Hi, Looking only at the incoming protection side of LnS (I'm more than happy with it's outgoing facilities) I'm trying to understand how well protected I am using the Enhanced Ruleset. 1) If I just leave well alone now, is it sufficient? (i.e. using LnS as a 'set-it-and-forget-it' firewall. ) 2) What potential threats are still likely to get through the enhanced rules ? 3) If I can get a hold of them should I be looking at using something like Phant0ms rules instead? 4) I wonder how running LnS like this compares to something like Sygate where it's equivalent built in rules are hidden from the user? Many thanks SimonW
On a well patched windows computer, LnS with enhanced ruleset is quite effective. Putting LnS (w/ enhanced ruleset) on an unpatched system, you will likely still encounter messenger spam and possibly some worms that exploit window vulnerabilities. You will be very well protected if you keep windows updated, disable unneeded window services, use LnS (w/ enhanced ruleset), and use a router (w/ NAT) if you have broadband. And then there is AV, AT, and other software, but that probably goes beyond the scope of this thread If you are using dial-up you may want to try Phant0m's rule-set. I found it to be a very ideal solution for dial-up and IMO much easier to setup than the broadband configuration. However, I saw no real advantage of using Phant0m's rule-set over the enhanced rule-set, when I am behind a NAT router. As the router will filter most inbound traffic.
rerun2, Yes, I'm behind a NAT router. PC's are fully patched, NOD32, ProcessGuard etc. so no worries there . One of my machines, a laptop, will sometimes be taken out of this environment though - hence the question really. Not being a firewall expert, just wondered how LnS stacks up against the competition for when I'm out and about...
Not had a great deal of response so I might post the above question - 'how does LnS stack up against the competition for incoming protection' in the other firewall forum to get a feel for peoples views. It seems to me (probably wrong here... ) that their are plenty of outbound tests (many of which are listed on gkweb's excellent site) but other than the standard stealth tests (checking ports are hidden/closed etc) nothing much else for doing incoming testing...
I find it is very secure. Getting stealth on all UDP, TCP and ICMP tests. If you see a hole, *poof*, you can make a new rule in a few seconds ^_^
Look 'n' Stop contains a true packet filter, so it is normally very effective. Additionally, if you don't use P2P applications, you can activate de "TCP Stateful Packet Inspection" feature which provides another step in security. Frederic
Thanks for the response guys, Personally I believe Look'n'Stop to be just about the best firewall there is - I'm just trying to be objective about it though!!
GRC Port Authority Report created on UTC: 2004-06-13 at 03:28:41 Results from scan of ports: 0-1055 0 Ports Open 0 Ports Closed 1056 Ports Stealth --------------------- 1056 Ports Tested ALL PORTS tested were found to be: STEALTH. TruStealth: PASSED - ALL tested ports were STEALTH, - NO unsolicited packets were received, - NO Ping reply (ICMP Echo) was received. >---------------------< Even when I'm connected to an eMule server, and I have a high ID, no-one can come through the port! Attached: My rule-set. Based on Enhanced rule-set included with LnS. I am on a network, and feel free to chane anything. Remove ".txt" from file-name!