i have been puzzled by LNS SPF with eMule

Discussion in 'LnS English Forum' started by lns, Jan 4, 2009.

Thread Status:
Not open for further replies.
  1. lns

    lns Registered Member

    Jan 4, 2009
    lns firewall is so good that i love deeply。this is the first time i want to ask for advice about LNS firewall,hope someone people can help me,thanks.

    i read office's SPF-Rules-1.01.rie rule.i got know something about SPF.
    this rule have some rule as below:
    udp: spf ntp Req
    udp: spf ntp Rsp

    all of four rule. each UDP rule is send a reqeust datagram outgoing and accept
    the incoming datagram which match the SPF rule. what that is mean you must be send datagram to remote machine?

    and here ,i have a trouble with eMule protocol. i know eMule use TCP port and UDPport to listening. in case of ,i customize TCP and UDP port both is 12345. this port 12345 is listening to remote machine to connect my own's,is it??

    so, i write two eMule rule:
    1: eMule connect Ed2K (TCP)
    2: eMule listening Port 12345 to KAD(TCP and UDP)
    sorry i can't upload pic.

    for more safe ,i modify the second rule with SPF,and now the trouble is coming.the eMule listening UDP port 1234 was to connected by other people,this is mean other people first send datagram to me ,is it?? or i first send datagram to other people??o_O

    i according to LNS SPF-Rules-1.01.rie modify eMule UDP listening 12345 as beow:
    eMule listening Port 12345 to KAD(UDP) SPF Req
    eMule listening Port 12345 to KAD(UDP) SPF Rsp
    (sorry ,i can't upload the pic)
    Initialization,i set SPF option IPV4 timeout=6000.
    i checked many times and think of that no problem. but in the log windows here many many UDP datagram with port 12345 by stop.

    when i set timeout=60000 ,here is no log to appear. but 60000 = one minute .

    one udp datagram must wait for one minute to get respond, is it too long ??o_O
    when i set timeout=6000, the eMule's KAD can connect and run ok,and i get HighID,but the log windows such many rule by stop that i can't belive in .
    when i set timeout>20000, here little ruel by stop,when i set timeout=60000,here seldom rule by stop.

    i have been puzzled by LNS SPF with eMule,why a udp respond datagrams have so long.o_O

    i hope someone can give some advice ,i already don't how to works.:oops:
    the important is two :
    1:who first send datagram when i listening UDP port?
    2:how to set eMule UDP SPF rule accuratly and no log appear in log windows?
  2. Frederic

    Frederic LnS Developer

    Jan 9, 2003

    SPF rules are only for client mode normally, not for server/listening mode.

    The principle of SPF rules is to allow an incoming packet only if the PC has sent first a packet to a remote machine.

    For a listening connection, you just have to allow the port to listen to, with a standard rule. SPF rules could not bring more protection there.

    The remote side will send first a packet for a listening connection.


  3. lns

    lns Registered Member

    Jan 4, 2009
    hi,Frederic.thank you reply ,i already understand. very thanks.

    and here ,by the way,i want to ask you a question for some advice about UDP server rule.

    when i use some p2p sofeware ,usunally open one TCP port and UDP port to listening remote machine to connect my own's to upload data.
    for TCP ,its reliable connection-oriented service,so i can set SPI to check safe connect.

    but for UDP,its not reliable connection-oriented service.no no SPI check.anyone can connect my machine and sniffer it. here,i just now know UDP protocol SPF rule is only for client mode normally, not for server/listening mode.what can i use some way to protect my machine with UDP server rule ,even if just i open one UPD port?
  4. Phant0m

    Phant0m Registered Member

    Jun 7, 2003
    UDP is connectionless IP protocol, and while it's very possible to create UDP SPF rules to handle initiating packets from the remote machines ... I don't think there'll be a great benefit with regards to p2p software.

    Your computer is only as secure as it's weakest link, if your p2p software is vulnerable ... now that's to be worried about. Ensure you keep your p2p software up-to-date from it's official p2p software site.

    Packet sniffing usually done from within the network, do you belong to a network of two or more computers belonging to others? ;)
Thread Status:
Not open for further replies.