Quick question for Frederick

I would like to say that I love your firewall and am very pleased with it. I have been wondering what type of features you might be considering adding to it in the future? Some things I think would spice it up some are:
some sort of sandbox
optional ids (even if it came with no rules by default)
stronger password encryption
self protection against termination

Please give your thoughts on these.

 

Hi AJohn,

Adding pure SandBox features (I mean features not related to network activity) is not our intention at this time.
However, features like "Watch DNS calls" and "Watch thread injection" could be considered as a kind of SandBox features and we will keep improving that when possible, in order to block the remaining (and future) threats still demonstrated by some leaktests.

About IDS we don't think to implement a full IDS, some other applications (like snort) are already doing that correctly.
However, having the possibility to interface Look 'n' Stop with an IDS through plugins, and let the possibility to this plugin to add dynamic rules to block a particular connection based on IDS alerts, why not.

Password encryption is improved yet in 2.05p2.

As for "self protection against termination", this goes with password protection. Under Windows XP SP2, you will anyway have a Windows alert if the firewall is no longer running. And the feature "Keep internet filtering active" still provides external protection when the application is stopped.
Nevertheless, perhaps we will provide the same feature for Application Filtering (keep it active even if the application is stopped).

Regards,

Frederic

 

OK, I would greatly appreciate it if you could creat a plug-in that allows people to use snort or other IDS rules. I would make one but I dont code.. yet.

 

Hi all!
This would be a nice implementation, for persons having a server or DMZ! I look forward to a snort plug-in for auto-blocking/banning of intruders using snort rules... Maybe a better logging feature using XML to display blocked/banned ip's and IDS/IPS alerts!

Cu
Jazzie

 

I do like how you dont plan on packing LNS with stuff that makes it more than it should be. Some programs now days add tons of things that other programs should be left to do.

 

Also Frederick, I have been wondering your thoughts on implementing a tarpit (maybe as an addon)

 

Why would you want tarpit functionality? Just curious, since it doesn't increase your security, and it can tax your connection, and that of others (harmless, non-malicious internet background noise). Seems to me a gimmick that 8Signs is using, probably in hopes of getting people to overlook its lack of application filtering.

 

Tarpit is no gimmick; you should make effort to understand something before making absurd remarks, maybe then you’d comprehend why requests are being made.

In addition; yes it is true his firewall products don’t have Application Filtering, there are good reasons for this, obviously reasons people can’t seem to comprehend. His Firewall products however contains something much more critical (strong packet-filter), something that Look ‘n’ Stop is currently lacking. And while App-Filtering is something I prefer to have in my software firewall, I rather use something without as-long as I can be using something with very strong packet-filter, and James Grant firewalls offers this.

Regards,
Phant0m``

 

If he did grant my request and if it was made as a plug-in then you could simply not use the plug-in nameless. I personally like the idea of a tarpit and don't beleive that it is a gimmick. My reason for wanting a tarpit is it is a passive way to fight back.

 

Hi Phant0m

What is it that you think Look'n'Stop is lacking in it's packet filter?

thx

 

Geez, thanks, Phantom, for the kind reply. You'd think I launched a personal attack on your kid brother. I love it though--if someone doesn't agree with you, they lack understanding.

Feel free to explain why a tarpit is more than a gimmick, or how it would benefit a home user, or the user of a small network. I called it a "gimmick" because it does not increase the security of the computer it is operating on. The concept of the tarpit was introduced as a way to control large-scale worms, not as an add-in for a personal firewall product. It isn't intended to protect the machine it's running on, and it does not. It is supposed to protect machines other than the one it is running on.

So, for a personal firewall, it's a damn gimmick. Deal with it.

I also don't understand why you (apparently) think I can't comprehend the 8Signs product. I was just commenting that it lacked an application filter. You can't say a packet filter is more critical--that depends on how it is used. For me, the 8Signs firewall would be next to useless. I know it is good at what it does, but it doesn't do what I need it to do--at all.

Hugs 'n' Kisses

 

You are already fighting back by patching, using a firewall, and not being a target. Using a tarpit is just going to add grief to people (admittedly, mostly idiots) who are scanning without malicious intent.

My feeling on the "you can choose not to use it" is that yeah that's true, but if he spends four days developing a tarpit plugin gimmick, that's four days he's not spending on stuff that actually matters. Look at 8Signs: They have this cute gimmick--which was not even conceived to run on and protect an individual machine--but still no application filtering.

 

Not if the tarpit was used as an anti-flood, or with programs of your choice.

 

AJohn,
Can you please help me and explain what exactely a "tarpit" is and what it is good for

Thanks,
Thomas

 

check out http://labrea.sourceforge.net and www.honeyd.org