Constant LnS logs. Conflict with Shareaza? I already have Shareaza rules.

Discussion in 'LnS English Forum' started by JayOfTruth, Jul 26, 2006.

Thread Status:
Not open for further replies.
  1. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    Recently, I have installed the trial version of LnS. Also, I have installed shareaza on my computer to download or open bit torrents. So I downladed the shareaza rules and bit torrent rules to lns. Shareaza was still slow and I discovered I needed to configure my router to port forward shareaza. So I browsed on WildersSecurity and found out about Portforwarding.com.

    I have a couple of questoins.

    By default shareaza uses port 6346. Portforwarding.com says, "You can set the port to be whatever you want, but using a port between 10000 and 60000 would be a good idea. ISPs do not usually block these high numbered ports."

    So I did this. I changed the port on shareaza to 58844 and on the lns rules I changed all the 6346s to 58844s and i port forwarded port 58844 on my belkin router.
    But now looknstop is constantly logging "TCP: block incoming connections / Ports dest: 58844 Src: (eg 57932/ many different 5 digit numbers.)" This is when shareaza is NOT running.
    When shareza IS running LnS goes crazy with these logs "ICMP: All ICMP types (nukes, . . . ) / Type: 3 Code: 3."

    (BTW: shareaza does not detect a router or firewall anymore [because of the port forwarding and LnS rules]. The test comes out good.)

    Should I change everything back to port 6346 or is it something else??
    How can I stop these logs?
    And, to port forward i need a static ip address. Is a static ip address dangerouso_O?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    the TCP entries are normal if u have been running p2p. what happens is ur IP is kept in cache so people are still trying to connect to you even after u close ur p2p client.

    as for the ICMP entries, is there any IP address?
     
  3. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    Yes there are several different ones.

    here's a few:

    204-9-12-225.inetlink.ca
    10.128.cm.sunflower.com
    200-207-17-200.correionet.com.b
    provider.bilink.com.br
    201-40-40-66.cbace700.t.brasilt
    201.15.68.87.gnace701.dsl.brasi

    et cetera.
    and they come in every couple of seconds.
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  5. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    Well that solves the logging problem. Thanks alot for that, it was getting frustrating.

    Do you know why that so many ICMP types are blocked when shareaza's on?
    And do you know if having a static ip address is dangerous or not?
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i dont know about the ICMP packets, sry.

    as for the static ip, i dont see why its dangerous.
     
  7. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    Ok thanks. I had just read an article on the internet that a static ip address draws the attention of hackers. thats all.

    thanks for the help :)
     
  8. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    I turned the two exclamation points off next to "ICMP: All ICMP types (nukes...) Type 3 Code 3" yet it is still logging it!
    I have restarted LnS and the computer.


    Any other ways to stop it?
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    turn off teh exclamation again but this time remember to save the rules.
     
  10. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    yea. what i meant is that i saved and restarted LnS and my computer. The exclamation points are off (saved that way) yet i'm still getting the ICMP Type 3 Code 3 logs.

    Whats up with that?
    I have the trial version though. Might that have anything to do with it?
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    so "ICMP: All ICMP types (nukes, . . . )" still shows up in the log?

    im puzzled on this.
     
  12. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi JayOfTruth :)

    Icmp type 3 code 3 = port unreacheable...

    This is a normal entry in your log when using ShareAza or any other P2P program... Those entries mean that LNS is doing is job... Don't worry about this.

    Remark 1 : you have changed the default port for an other one... may be this drive more Icmps type 3 code 3 for this reason...

    Remark 2: changing this default port is not more secure
    Used the Security option in ShareAza (Ip and IP ranges blocked, see the documentation...) Also it's a good idea to used PeerGuardian2 ...
    http://phoenixlabs.org/pg2/


    Remark 3: To avoid misunderstanding the best is to export your rule set,
    and upload it here, so we can check it. Same for the log: uploading a sample may help us to help you...

    Remark 4: the application filter must be enable with ShareAza in the list, the correct rules must be created in your rule set for this application and these rules must be located at the correct place in the list... (the position of a rule is important...)

    Remark 5: I add rules for ShareAza as example for you.

    (For Gnutella 1 and 2, eDonkey and BitTorrent)

    The 2 first must be placed before the rule "Block incomming connexions" (id est : block incomming TCP packet with the flag SYN).
    This is for the Server side of ShareAza (outside connexions initiated by others computers to your PC)

    The other rules must be places after this and the rule allowing standard internet services... This is for the Client side of ShareAza (connexions initiated by your PC to the other computers...)

    Hope this help. Let us know.


    :)
     

    Attached Files:

  13. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    Climenole,

    Response #1
    Thanks for the info. I didnt think changing the default port was more secure, I thought that I would be blocked by other peoples ISPs less.

    Quote from http://portforwarding.com: ""You can set the port to be whatever you want, but using a port between 10000 and 60000 would be a good idea. ISPs do not usually block these high numbered ports."

    Obviously thats wrong because I'm getting type 3 code 3 like crazy.

    Response #2
    I checked the security option of shareaza. Were you telling me to add the rules to the security option of shareaza (the ones in the attached .txt)? I dont know how to do this. Shareaza doesnt give enough options. (Iwould add a screen shot. I know how to take one but not to paste it onto a post.)

    Response #3
    I dont know how to change the rulesets or logs to .txt. So I just did a screenshot and saved as jpeg.

    Maybe the best thing for me to do is change the port back to the default?
    Oh and one more thing. Just to let you know. Shareaza DOES work. And I have the shareaza rules for LnS.

    Thank you.
     

    Attached Files:

  14. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    Heres the log.
     

    Attached Files:

    • log.JPG
      log.JPG
      File size:
      159.6 KB
      Views:
      8
  15. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi JayOfTruth :)

    Right! Before changing any default parameter the best is to check the software with it... Concerning the port filtering this is mainly a probleme with some ISP et BitTorrent...

    The main problem is with Fakes eDonkeys server and traffic analysis by RIIA and some other crackpots (used PeerGuardian2 for this...)

    Look at this: http://wiki.shareaza.com/static/SecurityFilter

    The attached .txt in my previous message is the rules I'm using for ShareAza...

    1- right click on the file name and choose change name... remove the ".txt"

    2- Default ports are "ok": you don't need to change this.

    3- The rules you have for ShareAza in your internet filter (as I see in the picture) are not located at the good place...

    The Client part of the application must be placed after the rule
    "authorized most common internet services" in red in my picture...

    The Server part of the application must be placed after "block land attack" and before "block incomming connections" in blue in my picture...

    Change the rules locations, save it and restart yout PC then try again...

    remember that shareaza.exe must be included in each of these rules (client and server ...)

    also : enable the two rules for fragments MF and Fragm block...

    And BitTorrent : you need it at the same place than other clients rules for ShareAza... (I forgot to marked it in the picture...)
    With ShareAza the server side for BT used the same port than eDonkey/ Gnutella... don't worry about this...


    :)
     

    Attached Files:

    Last edited: Jul 28, 2006
  16. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    shareaza.rie
    edonkey.rie
    BitTorrent.rie
    EnhancedRulesSet.rls

    The best I could do. Dont understand how to get .txt.

    what does "et" mean?

    What will moving these rules do for me?
     
  17. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi JayOfTruth :)

    1- :rolleyes: You don't know how to rename a file with Windows?
    Right click on the file name and...
    Okay: check the images in next messages...

    2- "et" : it's a LAPSUS CLAVI:
    since my native language is french I wrote ET instead of AND ...
    :rolleyes:

    3- In any rules set firewall in the universe, the position of a rule in the list is important since the rules are read from the first in the list until the firewall find one rule corresponding exactly.
    When this rule is founded it is applied.
    It's a sequence of Universal propositions (If All criterias applied then the rule is applied) linked by XOR... Exclusive logical OR...

    This mean that in the rule set One and Only one rule will be applied.(The first rule matching all criterias...)

    The server rules for Shareaza MUST be placed after the rules blocking illegal or malformed packets NOT before!!!

    The Client rules for ShareAza MUST be placed after the rule blocking incomming TCP packets with the flag SYN and not before !!!

    That's the way a rule set firewall works.

    :)
     
    Last edited: Jul 28, 2006
  18. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Here you have a file with the extension ".txt"
     

    Attached Files:

  19. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Here you have this file : right click on it to have the "contextual menu":
    choose rename...
     

    Attached Files:

    • ez02.jpg
      ez02.jpg
      File size:
      23.6 KB
      Views:
      306
  20. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Finally used the backspace key to remove .txt ...
    You may also change all the letters and so on...

    It's easier than "sharing" files with ShareAza...

    Au revoir Monsieur.

    :D
     

    Attached Files:

    Last edited: Jul 28, 2006
  21. JayOfTruth

    JayOfTruth Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    19
    Location:
    SA Texas
    Sorry I havent responded for a while. Been outta town in Austin TX for the weekend.

    I guess I was confused because I dont have the shareaza ".txt" file. I have looked for it and for the other rules i've downloaded but to no avail. i have no .txt files so thats why I couldnt post. I do know how to rename a file.

    Thanks for all your help. Both WSFuser and Climenole were great help to me in this post. Spending your time to help me solve MY computer problem. . . I really appreciate that. Thanks.
     
Thread Status:
Not open for further replies.