Phant0m`` Rule-set $v3.0 *NEW*

Phant0m`` Rule-set $v3.0 *NEW*


Phant0m`` Rule-set $v3.0 has been released; few additional Enhancements.

http://www.wilderssecurity.info/Phant0m.shtml

Enjoy!

Note: Any Questions regarding Phant0m`` Rule-set $v3.0 don’t hesitate to post in this topic, Thanks!

 

Thanks!

 

Were's mine?

 

Hi Phantom,

Thanks again for your help and support. I just downloaded the 3.0 version of your rules and applied them and I also have one question. The anti-mac spoofing and dns-allowed-1, I noticed that the rule is not enabled by default after loading the ruleset as it was in the ruleset 2.0. Is this correct or do I need to enable it after I enter the appropriate info? Thanks.

 

Hey PikeDude

Thanks!
I apologize; yes those rules show at http://www.wilderssecurity.info/Phant0m.shtml requires modifications before activation. I will make some updates to that page to provide better Information in the near future, been trying to get so much finished in such short time…

 

Hi Phantom,

Sorry about the previous thread, I just noticed where it says rules to be configured and ACTIVATED. My mistake.

 

LOL; It's OK

 

Phantom, keep them coming as they sound like a good example, when LnS 2.05 comes around I will have to take a look at your master ruleset since I didn't get a chance to view it when I had LnS 2.04 installed

 

Hey BlitzenZeus

I don’t think there be anymore updates to the Phant0m`` Rule-set, at least not until Look ‘n’ Stop v2.05 release. Then you can be ensured that I’ll have quite a bit of work to-do…

 

Hey, when that comes around there isn't a great deal of change, just more restrictions per application, and that is much harder to make pre-made rulesets for unless you keep them in the old LnS packet filter style.

However CrazyM, and I are just a couple people who can provide examples for you if you are looking for any to add to your collective of information

 

Hey BlitzenZeus

I wasn’t in reference to making rule-set changes; I was in reference to many more user Questions on the forums and my E-mails.

 

i discoveredd LnS yesterday, it is the best firewall i have ever used, smallest footprint, just for experiment i ran it together with Kerio, LnS was able to stop Kerio, but Kerio didnt notice the present of LnS, i like it although i dont really know the implication of this test.

ok, my question is who should use Phant0m`` Rule-set $v3.0? currently i m using enhancedruleset and it gives complete stealth to all the test i throw at it. i m happy, should i change to Phant0m`` Rule-set? its' instruction seems complicated enough.

thx.

 

Hey wong

Phant0m`` Rule-set $v3.0 can be used by Dialup, xDSL and Cable+ users, whether their on the Gateway or Client Machines or… Online web-scans don’t cover ALL aspects; and even though EnhancedRulesSet.rls is extremely strong compared to most rule-base Software Firewall Default rule-sets, you should at least do some exploring at some point (better sooner then later?) and gather kn0wledge throughout the trip so you yourself could possibly build your own rule-set.

I apologize the Instructions seems complicated; I just renewed the page yesterday and I was more focus on trying to keep it basic and get it publicly released, I will in the near future update the page to be more efficient. In the meantime I’ll see if I can explain this;

You have listed rule(s) which needs modifications & Activations; for “+Anti-MAC Spoofing” rule you need your Adapter Address shown by Winipcfg (Win9x/ME) and WntIpcfg (WinNT/2K/XP) an separate Utility or IPCONFIG (Using; IPCONFIG /ALL in Command Prompt). There are images with RED coloured circles in them to show you which area needs modifications; DNS-Allowed-1 rule needs the Primary and Secondary DNS server addresses which you can get using the mentioned utilities, and UDP-0+: BOOTP / DHCP, UDP-0-: BOOTP / DHCP rules need your DHCP server Address which you can get using the mentioned utilities…

It would be recommended before “Loading..” up the rule-set that you get the Primary and Secondary DNS server Addresses and DHCP server Address if exists for your type of connection.

Regards,

 

one question:

On ipconfig /all I get as dns 10.0.0.2 but I know the isp's dns as they were give to me. Which ones do I use??

Ruben

 

Assistance being provided for this situation currently over MSN…

 

Hey wong

I’ve made modification to the Master Rule-set page to provide better Instructions, I hope you can take a gander at the Master Rule-set page http://www.wilderssecurity.info/Phant0m.shtml and comment on-it...

Thanks!

 

All right. French language here, so I apologize.
Panth0m.. I did the modifications about the DNS servers, but what's the difference even if the new rules are activated now?
I had no problem before to access the Web.
Do I need to add a rule after to block something ?

 

Hey Siddhartha

Would you happen to be a Dialup user or?

It’s not necessary to add rules to block anything unless you want specific labelling, or wanting to block without warning common and annoying attempts…

 

Thank you for you reply Phant0m.
I use a Cable connection.
OK... not necessary to add rules to block something.
But tell me; why do we need to add rules for the DNS servers ?
Like I said, it was not a problem for me to surf on the Web without it.
Hmmm?
Why do I need DNS rules ?

 

Hey Siddhartha

If you in reference to using Phant0m`` Rule-set $v3.0 without activation of the DNS rules then I find this quite interesting considering DNS is constantly required to resolve and without it Communications to the Outside would be impossible. This makes me wonder if your Packet Filtering Layer is properly functional in Look ‘n’ Stop?

If you set warning flag on “TCP: Allow” rule and refreshed the page, do you see the TCP Uplinks, and Downlinks?

 

Maybe I do something wrong about the DNS servers.
Look here:
http://pages.infinit.net/delta1/WntIpcfg.jpg

When I click in the black square, I see 3 DNS servers available. But, no primary or secondary servers.
I don't need rules maybe ?

 

Hey Siddhartha

If you in reference to the usage of Phant0m`` Rule-set $v3.0 without activation of the DNS rule, then I find it quite interesting. Try visiting a website you’ve never been too before, while DNS-Allowed-0 rule is kept non-active.

If you capable of loading a page from server you’ve not been too before then I would have to assume your Packet Filtering Layer is not functioning properly on your System.

-

Alright what you see right off hand when accessing that area is the Primary DNS, when you click on the square then the Secondary DNS server becomes visible, and you click on the square again and a new DNS server shows then that’s your third and so on…