rule in the rule-set at the very bottom catches these packets...

Regards,

[AAP]

Hey,Phant0m

I also did a scan at Shields-up & the only
thing i got was 113 IDENT which i think is
from using Avast for scaning my E-Mail

then all is ok

Thanks

[Phant0m]

Hey AAP

For the identd rule have you configured the Identd Application for it?

[Phant0m]

Also perhaps you should configure the Identd rule with the specific E-mail server…

[AAP]

Hi,Phant0m

I have no idea how to do this hehe
any help with that please

Good luck

[Phant0m]

Do you have an identd rule Enabled?

In EnhancedRulesSet.rls the rule "TCP : Authorize Identification", is this Enabled or Disabled? Or did you create additional rules for Identd purposes?

[AAP]

hi,Phant0m

I think it is Disabled as far as i can tell
sorry not good at this

Good luck

[Phant0m]

What type of connection you have?
You have Network?
And are you using Router?

[AAP]

I am using Cable & yes i'm on a Router

Good luck

[Phant0m]

Maybe the router is listening on identd port, or possibly another computer with identd listening?

Otherwise the Online web-scan is displaying false reading, which is very common…
Try re-doing the Online Scan few times or try alternative Online web-scans…

[CrazyM]

Quote:

quoting: AAP link=board=13;threadid=15377;start=15#msg95966 date=1067052480]
I am using Cable & yes i'm on a Router

Unless you have forwarded any traffic through to systems behind the router, it is the router being tested by the online scans.

The port 113/Ident showing as closed is normal for a number of different routers. It is also not unusual for routers to have the UDP results you did. As long as nothing is showing up in your LnS logs on the system behind the router, nothing is getting through.

Depending on your router, there are usually workarounds to stealth port 113 if "stealth" is something you feel you need. As for the UDP, check your configuration options for the router and if you are runnng the current firmware.

Regards,

CrazyM

[AAP]

Hey,Phant0m & CrazyM

Ok going nut's here have no idea why this is going on
i am gething the same thing for all 7 puters all of them
give me the same thing how can this bee here it is again

on all 7 @ PC Flank


Packet' type Status
TCP "ping" stealthed
TCP NULL stealthed
TCP FIN stealthed
TCP XMAS stealthed
UDP non-stealthed

& @ Shields Up all 7 i get that
113 IDENT

oh why did i have my Boy's add this Router thing
should i just remove it or is there a way around this

now i think the UDP is a F/P you tell me guy's

Thanks have a good one

[Phant0m]

Hey AAP

Is Look ‘n’ Stop Installed on all the Network Computers?
If so you can activate the EnhancedRulesSet.rls rule labelled "TCP : Authorize Identification" and configure block & warn Flag on-it. And re-run the online web-scan and keep an eye on that rule display in Look ‘n’ Stop’s Log screen, if you see them then you are getting the Ident packets otherwise you arent...

You may just need to access the Router and check out its configurations and make modifications...

[Phant0m]

AAP you using Windows XP on any of the Network Machines?

[Phant0m]

I suppose just be easier to Forward those ident packets to Non-existing IP in your Network…

There is a bit of Information about Routers at http://www.fasttrackhelp.com/development/ftfakes/kanat/kanaten.html. For Port Forwarding Info you should visit http://www.fasttrackhelp.com/development/ftfakes/kanat/portfwen.html.

[AAP]

Hi,Phant0m

No i just have L & S on 3 of the puters i think
the problem is on my end like you just said
i may need to check the Router i need to get this
done before they go & install some other toy

each time the add something it's more work
for dad not good well you have a great weekend
i am on my way to that link you posted then
have a look at the config of that Router thing oh boy

Thanks for all your time & help

Hey,Paul

[AAP]

Hey,Phant0m

I got it fixed i just had a look at that link
you posted for me & did as was said &
all is good now you have a great weekend

& once again thanks for all the help

Good luck

[AAP]

Hey,Phant0m

There is one thing i forgot to add why am i
not gething a Logfile when i look at the option
for Log in L & S

Thank you