Help with LooknStop

Just installed LooknStop and tested on PcFlank.

For results & my configuration, see attached screen captures.

What changes can I make to stealth these ports and pass PcFlank's tests?

Thanks...

 

Configuration here:

 

Hi darksky,

My suggestion is that the network interface is not correctly selected in the options.

Could you check that PCFlank gives you the same IP as Look 'n' Stop (in the Welcome page).
If not, try to change the network interface (don't forget the Apply button).

Otherwise you can the enhanced ruleset.

Regards,

Frederic

 

Frederic,

Thanks for your reply -- I double checked and verified that yes, the same IP address does show up in LooknStop as in PCFlank.

I found a link on the website for an enhanced ruleset, however when I try to save and import it, LooknStop does not recoginize it.

The ruleset is at:
http://looknstop.soft4ever.com/Rules/BloqueConnexionsTCPEntrantes.rie

The page comes up, but when I save it - it does not save in an importable format.

What ruleset should I be using to stealth these ports?

PCFlank reports:
If you have a firewall, check if it is set to make all your computer ports invisible (hidden). If it is, then it failed miserably...

 

Hi,

I use LnS with the enhanced ruleset(available besides the standart ruleset in LnS so you don't need to import one from the site) and I passed the PCflank test with flying colors.

Hope this can help

 

http://www.looknstop.com

Go to the dowload section.

Have a good night

 

Unfortunately, even the enhanced ruleset is failing the QuickTest on PCFlank.

See new thread at:

http://www.wilderssecurity.com/showthread.php?t=6720

 

Are you sure you are not running any process that could leave these ports open even with LookNstop installed ? Have you also check that you have the right Network Interface selection in Option ?

I've went to pcflank and everything is all green. ( Might you have alterd the rule set ? )

 

Re: Network interface selection, yes I've checked and it's correct. As for altering the rule set, no - it's the Enhanced Rule Set, unaltered.

As for another process - it's possible. But as those processes started, I simply chose the default authorizations through LooknStop... Example, my antivirus - I chose to authorize it's attempt to autoupdate itself. Those are the kinds of authorizations I've made using answering yes to LooknStop when it asks if I want to allow it. So why would that cause LooknStop to not stealth port 80 I ran the same processes and made the same authorizations using SyGate and it remained stealthed and bulletproof on every test I ran including PCFlank. Yet LooknStop repeatedly fails.

Is there not some simple rule I can import that'll stealth Port 80 and yet continue to allow me surf the net? Must be something I can do?

Thanks.

 

I don't know why your port 80 is not stealth when if should be. But I beleive that when your browser is open at PCflank and you test it, it shows activities cause it's open ( It normally should still show stealthed..... why I don't know. ) On the other end, you might be running a proccess wich opens port 80 and that LookNstop doesn't see ?!.

In wich case, I would recommend a complete uninstall of LookNstop and reinstall a clean copy. ( Unless that's already be attempted )

( Even with the default rules set it should show that everything is stealthed )

 

No, I really am not running any process that should be preventing port 80 from being stealthed. Running an advanced port scan shows port 80 is closed but not stealthed -- all other ports so far show stealth.

LooknStop should stealth this port or there should be some simple way to do it, but so far the solution is proving difficult.

I'm pretty disappointed, I'd read good things about LooknStop. I still think there must be some rule that could be added to correct this.

 

When you are doing the PCFlank test, could you confirm you have anyway a lot of alerts in the logs ?

I don't think this a rule issue. Normally even the standard ruleset is able to block this port.

Did you try the GRC test, the port 80 is also scanned there:

https://grc.com/x/ne.dll?bh0bkyd2

Thanks,

Frederic.

 

I would consider having yourself scanned elsewhere then PCflank ( it has been known to have a few bugs )

Try the GRC website http://www.grc.com/

and the Sygate scan too......... you might see something different.

 

Darsky, which OS do you operate and which LNS version ?
Also do you run a server on your sys or an application such as FrontPage that has built in server ?

 

Hi,

I'm my OS is Windows XP Pro, service pack one.

My LNS version is: 2.04

I am not running any servers (no FrontPage), or any app with a built in server that I'm aware of.

I have scanned on GRC and it shows Port 80 as stealthed...HOWEVER, the reason I'm concerned is this:

I've run repeated tests on PCFlank with SYGATE and it ALWAYS shows as full stealthed. Running PCFLank with LookNStop repeatedly shows Port 80 as closed but not stealthed. (SYGATE's been completely uninstalled).

With LooknStop, my port 80 is blocked, but I can't seem to stealth it on PCFLank and my concern is that it's seeing a vulnerablity that GRC is missing.

 

Honey ! If GRC doesnt SEE it then there's nothing to worrie about. PC Flank has been know to cause bogus false alarms in cases.

 

Yes, it is not the first time port 80 is seen closed instead stealth by PCFlank:
http://www.pcflank.com/forums/showthread.php?s=bd45672961b1be7dbb7d935412a6cf51&threadid=82&highlight=look+pcflank

(see the 3rd an 4th posts).

However I don't explain why Sygate could report the port as stealth in the same time.

Frederic

 

Well, if you go to my website and to the firewalls page, i've listed many sites were you can have your sys scanned. If no others show port 80, then you will know it's an anomaly at pcflank