Customizing LnS?

I've just installed LnS for the first time, and am looking how it works compared to the one I'm used to using. I could use guidance on how to make it behave the way I prefer:

1. How can I make a rule to force applications to ask permission every time they wish to connect not just the first time? I never allow applications blanket access based on a one time only request, I need to be asked every occasion without fail. I trust nothing enough to grant it access forever based on one request, to do so is a threat to security.

2. How do I block out specified IP ranges and domains? I face constant probe/bombard attempts from a certain invasive German ISP and others, which I have locked out by their IP ranges in my current firewall. So how can I achieve this with LnS so they are forbidden access no matter what protocols or ports they use?

3. How do I add specific ports to a blocked list? I have built up an extensive list of these, and wish to do it as I always have? How would I block ports "on the fly" which is my response if a previously unblocked port gets a stream of scans/probes? My rule is - scan that port too much I will lock it up. I never accept the rule of "these ports are generally safe", it is a foolish notion because nothing is safe enough to give blanket trust.

 

Hey Yorkdale

Absolutely nothing wrong in asking for guidance…

Question #1: If you in Reference to Application Filtering Layer Alerts;
You’ve probably not had done it yet, Enabling “Advanced Mode”. So you might want to quickly do that now. Goto "Options" screen, click "Advanced options" and Enable "Advanced Mode" in Miscellaneous.

http://www.wilderssecurity.info/images/OptionsAdv.bmp

From now on your Application Filtering Alerts should look like;

http://www.wilderssecurity.info/images/Question3.bmp

From now forth… And all you do is check “Just for this session” and problem solved!

Question #2: In “Rule Editing” Dialog and in “IP: address” field you select “Mask”, now the basics;

Masking Class D IP Address / (216.109.118.0/255.255.255.0)
Masking Class C/D IP Address / (216.109.0.0/255.255.0.0)
Masking Class B/C/D IP Address / (216.0.0.0/255.0.0.0)
…
Masking Class C IP Address / (216.109.0.77/255.255.0.255)
Masking Class B IP Address / (216.0.118.77/255.0.255.255)
…

Question #3: Well if you in reference to adding specific TCP/UDP ports without it being lined up in order like (4, 5, 6, 7, 8, 9), then you can configure up two ports per rule using “Equal Or” Feature in “Rule Editing” Dialog and in the “TCP/UDP: port” section.

Btw; I think by Default of Look ‘n’ Stop Installation you use StandardRulesSet.rls, In “Internet Filtering” screen click “Load…” button and load EnhancedRulesSet.rls.

If you’ve not already, visit http://www.wilderssecurity.info/. You should find bit of information hopefully to assist you in some areas…

Greetings btw!

 

Greetings back at ya.

Thanks. I think I need to study the help guide thoroughly, that enhanced set just brought in stuff I haven't heard of. You may have opened a can of worms here as I try to get things the way I am used to having them.

My other firewall is ZA Pro, it allows blocking of mobile code (scripts etc), banner ads and web bugs and 3rd party cookies on web pages as a global rule, does LnS do this too? Also does it allow me to add specific web sites to a privacy list so I can customise them as needed?

Probably much is down to familiarity with how I achieve these things in a different product, than differences between the products themselves?

 

OK specific question this time

With ZA Pro, I can set ex. my mail client so that when i wish to check several account one after the other, it only asks me to confirm access rights when the client opens the first time. Once I'm done and use EXIT that permission dies, so if I run the client again later, even in the same net session, it agains asks permission.

I feel safe that way. I just did this exercise with LnS, using the "this time only", and it wanted confirmation on each account access, even though (to me) the applicaion isn't done with as I change accounts, I am simply switching mailboxes. This is going to annoy me as I always check several accounts together.

The alternative option "this session only" doesn't kill permission when I EXIT from the client, if I said "yes" earlier that same net session it assume I gave consent later on the same session too.

I don't feel safe that way, I like an application to always ask whenever it initialises, but nbot keep asking simply because I open a different account within the same client, or open a new window of the browser if one is already open (ex. a New Window link).

So, is there any way to set LnS so it behaves the kind of "in between" the two options offered?

 

Hey Yorkdale

Thanks! 

Thanks for showing your appreciation… Yes I was hoping I would open a can of worms, like many on here I’m willing to assist you to help get you fixed up the way you prefer…

ZoneAlarm is very much different; Look ‘n’ Stop is very clean, not bloated up with all this unnecessary Features. I prefer to use something like “AdSubtract PRO” for those type of filtering…

 

Hey Yorkdale

Yea you know each Software Firewall contains different styling, and considering ZoneAlarm isn’t rule-base Software Firewall you going to notice quite a difference (For the better if you understand what I’m saying here).

You have Multi-Layers;

Application Filtering
Internet Filtering
TCP Stateful Packet Inspection

If you authorize Client Applications to Application Filtering Layer, regardless it’ll require Internet Filtering Layer to contain matching rule to Authorize access to the Internet.

Now the “Just this time” Feature will alert you every-time Applications accesses Client Environments to send an Outgoing “Packet”.

Regards,

 

That's why I am willing to give LnS a fair go, since ZAPro is heavy on my aging system, and has been known to "not respond", specially if it gets bombarded against the same port. Problem I have, is I use dialup so can end up with some IP addy a P2P user had before me, so I get his file requests streaming in from his left behind "buddies".

ZA can;t cope too good with that, like yesterday, I took about a half hour of endless attempts against one high numbered port from rr.com and others until I had to disconnect and grab a new IP to protect myself because ZA crashed.

So if LnS can deliver security without the crashes, while keeping most of the flexibility I'm used to, then I'm happy to change.

Umm you really don't want to go advertising your messengers tho, if I think you're a guru you may get called on! LOL

 

Hey Yorkdale

Yes Look ‘n’ Stop Personal Firewall happens to be one of the most smallest, fastest, Lite on System Resources with no “Noticeable” slowdowns in reference to Internet Performance.

One of the tests I had performed countless number of times is triggering Flood Packets to my Internet Connection from a Hi Box, 83-105Packets per seconds being rapidly logged into Look ‘n’ Stop “Log” screen. And left it goes for over 2 Entire hours straight without any System Delays, Crashes, and Freezes or Look ‘n’ Stop Application Delays, Crashes, and Freezes.

LOL, I don’t mind one bit. I’m use to helping people by all means…

 

Speed - yep I'm finding this out now - wheeee it was up n running smooth and fast tonight. ZA would have taken over 3 mins to get itself working, and they still haven't fixed the dialup bug it's had for months now.

 

Hey Yorkdale

Now I sure hope you trying to give Look ‘n’ Stop a work-out?!?!?
Don’t you sit around! Get to those Online web-scans and run a bunch of thorough tests…

 

Phant0m``

Sorry was late getting back to ya, since were in a trhead on custimizing LnS

Have you gotten around to something new with your ruleset?

 

Recommend one?

 

Hey FluxGFX

Funny you should ask; I just released an Enhanced copy to a pal today, if you are interested come on MSN and I’ll send you copy and we’ll go through few small steps…

 

Hey Yorkdale

You must have not viewed the website I posted earlier…

http://www.wilderssecurity.info/Phant0m.shtml

 

Hey Yorkdale

Are you using Look ‘n’ Stop v2.04p2, or you using just Look ‘n’ Stop v2.04?
You can find out what version you using in the “Welcome” screen, shown for “Version:”. If you using Look ‘n’ Stop v2.04 I recommend downloading v2.04p2, download link provided on http://www.wilderssecurity.info. And then visit http://www.wilderssecurity.info/pg1.shtml and update the Application Filtering Driver, the Information is giving there but if you have any questions don’t hesitate to poster…

 

Phant0m``

Sorry I`m at work, you may send it to my email from your msn list and i`ll check it later.

Thx ( I just ask because I saw that theres a few things that could be changed and added, but also figured that you were probably working or tweaking it somehow, so therefore, thought I'd ask sweet deal.

If you want to talk to me PM me and i`ll give ya my work email and I`ll reply my mail program is always working.

 

Hey FluxGFX

Not a problem

Actually the Enhancements I made I doubt they would be what you would be in reference too; you have the time why don’t you tell me what you think can be possibly changed and Added and I’ll tell you what I think about it…

That’ll be cool

 

when I have the time I`ll check back on that and ill show you some stuff in the firewall, what could be added and tweak

 

Gimmie a Quick example

 

if I could I would, but im at work

 

Alright; however if you in reference to making modifications to the Authorizing rules, the only other possibility of Tweaking it further currently is using Frag. Offset and Frag. Flags. If I attempt to tweak them with these possibilities Look ‘n’ Stop Customers will all experience serious issue(s). A specific Guide needs to be introduced for the User Learning of Tweaking with these possibilities for their specific Connections.

And for the Protection Enhancements against Inbound Attacks of any sort will automatically be blocked, no possible Leak expect for User Additions perhaps…

And that which can be added is up-to each user specific needs, it’s mainly suppose to offer them something to build-up from…

 

Very true.... but then again.... whos going to mess with the rules unless they know WTF there doing

 

LOL!

Yea FluxGFX; there are number of people who likes exploring and learning and without getting down-right dirty they wont be learning anything to quickly. And then there are people just wanting to Authorize something and in the process of trying to create a rule to Authorize they end up Authorizing more then what they thought, then there are situations where they create a rule for specific purpose like Standard FTP Incoming Temp-Range Connections (ftp-data) which defeats the purpose kind-of of using a Software Firewall…

 

LMAO then again there's Newly breeded users whos supose to be l33t

 

LOL