NetVeda 3.61 released

It's very possible that I'm not using it correctly. I have read all of the posts in this thread (as well as the manual), but I still don't think I know what I'm doing!

 

no13 is right, nothing comes close to NetVeda in resource use, with all those feautures, it still manages to be so light.

 

okay...
here's a screenshot from me

 

Here

https://www.wilderssecurity.com/showpost.php?p=400488&postcount=25

thanks to JW for a real quick guide to set it up... very educational

relevant portion for a newbie to Netveda

 

Hi all!


No13-

How does Netveda handle ARP and other non-ip traffic? I use CHX-I and ZAP in tandem. The reason I use ZAP, is the deep component/app control it offers with the PACKET filtering portion turned completly off. There are only a few fw's that do that! I know at the moment, CHX-I doesn't handle ARP, but soon will. 8signs handles this well!


Regards,
Jazzie

 

Hi Jazzie,

The block unsolicited incoming connetion tab takes care of that I believe.

 

Hey Arup-

Let me make myself clearer! I want to be able to filter MAC addresses using ARP rules. By including only My NIC, Router, DVB receiver (Unix OS) and two other systems on my LAN. I tried Netveda briefly, but never got around to playing with any rule creation(s). LNS & 8Signs filter ARP good! Just wandering if Netveda has the ability also! Thanks for your input...

BTW: Here is a page that explains ARP:

http://wiki.ethereal.com/AddressResolutionProtocol

Here is a page that explains different attacks using ARP:
http://www.watchguard.com/infocenter/editorial/135324.asp

CU
Jazzie

 

You gotta ask the tech support guys for this. They reply within 24 hours, and tech-help is really good... email address can be found in one of the threads about NetVeda here.

That's the default behaviour here too. But as shown by JW, you can do a hell lot more if you know how to create rules. It's fairly flexible, and if you're behind a new-ish router [both mine have NAT and SPI... dual layers!!] it easily becomes a good choice.

generic method for any rules.
1. create a group from groups and include any apps/services you want to put in.
2. go to security->Adv. Int. Firewall... here create a rule for your newly made groups. Lots of options available.

My questions:
Does it have the local loopback flaw that Sygate has? I'm not sure.
Does it monitor your LAN interface? Again, I'm not sure. And how?

 

No13-

Yes my router aslo does SPI and NAT! But, since I am using CHX-I as a packet filter. There is no need to have double filtering using any other fw. Appart from ARP protection. Rules are created in CHX-I that uses an excellent SPI implementation, next to checkpoint fw. What I really want is a basic TDI level application filter/component control, to work with great SPI filtering. Not for security reasons, but to control bandwidth and basic app control. Your questions on how does Netveda control traffic on your lan interface (inbound) is probably aswered by monitoring the gateway of the router... What is infront of the router, can be analyzed with a Ethernet tap and Sniffer...

CU
Jazzie

 

well any sniffin' gotta wait for a month.
Fresh batch of "exams" prepared for us.

well... using CHX-I along with a router seems overkill UNLESS.....
1. Router hasn't been configured
2. Router doesn't perform SPI by default [SMC for example... SPI is done ONLY when you 'tick' it when creating a rule, but NetGear usually have SPI defaulted for all traffic]

Netveda should fit the bill... it works using a netork driver of it's own... just check the help out, will ya? It should be more informative.

 

3..: You are on a DMZ and want to be able to control exactly what is comming In andOut!

Not over-kill in that sense. If we are all talking 'over-kill', why have any kind of SPI type fw at all behind a router that does SPI?

CU
Jazzie

 

Jazie,

I am familiar with ARP exploits and have ZA set to enable ARP protection. Why not ask this at support@netveda.com they are pretty fast in thier replies.

 

Arup-

No need to ask thier support. I just thought there was a user here in the forum that has dealt with it directly! I mself will use another third party app to protect against this till CHX-I covers this....

Regards,
Jazzie

 

A DMZ??
Why?

There was this router config tutorial [i forget where] where it said that a DMZ should be set up at an ip that's got no computers just to block potentially unwanted malicious packets that are inbound to a DMZ.

 

Well I am curious if NetVeda does protect us from this, by the way, what is the 3rd party app that protects us from ARP, I know Sygate Pro has the protection for SRP protection.

 

Look n Stop + Phant0m rules
Kerio 4 + BZ rules converted
Kerio 2 + BZ rules
Outpost Pro + Paranoid2000 rules

 

Where can I find Phant0m's rules?

Cheers

 

I stopped using LnS a month or so back... light, but uninteresting.
Send him a PM will ya? You're a mod
and I think that AvianFlux may have them on his site...
here's the link to the thread http://www.fluxgfx.com/ssc/showthread.php?t=14

 

Here: http://www.fluxgfx.com/ssc/forumdisplay.php?f=5

Oops.. no13 beat me to it..

 

Thanks no13 and Kerodo, both links are down, I have found an offline v6 posted by Kye-U.

Cheers

 

No they're not.

something's wrong at your end mate.

here's the download http://www.fluxgfx.com/looknstop/store/Phant0m`s-v6-Final.zip

 

Blackspear

Also Note that this ruleset needs to be tweaked to be applied..
like adding your DNS servers into a pre made rule, putting your MAC address into another... and so on.

.

 

As per screenshot:

 

hehehehe...
checked your hosts file lately? what about going to www.dnsstuff.com and checking it out?