Finally installed, need help

Discussion in 'LnS English Forum' started by Acadia, Aug 15, 2003.

Thread Status:
Not open for further replies.
  1. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Ok, finally installed LnS. Went to grc.com to test. With my old firewall, I was always COMPLETELY stealth at all ports. With LnS the following ports are closed and NOT stealth: ports 113, 1024 thru 1030, 1720 and 5000. Any suggestions? Thanks.

    Acadia.
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    On Installation of Look ‘n’ Stop, Look ‘n’ Stop uses StandardRulesSet.rls by Default.
    First thing we want to-do is “Load” up EnhancedRulesSet.rls file by going into Look ‘n’ Stop’s Internet Filtering screen and clicking “Load…” button and selecting that file located in the Default location and clicking “Open” button. ;)
     
  3. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Now did I just see out of the box ? :D

    the enhanced rules set will do you good ;) if not then I'm sure my good friend ghosty will help ya out by setting you up with the Phant0m rule set ;)
     
  4. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Wow, that was easy enough. After doing what you told me, PhantOm, I went back to grc and tested completely stealth on all ports. Then I went to three other test sites and tested completely stealth on all three. VERY impressed so far. Thank you.

    Acadia
     
  5. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Aaaaaaaaah, another problem. LnS kills my BoClean updater. So far it has allowed my other software to update but not BoClean. Whenever I turn off LnS then everything is Ok, but as soon as I turn it back on, BoClean updater freezes. Thanks.
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    :D
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Acadia

    What version of BoClean and its Updater System?
    I’m not sure but someone months back said BoClean has an beta BoClean Updater System which uses FTP Passive mode, however if BoClean Updating Systems still not using HTTP or FTP Passive mode then it’s Updating System will be blocked by Look ‘n’ Stop inbound security by Default causing BoClean Updater System to Lock up for a minute or two until it “Times-Out”. I highly recommend doing manual updates and check out the most recent updates for BoClean, and not attempt to make an FTP rule which authorizes temp-range access in through your Software Firewall, kind-of beats the purpose of using a Software Firewall…

    Regards,
     
  8. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Yeah, I’m using the manual BoClean Updater from now on. LooknStop let all my other stuff update: both antivirus, AdAware, SpyBot, SpywareBlaser, and SpywareGuard. Only BoClean failed but now doing that manually, no problem. Went to a fifth firewall test site, received the highest possible score. This firewall is definitely a keeper. Thanks for everything.

    Acadia.
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Anytime Acadia!!! :D
     
  10. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey Phantom - how about making a rule and just opening it when you update Boclean or set fixed to their dns

    ftp.nsclean.com (204.97.129.10:cool:

    Ruben
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey tosbsas

    There is a reason why I call it “Additional rules”… Figure it out yet? ;)

    Adding Temp-range access with restriction to specific IP isn’t much security there, I or anyone could easily Spoof BoClean Updater server to successfully attack BoClean users….
     
  12. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    It appears Look n stop is the only firewall that does provent updates from ftp sites .
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hmm wrong; and wrong….

    BoClean Updating System and whatever can successfully connect to the FTP server; however successfully receiving ftp-data connections (remotely started connections) is another story. Since Look ‘n’ Stop’s Application Filtering Layer works differently, once Client Applications are authorized to the Application Filtering list it then relies on the Packet Filtering Layer in order for Successful Outbounds/Inbounds to the Client Applications. And since EnhancedRulesSet.rls is quite secure by Default the remotely started connections like ftp-data will be blocked until you take the necessary actions to say otherwise…

    Anything which uses FTP Passive mode should be successful using EnhancedRulesSet.rls by Default; FTP Passive mode allows you the user to make the locally started ftp-data connections rather then the servers making the remotely started ftp-data connections… :cool:
     
  14. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    well im rather slow at all of this but are you saying that you cannot auto update then . Take for example e Trust , which uses ftp . Look n stop will not allow a connection . yet any other firewall will allow e trust to auto update . But if I do it manually it will update ?
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey solarpowered candle

    I explained in my above post... Please re-read :)
     
  16. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    ?? eTrust EZ is allowed to update with my LnS.

    Acadia
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    :p
     
  18. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Is that manually ( not auitomatic updates ) thats what Im asking here . As I couldnt get thru using auto updates with look n stop . Thats cool if you can .
    :cool: (thats the promo version7 )
     
  19. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Ok, I'm doing this from memory because I'm using NOD right now. I have version 6.1.7.0. There are three ways of updating it. One is to manually download some file, open it up and install (or something like that, I've never done it that way). Another is to simply click on, and I can't quite remember the name, update automatically?? Then you just watch it all happen. Finally, the update that you just set it to update at 24 hour intervals and you never click on anything. I always use the second method, clicking on update automatically or whatever it is called. BTW, one of the versions of eTrust EZ is, or was, having a problem with the auto update feature. I believe it was talked about somewhere in the Wilder forums, but I don't remember whether it was version 6.x or 7. Enjoy your weekend.

    Acadia
     
  20. Siddhartha

    Siddhartha Guest

    I have NO problem at all to update "eTrust EZ Antivirus", because I'm using the latest version: 6.1.3.1
    The version supports "FTP passive mode" now.
    ;)
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hmmm so I guess Newest BOClean doesn’t yet support Passive mode, or it’s still in beta testing or something?
     
  22. Klaude

    Klaude Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    17
    Hey Phant0m: congratulations for the new rule-set.
    Continue the good work!
    :)
     
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Klaude!!!

    Thanks :D
     
  24. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    PhantOm, this doesn't matter to me in the least because I am very happy to use manual download for BoClean (and so far I am EXTREMELY please with LnS) but here is a copy/paste from this BoClean web page:
    http://www.nsclean.com/update.html

    "If you are using a firewall that blocks port 113 (authentication) then you may not be successful in downloading from our site. We use port 113 to query internal machines to ensure that writing to our FTP site can only be accomplished by authorized machines. Port 113 queries any machine which connects to our FTP site to determine if it's one of our own. If it does not receive back either a "fail" or an authentication code, then access to the FTP site is blocked by our routers. Some poorly configured firewalls will not respond on this port and that's the cause of the problem.

    When you go to download from our site, it is perfectly fine to use anonymous FTP and in this situation, port 113 will refuse to send us authorization data. But if you are using a firewall that is entirely blocking port 113, then your attempt to login to our FTP server as "anonymous" will fail with no signal at all coming from your end. Consult your firewall documentation to see how to turn on port 113 and you'll be able to get to our site. Allowing port 113 does not result in any risk to your machine and properly configured firewalls do NOT block port 113. This should solve your problem. If you still have difficulties, please contact your firewall vendor for support. "

    I don't even have the technical prowess to know if this applies to anything that you have been talking about.

    Acadia
     
  25. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    [glow=red,2,300]Hey[/glow]

    Since I’m such-a nice guy I’ll re-word it all so yea’all can interpreted it more efficiently…

    In Reference to EnhancedRulesSet.rls; the Updating Systems using FTP Protocol aren’t at issue with making locally started Connections to port 21 or whatever to the Updating System servers. It’s the ftp-data connections being remotely started using Standard FTPing which gets blocked by default, and when this happens the Software Updating Systems can appear locked-up for minutes before timing-out. To avoid the ftp-data connections being blocked many Software Vendors used HTTP Protocol or FTP Protocol using Passive Technology (PC to establish the data connection to the FTP site instead of the site establishing the data connection to your PC).

    Blocking Identd (authentication) server with a Software Firewall can cause connection issues with a server, not always. In my case never, it may delay a tad but never cause any connection issues with a server. For instance I use my browser and visit ftp.nsclean.com and with Identd blocks I had no issues viewing/downloading BoClean Updates…

    Month’s back I’ve been told BoClean Updater with Passive Support was nearly finished;
    http://www.wilderssecurity.com/index.php?action=display;board=13;threadid=6992;start=15#msg52043.

    I don't use BoClean product but anyone fed up just give me their E-mail Informatics I’ll contact them myself and get some serious action ASAP!
     
Thread Status:
Not open for further replies.