LooknStop Fails Test

darksky · #1 January 26th, 2003, 04:25 PM

Activated LooknStop and imported the Advanced RuleSet. Tested against PC-Flank - even on QuickTest, it failed to stealth Port 80.

Ruleset attached, what can be done to stealth this port??

darksky · #2 January 26th, 2003, 04:27 PM

See PCFlank Test Results below:

Klaude · #3 January 27th, 2003, 04:04 PM

Quote:

what can be done to stealth this port??

Create a rule to block port 80.

Klaude · #4 January 27th, 2003, 04:11 PM

In your "Internet Filtering List", looks like...

Frederic · #5 January 27th, 2003, 04:25 PM

Would be interesting to select the http://www.looknstop.com/Fr/images/faq_look.gif as well to see if the packets are seen and not blocked, or not seen at all.

Frederic

SKA · #6 January 27th, 2003, 09:20 PM

Where shud such a rule(Block 80) appear be in the list of advanced rules ?

SKA

Klaude · #7 January 27th, 2003, 11:16 PM

There's no rule to block the port 80 in the advanced rules set I think. So you need to create one if needed, and you put it "at the top" of the list if you wish.

MickeyTheMan · #8 January 28th, 2003, 12:49 AM

Darksy, any reason why you deactivated rule 4 & 5 ?

MickeyTheMan · #9 January 28th, 2003, 12:58 AM

Quote:

quoting: Klaude link=board=13;threadid=6720;start=0#45120 date=1043727378]
There's no rule to block the port 80 in the advanced rules set I think. So you need to create one if needed, and you put it "at the top" of the list if you wish.

http://itsec.commontology.de/firewalls/lns/block%2080%20outbound.gif

That rule is really to prevent EDexter, spyblocker and similar apps to send out info, which they shouldn't in the first place

BTW, That site is a good place to learn about rules http://itsec.commontology.de/firewalls/lns/lns-rules.html

darksky · #10 January 28th, 2003, 01:15 AM

Added rule for Port 80 - still, LooknStop is failing to stealth port on PCFlank's QuickTest. See below

darksky · #11 January 28th, 2003, 01:16 AM

See below

darksky · #12 January 28th, 2003, 01:17 AM

Still failing to stealth on QuickTest of PCFlank...see test below:

Klaude · #13 January 28th, 2003, 08:37 AM

Weird.

Like Frederic said, select the ! to see if the packets are seen and not blocked, or not seen at all.
Check your logs after...
Did you try the test elsewhere ?
Use the "Advanced port scanner" at PCFlank just to scan ONE port, 80 in your case. Same result ?

darksky · #14 January 28th, 2003, 01:28 PM

Hi,

I selected ! and re-ran the test...

My stats are below:

Thanks....

#15 January 31st, 2003, 02:11 PM

Post your logs, I am guessing your ISP is blocking port 80, meaning your port 80 is not being scanned, your ISP's port 80 is being scanned instead of yours.

Look in your logs, do you see a scan on port 80? I think not.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search