Newbie to LooknStop - OK for a novice ?

Hi Good Wilders folks

Due to some problems detailed in another thread I have ditched ZA Security Suite for the time being. However, the only firewall I have used to date was that in the ZA suite and I found it really user friendly especially as it was basically 'set and forget'.

Now I have to look elsewhere and am trialling LooknStop after reading a lot of threads.

Basically, my question is if I set it up with the Enhanced Rule Set is that pretty much all I need to do to be fully protected ? I don't yet understand what these default rules are telling me and the setting up of rules is a bit beyond me at present. I'm impressed with the tests through GRC and PCFlank which tell me I'm stealthed everywhere.

If I'm not able to set up rules should I really be looking at a different type of firewall ?

Cheers

Jon

 

Hi Jon,

With the Enhanced Rule Set you should be protected from all kind of external attack.

The things get tricky when you want something special (e.g use 2 PC, one behaving like a router etc).

As a LnS user I must say that this firewall is very powerfull because you can select very specifically a port, IP adress or a MAC adress and do whatever you want. Moreover I apreciate to buy it product once for all without having to pay an anually fee.

The drawback is that if you make a mistake you can expose your firewall to external attack easily. Therefore if you need to tune up your setting, you must make sure that you change on thing at at time, and that you test your firewall through an available online port scan like Secure Scan from Sygate or Shields Up from GRC

Cheers

Gen. Noel

 

Thanks General Noel

Seem to be stealthed on all fronts and intend to leave rules well alone at this stage and leave just as it is.

So far really impressed.

Thanks for your help.

Cheers

Jon

 

Sorry -just another question

In ZA it was clear what was asking for server rights such as Generic Host Process. I denied everything server rights.

What do I need to look for in LooknStop in Application Filtering as regards what is requesting server rights and what do I need to do do grant internet access without server rights ?

Cheers

Jon

 

Hi Jon,

Actually incoming connections (server mode) are blocked directly by the Internet Filtering (packet filter), so there is no specific option for that in the Application filtering.

Regards,

Frederic

 

Hi Frederic

Thank you very much for your quick response. Just to be clear then, the rules in the Enhanced Ruleset block any application from getting the right to act as a server ? If so thats great and actually easier than ZA for novice users in making decisions.

Cheers

Jon

 

Actually the application is not really blocked, but the result is the same: the application will simply never receive incoming connections since these packets are blocked by the packet filter.
To allow an application acting as a server, a specific rule has to be created in the packet filter. Then the application has to be attached to that rule, so the incoming connection on the specific port will be dedicated to this application.

We effectively tried to be as simple as possible for the Application Filtering, so the questions asked to the user are direct and simple.

Frederic

 

Thanks again for your help Frederic

Looks great so far and at present see no reason not to buy after the trial expires.

May have one or two questions later.

Cheers

Jon

 

I bought LnS only a few days after trialing, and have not regretted it in the least. In fact the more I see about other firewalls, the happier I am with LnS A rules based firewall couldn't be easier to use.. I especially like the fact that if you need specific rules for specific apps, you can either download them from the site or right click on the log entry and 'create rule'. If you haven't already, try the beta drivers and service, and if you use any p2p apps, you might try Phant0m's ruleset.

 

That's the Way I feel about LNS after only 3 to 4 weeks now!! And I Just use the EnhancedRulesSet.rls Instead of standard!!

cheers,

 

Got to echo all the above and say that its great value for money as well. Iv been using look n stop over the last few years and Iv only had to pay the one licence . It will , as far as Im aware , stay as that till the version 3.00 arrives. Which is quite aways off if the time frame from 2.04 to 2.05 is anything to go on. Having the forum here is also great value.
I know zilch about setting up rules and really are not that interested in having to get into that , so enhanced ruleset is fine with me.

 

Thanks folks for your feedback.

Reassuring to know that it accomodates both those who have knowledge of rules and those who don't.

Just another thing regarding my logs and warnings - predominately I only get pop ups advising that such and such had matched a rule and this rule is the Blocks all other UDP packets. In laymans terms - what are these UDP packets ? Are constant alerts of this nature normal ? The log file doesn't specify the traffic was actually blocked unlike other incoming traffic but I guess this rule is working OK ?

Sorry I can't be clearer - don't have machine in question with me.

Cheers

Jon

 

Hi Jon,

It depends on the kind of UDP packets (the port numbers and the direction: Uplink/Downlink of the packet), and the rule name that has matched.

Usually if you didn't notice any particular connecting issue with one application, this means the rule is blocking unnecessary packets (either true alerts/scan or not), and so it is OK.
If the number of these alerts is too high, then just remove the ! for the rule and the packets will be dropped silently.

Frederic

 

Thanks Frederic

Just logged on my machine and I'm hit by logs referring to '' any other UDP packet'' - direction ''internet to pc '' covering Ports 1026 -1029 -same hit Windows Registry has invalid entries (disclosed in Data of packets contents) download Regwash.net to fix.

Will do as you suggest - just thought I'd let you know

Cheers

Jon