Firewall and Hardening Systems

I just thought I would check the log to see activity since Harden It was installed and that's what the log picked up. I used all recommended settings. I wonder what could be wrong?

I understand that.

Yes, that's why I wanted to install it. Now, that makes me wonder why. If you have any thoughts let me know. You can see exactly what I have enabled when you looked at the post in LNS forum about the FW log.

 

Rilla,

Since you are behind a NAT router presumably, try un-installing LnS and see how it goes, if it works out fine, you have isolated the problem to LnS, it would then be up to you if you wish to re-install LnS and give it a second try or try out other outbound solutions.

 

if LnS is the problem, is it possible that Rilla may need to configure LnS to work with a router?

 

Yes, a 2WIRE Home Portal from SBC. The log I told you about with the SYN Flood Attacks etc came from the computer with Harden-It and Windows FW installed only. LNS is not installed on this computer, it's on the other one I'm waiting to hear an answer for (were I posted the log about the FW in LNS forum) the one with LNS on it, before I put it on the other.

One computer has Harden-It & Windows FW & Secure IT

One computer has LNS & Secure-IT

Did you have to configure your router with any FW'S?

 

Hi WSFuser,

it needs some type of rule made whether it be router rules or something else. If you see my post on "Can anyone tell me what my log means" in LNS Forum you are able to see tons of entries for the router, it needs some type of adjustment. Maybe it's something as simple as me right clicking on the Router entrie in the log and allowing, but since I don't know this FW I didn't want to do that. Hopefully, Frederic will answer soon.

 

i have the same gateway. however since im just lazy, i set it up as a DMZ so i wouldnt have to worry about my p2p apps and games working. so far LnS and my internet connection have been working fine, but since u have the firewall enabled i guess that may need rules in LnS tho i dont know much.

 

Never had to make any special rules or accomodations for my router here with any other firewalls. Don't know why LnS needs any either, although I must admit that I have not tried LnS with the router here.

Frederic should have responded to your posts long ago..

 

Hi everybody,

yes Frederic answered we are still resolving.

I tested Harden It on two different machines with two different configurations. Where it asks you to choose about SYN Flood Attacks I left (2). On the next machine I chose (1) Under Heavy Attack.

Now the one where I chose (1) Under Heavy Attack the SYN Floods stopped showing up in the log, where as the other one they were showing up.

Please note that these comparisons were done with windows FW and Harden-IT only. No LNS on these. Sorry I should have posted that information before.

Just though I would throw that out there

 

Try disabling your Secure-It settings on the LnS system and see if that impacts what you are seeing in the logs.

Regards,

CrazyM

 

Rilla,

Can you tell me if you are behind a NAT router? Also do you have the router's firewall turned on and also would like to know the brand of your router including the model number of possible?

 

I will give it a try and get back to you.

Thanks

 

It's a 2WIRE Home Portal from SBC Yahoo. I guess that's considered a Nat router.

Yes, I always have the router's FW turned on. The brand is 2WIRE Home Portal from SBC Yahoo. I looked on the bottom of the router and it says HomePortal 1000SW. This Home Portal is also to communicate with wireless cards.

If you go to "Can you tell me what my log means" in LNS forum you will see everything that is enabled on my router FW.

My desktop connection is local area network with an eithernet cable going to the back of my box. The two laptops have built in wireless cards and they are set up with wireless connection.

 

So this means, all you need is outbound protection, the 2Wire is in itself quite a competent all in one solution and if you do a GRC scan without LnS, you will see you are fully stealth so my suggestion to you would be, in case you wish to keep LnS, just use its outbound app filter and turn down SPI for inbound traffic, see what happens then.

 

This router has Inbound and Outbound capabilities.

The computer with LNS has been shut down (I'm on my desktop now) until this can be resolved. It's not really a big thing, I'm just trying to understand this FW. I would like the router FW and LNS to be able to play nice, the extra layer of defence thing, that way if something does get in LNS would catch it.

SBC has been taken down by worms etc also, then that would leave me vulnerable, just seems to risky.

I don't know, maybe I'm wrong in my thinking, ha, ha, ha.....wouldn't be the first time.

And yes the puter with LNS was tested GRC and it came back completely stealthed. There is another site I wanted to test it at and I can't remember the name of it, the only thing I remember was at the end of the test it would say it recommended you to try the test again with Sygate, regardless of results.

Is there any other testing sites for the FW? Just a side note check post 133, it has been edited.

 

Hi Rilla,

you could try these sites;

http://www.auditmypc.com/

http://www.hackerwatch.org/probe/

http://www.dslreports.com/scan/

http://www.pcflank.com/scanner1.htm

http://scan.sygatetech.com/

regards T

 

Also www.speedguide.net has a good security scan as well, I would not eanble any outbound firewall on the router, would rather leave that to LnS outbound app filter but will definitely run LnS with inbound SPI disabled.

 

That makes sense about the set up you suggested. I didn't stop to think, it then would be going through two steps on the Outbound when it don't have too. It's funny, sometime's things appear to be different after ya think on it a bit.

Here's the thing, if I disable Outbound Router FW which is 95% of the options in the FW (which I don't have a problem doing) that leaves only two options left for the Inbound which is: Remote Magaement & NetBIOS and those are not enabled anyway. So I guess I'm on my own with the Inbound & Outbound, this router isn't all that, I see now.

So, that leaves three options left in the Security Module I could use which are: Stealth Mode, Block Pings, Strict UDP Session Control.

In order to set it up the way you said, I guess that's where the rules come in to play. In fact, I went to LNS site to find info about making rules and found some d/l's for rules that don't apply to what I was looking for.

Regards,

 

Hey thanks for the link T

 

While that is an option, keep in mind they are filtering at different levels.

If the router has outbound control, you can define a policy for what is permitted for all systems on the LAN. This is certainly preferable to a permit any out.

If you want additional filtering on the PC's you can use a software firewall for that.

Regards,

CrazyM

 

A software firewall allows you to control LAN pretty well with easy setting of protocols etc, a policy making firewall like NetVeda will allow further control based on content, rating etc. so consider that as well.

 

i recommend u leave the stealth and ping options checked. so that it can stealth ur ports and pass the shields up test as grc.com

 

Hi crazyM,

I know I probably confuse some people with these posts because I have three systems I'm dealing with. But, LNS is only on one (the laptop). Until I figure out how to properly configure it and it works okay, I then will purchase two more License for the others.

In regards to: If the router has outbound control, you can define a policy for what is permitted for all systems on the LAN. This is certainly preferable to a permit any out.

Thats exactly what I wanted to do, but I gathered not possible. Okay, well I know now. I will post some screen shots, so you can see what's on my end.

I did uninstall Secure It and it made no difference to LNS. Harden It is not on this specific system. Will get back to you soon.

Thanks

 

Hi WSFuser,

I agree!

 

I just went back to the post with the problem you're talking about and realized something.. I'm not sure about the others, but NOD32 uses the QoS Packet Scheduler to update (so that dial-up users don't get DoS'ed when first getting online when there's a big update, lol).. Go into the Control Panel > Network Connections, right click on your net connection and click Properties, and make sure there's a check in the box for "QoS Packet Scheduler"..

 

Yes there is Notok.