Ruleset.

I can't buy Phant0m's ruleset, I'm poor, I'm only using trial version of LnS.
can anyone share a few rules to improve the default enhanced ruleset in LnS?

What's this Anti-IP Spoofing? can somebody share me ruleset for this?

Another question... If Anti-Flood setting in LnS is checked does it increase protection?

 

Something like Phant0m's ruleset should come with the program.

 

It is to help prevent another PC on the LAN from pretending to be your gateway. In most cases such a rule is not really needed.

The rule can be found here http://looknstop.soft4ever.com/Rules/En/ARP-AntiSpoof.rie

Copy the text and save it as an .rie file so you can import it into L`n`S. You will need to edit the rule to enter your gateway MAC and gateway IP (info as to where that info is added can be found within the rule when you edit)

This is the rule edit window after import, read the instructions shown in the description window.




- Stem

 

that looks so complicated.

 

That's another great example to see the power of L'n'S, it's very configurable and powerful software firewall, you can do with them almost everything in terms of networking/firewalling of course only if your knowledge allows you to this

 

Does that mean you are not adding the rule, or does that mean you would like a step by step guide on how to add/edit the rule?


- Stem

 

I want a step by step guide.
like how I get Gateway IP/Gateway MAC

and if possible a manual configuration to achieve the same level of security from Phant0m's ruleset

 

We will assume that your gateway info as not been compromised.

Gateway IP can be found by using the command(dos) window.
(In XP) Go to Start-> Run-> (type in the popup window) CMD. That will bring up the command(dos) window. (In vista/win7 I believe you go to the start menu and you will find a shortcut to the cmd window).

In the command(dos) window type IPCONFIG /ALL you will be shown a list of your current interfaces. Find the one that shows your current IP, there you will find an entry for the current gateway IP.

Once you have the gateway IP, in the command window type ARP -A that will show a list of the current ARP cache and the gateway IP should be there with its MAC address (if there are no entries, then connect out with your browser)

I do not know what it in that ruleset. You can add pre-config raw rules for such as DNS/DHCP which will add security as they also check the ID numbers of the replies.

Direct download link for those rules:- Edit: See this post. https://www.wilderssecurity.com/showpost.php?p=1838024&postcount=13

Also in those rules are raw rules for ARP/ICMP

EDIT. here is the ARP antispoof raw rule: Edit: See this post. https://www.wilderssecurity.com/showpost.php?p=1838024&postcount=13


Add the DNS and DHCP rules and just disable the current rules for DNS/DHCP (The DNS/DHCP raw rules need no editing). I say just disable the current rules for DNS/DHCP, just in case there is a problem, if there is, then you can just re-enable them.

- Stem

 

To edit the ARP antispoof rule:-

First you will probably need to download the raw rule plugin:- http://www.looknstop.com/En/plugin.htm

Place the plugin into the L`n`S folder, then open L`n`S -> options tab-> Advanced options-> select "Plugins" and enable the raw rule plugin.

Load/import the ARP antispoof rule into the Internet filtering rules. Once imported double click the rule which will bring up the edit window.


pic01 shows entry of mac address

1:- select field 2
2:- change to "Hexa Byte-split"
3:- enter the mac address (when entering, use a "."(full stop) in between the hex numbers)


pic02 shows entry of gateway IP

1:- select field 3
2:- change to "Decimal Byte-split"
3:- enter gateway IP



If you find yourself being locked out of internet access, disable the rule and re-check it.(and dont shout at me if you mess up )


- Stem

 

[!Stargazing=]
Mhh, wouln't be too nice to have at hand a kinda LnS tweaking tread opened by this skillful guy up there...
[/Stargazing!]