anti-mac spoofing

Discussion in 'LnS English Forum' started by tinker, Mar 12, 2005.

Thread Status:
Not open for further replies.
  1. tinker

    tinker Registered Member

    Joined:
    May 25, 2003
    Posts:
    5
    How to configure the ruleset for the abv. I'm presently using Phantom's ruleset v6 final. There's a stop sign but not activated yet. o_O
     
  2. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada

    Hello,Tinker


    To set-up anti-mac spoofing,using Phant0m's rule set,go to the rule anti-mac spoofing in internet filtering,then click edit.Now look where is say's Source Ethernet Address,then you will see equals:00:00:00:00:00:00.What you have to do is add your Mac Address,the one in Phant0m's rule-set is just an example of what it should look like,to find your Mac Address fast go to the LnS console,

    Console Message scroll down until you see something like this,it has your Mac address and your IP address.


    1 message Uplink
    NE100TX LFast Ethernet Ada -(my Mac address)
    00:aX:XX:d7:X3:D4- 22.x.2xx.1xx

    (just use your info in the LnS console)


    And now you would replace what is there with 00:aX:XX:d7:X3:D4 to the anti-mac spoofing(Phant0m's rule-set),rule-set and apply,and that's about it is now activated!Also make sure there is a green check on that rule with a stop on it,good luck
     
    Last edited: Mar 13, 2005
  3. tinker

    tinker Registered Member

    Joined:
    May 25, 2003
    Posts:
    5
    Hi Kush, Thks for the response. What's the security significance of this ruleset.TIA.
     
  4. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada
    Hi Tinker,

    Look"n"Stop is capable of protecting a system from MAC-Spoofing and IP-Spoofing attacks, which disable systems and/or hijack Internet sessions also Anti-MAC Spoofing.

    An advanced setting that prevents an intruder from taking advantage of the ability to forge (or spoof) the MAC address of an individual's computer. Anti-MAC Spoofing allows incoming and outgoing ARP traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the security log.

    And for more info on Phant0m's rule-set please check out the links for more info,

    https://www.wilderssecurity.com/showthread.php?t=13041&page=1&highlight=anti-mac spoofing

    https://www.wilderssecurity.com/showthread.php?t=35336&highlight=anti-mac spoofing

    https://www.wilderssecurity.com/showthread.php?t=12988&highlight=anti-mac spoofing

    https://www.wilderssecurity.com/showthread.php?t=12415&highlight=anti-mac spoofing

    http://www.fluxgfx.com/ssc/


    That should give you some good info on Phant0m's rule-set and what it's all about,Good luck
     
  5. tinker

    tinker Registered Member

    Joined:
    May 25, 2003
    Posts:
    5
    Thks a bunch Kush. Will read thru' and see what i can make out of it. I have not confirmed yet whether to continue using LNS coz some site claimed bugs in it's version due to no protection from trojan with firewlal bypassing technology that uses api hooking / and injecthig RAT [trojan] dll to trusted app memory space. This loopholes not only existed with LNS but also with many other firewall progs.
     
  6. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada
    Re: anti-mac spoofing(Frederic Question?)

    Hi Tinker,

    You very welcome,sorry it does not meet your standards,but you got me thinking about what you said,can you please tell me more about this (Quoted by Tinker):"I have not confirmed yet whether to continue using LnS coz some site claimed bugs in it's version due to no protection from trojan with firewlal bypassing technology that uses api hooking / and injecthig RAT [trojan] dll to trusted app memory space".End Quote)



    That's a very good question? And I would like to know for fact?, about this security loop hole and can it be stopped?,or was it just a rumor? Do you have a link please?I don't know where you have heard about this,but never got a Trojan on my Computer with LnS running,I know if a hacker really want's in they will find in,by some weakness in your security,but I have coverd ever possible,trick a hacker would do,and so far so good,it keep's my computer very safe plus 6 other software programs, (trojan detectors,registry watch,dill watch,etc),any if any new dill added and I would know,running in the background to look for this kind of trojan activity. Thank you for the info.

    Did you try advanced options,if your running XP,it watches dill's,but cannot answer your question for sure,sorry about that,Frederic the Author of Look"N"Stop would be able to tell us,thank's Tinker



    Hello Frederic,


    If you happen to come across this thread,can you please tell us about this so called security flaw?,and is LnS effected? First I every heard of this,must do some homework on this!,Thank you for your time.


    KuSh
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Re: anti-mac spoofing(Frederic Question?)

    The beta driver for LnS will stop all current leaktests, which (as far as I know) cover all known methods to bypass the firewall. If you're worried about these kind of things, you may also want to check into something like ProcessGuard that can block this kind of behavior from the start.

    Perhaps gkweb will come around and give us more specifics :)
     
Thread Status:
Not open for further replies.