New 2.06p2 version

Hi All,

I'm pleased to announce this new version 2.06p2 of Look 'n' Stop.

Here are the links:
English release for Win32
English release for x64
French release for Win32
French release for x64

This is a beta update with the following content:

Added:

• Addition of new SPF (Stateful Packet Filtering) rules. These rules verify packet exchanges for simple connectionless protocols (UDP, DHCP, ICMP-Echo,…). These rules are created with the raw rule edition plugin, but can be imported and used without the plugin.
• Vista: Look 'n' Stop is now recognized by the Windows Security Center.
• The setup now includes the installation of the VC++ 2005 runtime libraries (when required).
• A new "Applications…" menu is added when right clicking on a rule to select the applications which enable the rule (this is for rules created through plugins)
• ICMPV6 is now handled when creating a rule from a log entry
• A hidden option (in the registry) allows to block all traffic before Look 'n' Stop application is started (Reg file here).

Changes:

• When opening the Packet Content dialog box (by double clicking on a log entry) the right plugin able to decode the packet is now called. If no plugin can decode the packet the standard dialog box is used.
• Packet display plugins can contain Previous/Next button like the standard dialog box.
• In the rule edition dialog box "equal 1" and "different from 1" for the Fragment offset field are removed (because they are not relevant).
• When an application associated to a rule is removed, the rule becomes disabled (if the rule is still associated to another application), waiting for a new connected application to enable it.

Fixes:

• ICMPV6 handling in rule edition dialog box was not correct.
• Hyperlink opening the help file were no longer working in 2.06p1
• A crash of the application could happen when entering an old 2.05 serial.
• Rule import from a web link or by double-clicking a .rie file was no longer working with the 2.06p1

For the new SPF, additional resources are available:

- some basic rules for DNS, DHCP, Ping, NTP (plugin not required to use them):
http://looknstop.soft4ever.com/Beta/2.06p2/SPFRules/SPF-Rules-1.01.rie

- the plugin to create SPF rules:
Win32: http://looknstop.soft4ever.com/Beta/2.06p2/Plugins/Win32/PluginEditRawRule.dll
x64: http://looknstop.soft4ever.com/Beta/2.06p2/Plugins/x64/PluginEditRawRule.dll

- some (very) technical explanations on SPF rule creation:
http://looknstop.soft4ever.com/Beta/2.06p2/Plugins/SPF-Info.HTM


You can report any feedback and problem here in this thread.

Thanks,

Frederic

 

Working Great on Laptop with Vista 32bit!

Thanks,

TH

 

Hi,

Still need to be update on website.

 

Hi ankupan,

The web site won't be updated since this is a beta release so far.
Only if this version is working well with no major issue, we will update the web site with it.

Regards,

Frederic

 

Thank you Frederic

I fear that I will not have time to test it before Christmas, but from the 25th. of Dec. on I will give it try...

Thanks again for this Christmas gift

Thomas

 

Hi

I installed LnS with EAV and both are working great and excellent products.

 

I checked for this registry location/entry and could not find it. Is this option really hidden? Do I have to manually create it?


Peace & Gratitude,

CogitoErgoSum

 

Looks like you have been hard at work. Good job and I look forward to the final

Why not give the option in the GUI somewhere next to the run as service checkbox?

You need to download the registry file Frederic provided and then run it and hit yes to import it into your registry.

 

Hi CogitoErgoSum, AJohn responded.

AJohn, If it was to be added, it would be placed in 'Advanced options' - Miscellaneous section...

heh... I'm always looking forward to the betas, they always so carefully tested that very little gets by! They practically stable releases!

 

Hello AJohn,

Thanks for the tip.


Peace & Gratitude,

CogitoErgoSum

 

When I add applications for a rule , found this:
I add \"e:\\Softs\\tm2006\\tmdlls\\TM.exe\" and \"e:\\Softs\\TM2008\\Bin\\TM.exe\" for a rule, but LNS only accept one of them.

Does a rule can only accept ONE filename ? (not by full path?)

 

Hi AJohn,

So far, this function is experimental, for advanced users. I don't know yet if it will be included in the GUI.
The problem is it really blocks everything until Look 'n' Stop is started. So in case Look 'n' Stop can't be started (for an unknown reason) a standard user will be a bit lost.

Frederic

 

Hi kuoro,

Do you observe a change there with the 2.06p2 ?

Yes, if the base exe filename is the same only one is required in the Internet Filtering rule selection.
The rule will be anyway allowed only when the Application Filtering allows the application to connect. The application filtering is checking for the full pathname. In other words, if one of the two TM.exe is allowed and the other one blocked in the application filtering, the rule will be enabled only when the allowed one will connect.

Regards,

Frederic

 

The way a few other firewalls implement this is by allowing things rules are already made for and blocking everything else until the GUI is initialized. Would this be possible for Look 'n' Stop?

 

This is not possible currently, because only the GUI is able to interpret ruleset.
Having the driver at boot time loading a ruleset and applying it, is another more important feature.

Frederic

 

I understand some features can take more time than others to implement and I am very happy to see the boot time protection at all, but I am wondering; Do you plan on implementing boot time rule-set application anytime in the future?

 

Hi Frederic,

Finally I also installed the latest 2.06p2 on one of my WinXP-SP2 (32bit) systems.

It perfectly installed and runs like before (no problems )

So, I wanted to try the new SPF and downloaded the additional resources (your basic rules for DNS, DHCP, Ping, NTP (plugin not required to use them).

Well, I can import these rules, but when I open them with my already installed raw editor, all fields inside seemed to be empty What does this mean? Should I use the rules without any editing (like entering specific IPs/ports or the IP for my DNS servers?)

What about the previous DNS and DHCP rules? Should I delete those ones?

Thanks a lot for help,
Thomas

 

Hi Thomas,

If you want to edit the rules, you need the updated version of the plugin (the links are in the 1st post).
You don't need the plugin, only if you just want to use the rules without editing them.
Note that there is no hardcoded IP/MAC address inside these rules, so there is normally nothing to edit, expect if you absolutely want to precise the remote IP address.

Yes, all previous rules could be normally deleted, but I suggest you keep them and you simply disable them. Or better: you can have them set to block and alert, so in case the SPF rules are not working, or in case a strange packet is received (and thus properly discarded) you will see the packet.

Regards,

Frederic

 

I will do that only if the current "blocking all" solution is too restrictive and if this will be a way to solve this issue.

Frederic

 

Frederic,
now it works, thanks for your reply

As you mentioned, there is no option to add a specific IP address in the window to edit the rule
Maybe I am paranoid, but so far I always added specific IPs for DHCP and DNS server(s). Do you think, it is not necessary or "security overkill"?

Maybe we should open a fresh thread on these new SPF-rules and also on other possible/unpossible rules with the new SPF feature

Hey, what about you other LNS users? Are you all using the "PhantOm-takes-care-of-it-full-paid-version"

Thomas

 

I am using Phant0m's Ruleset, paid version--simply because I like LnS, have been using it for a long time, and I do not know enough about formulating my own rules. So, I'd rather trust an expert to devise a really great ruleset for me!

 

It is not proposed by default, but you can add a new field anyway (it is necessary for the Req packet only).

If you can, it's better to add it in case an application bypass the Application Filtering and tries to contact a remove server (which is not your DHCP or DNS) by using a DHCP or DNS packet.

Frederic

 

I can't install this...where can I get a copy of the new rules?

 

If you can't install the new version, you won't be able to use the new rules
Why can't you install the new version ?

The new SPF rules are available here:
http://looknstop.soft4ever.com/Beta/2.06p2/SPFRules/

Frederic

 

What do the new rules do exactly?

And the answer to that is I have to download "something" before being able to install it. Something probably being an windows update that isn't critical.