Firewall and Hardening Systems

Discussion in 'other firewalls' started by sweater, Aug 28, 2005.

Thread Status:
Not open for further replies.
  1. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    I just thought I would check the log to see activity since Harden It was installed and that's what the log picked up. I used all recommended settings. I wonder what could be wrong?

    I understand that.
    Yes, that's why I wanted to install it. Now, that makes me wonder why. If you have any thoughts let me know. You can see exactly what I have enabled when you looked at the post in LNS forum about the FW log.;)
     
  2. Arup

    Arup Guest

    Rilla,

    Since you are behind a NAT router presumably, try un-installing LnS and see how it goes, if it works out fine, you have isolated the problem to LnS, it would then be up to you if you wish to re-install LnS and give it a second try or try out other outbound solutions.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,638
  4. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Yes, a 2WIRE Home Portal from SBC. The log I told you about with the SYN Flood Attacks etc came from the computer with Harden-It and Windows FW installed only. LNS is not installed on this computer, it's on the other one I'm waiting to hear an answer for (were I posted the log about the FW in LNS forum) the one with LNS on it, before I put it on the other.

    One computer has Harden-It & Windows FW & Secure IT

    One computer has LNS & Secure-IT

    Did you have to configure your router with any FW'S?
     
  5. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Hi WSFuser,

    it needs some type of rule made whether it be router rules or something else. If you see my post on "Can anyone tell me what my log means" in LNS Forum you are able to see tons of entries for the router, it needs some type of adjustment. Maybe it's something as simple as me right clicking on the Router entrie in the log and allowing, but since I don't know this FW I didn't want to do that. Hopefully, Frederic will answer soon.;)
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,638
    i have the same gateway. however since im just lazy, i set it up as a DMZ so i wouldnt have to worry about my p2p apps and games working. so far LnS and my internet connection have been working fine, but since u have the firewall enabled i guess that may need rules in LnS tho i dont know much.
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,007
    Never had to make any special rules or accomodations for my router here with any other firewalls. Don't know why LnS needs any either, although I must admit that I have not tried LnS with the router here.

    Frederic should have responded to your posts long ago..
     
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Hi everybody,

    yes Frederic answered we are still resolving.

    I tested Harden It on two different machines with two different configurations. Where it asks you to choose about SYN Flood Attacks I left (2). On the next machine I chose (1) Under Heavy Attack.

    Now the one where I chose (1) Under Heavy Attack the SYN Floods stopped showing up in the log, where as the other one they were showing up.

    Please note that these comparisons were done with windows FW and Harden-IT only. No LNS on these. Sorry I should have posted that information before.

    Just though I would throw that out there;)
     
    Last edited: Nov 13, 2005
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Try disabling your Secure-It settings on the LnS system and see if that impacts what you are seeing in the logs.

    Regards,

    CrazyM
     
  10. Arup

    Arup Guest

    Rilla,

    Can you tell me if you are behind a NAT router? Also do you have the router's firewall turned on and also would like to know the brand of your router including the model number of possible?
     
  11. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    I will give it a try and get back to you.

    Thanks
     
  12. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    It's a 2WIRE Home Portal from SBC Yahoo. I guess that's considered a Nat router.
    Yes, I always have the router's FW turned on. The brand is 2WIRE Home Portal from SBC Yahoo. I looked on the bottom of the router and it says HomePortal 1000SW. This Home Portal is also to communicate with wireless cards.

    If you go to "Can you tell me what my log means" in LNS forum you will see everything that is enabled on my router FW.

    My desktop connection is local area network with an eithernet cable going to the back of my box. The two laptops have built in wireless cards and they are set up with wireless connection.
     
  13. Arup

    Arup Guest

    So this means, all you need is outbound protection, the 2Wire is in itself quite a competent all in one solution and if you do a GRC scan without LnS, you will see you are fully stealth so my suggestion to you would be, in case you wish to keep LnS, just use its outbound app filter and turn down SPI for inbound traffic, see what happens then.
     
  14. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    This router has Inbound and Outbound capabilities.

    The computer with LNS has been shut down (I'm on my desktop now) until this can be resolved. It's not really a big thing, I'm just trying to understand this FW. I would like the router FW and LNS to be able to play nice, the extra layer of defence thing, that way if something does get in LNS would catch it.

    SBC has been taken down by worms etc also, then that would leave me vulnerable, just seems to risky.

    I don't know, maybe I'm wrong in my thinking, ha, ha, ha.....wouldn't be the first time.

    And yes the puter with LNS was tested GRC and it came back completely stealthed. There is another site I wanted to test it at and I can't remember the name of it, the only thing I remember was at the end of the test it would say it recommended you to try the test again with Sygate, regardless of results.

    Is there any other testing sites for the FW? Just a side note check post 133, it has been edited.
     
  15. T772

    T772 Guest

    Last edited by a moderator: Nov 13, 2005
  16. Arup

    Arup Guest

    Also www.speedguide.net has a good security scan as well, I would not eanble any outbound firewall on the router, would rather leave that to LnS outbound app filter but will definitely run LnS with inbound SPI disabled.
     
  17. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740

    That makes sense about the set up you suggested. I didn't stop to think, it then would be going through two steps on the Outbound when it don't have too. It's funny, sometime's things appear to be different after ya think on it a bit.

    Here's the thing, if I disable Outbound Router FW which is 95% of the options in the FW (which I don't have a problem doing) that leaves only two options left for the Inbound which is: Remote Magaement & NetBIOS and those are not enabled anyway. So I guess I'm on my own with the Inbound & Outbound, this router isn't all that, I see now.

    So, that leaves three options left in the Security Module I could use which are: Stealth Mode, Block Pings, Strict UDP Session Control.

    In order to set it up the way you said, I guess that's where the rules come in to play. In fact, I went to LNS site to find info about making rules and found some d/l's for rules that don't apply to what I was looking for.

    Regards,
     
    Last edited: Nov 13, 2005
  18. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
  19. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    While that is an option, keep in mind they are filtering at different levels.

    If the router has outbound control, you can define a policy for what is permitted for all systems on the LAN. This is certainly preferable to a permit any out.

    If you want additional filtering on the PC's you can use a software firewall for that.

    Regards,

    CrazyM
     
  20. Arup

    Arup Guest

    A software firewall allows you to control LAN pretty well with easy setting of protocols etc, a policy making firewall like NetVeda will allow further control based on content, rating etc. so consider that as well.
     
  21. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,638
    i recommend u leave the stealth and ping options checked. so that it can stealth ur ports and pass the shields up test as grc.com
     
  22. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Hi crazyM,

    I know I probably confuse some people with these posts because I have three systems I'm dealing with. But, LNS is only on one (the laptop). Until I figure out how to properly configure it and it works okay, I then will purchase two more License for the others.

    In regards to: If the router has outbound control, you can define a policy for what is permitted for all systems on the LAN. This is certainly preferable to a permit any out.

    Thats exactly what I wanted to do, but I gathered not possible. Okay, well I know now. I will post some screen shots, so you can see what's on my end.

    I did uninstall Secure It and it made no difference to LNS. Harden It is not on this specific system. Will get back to you soon.

    Thanks
     
  23. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Hi WSFuser,

    I agree!
     
  24. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I just went back to the post with the problem you're talking about and realized something.. I'm not sure about the others, but NOD32 uses the QoS Packet Scheduler to update (so that dial-up users don't get DoS'ed when first getting online when there's a big update, lol).. Go into the Control Panel > Network Connections, right click on your net connection and click Properties, and make sure there's a check in the box for "QoS Packet Scheduler"..
     
  25. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,740
    Yes there is Notok.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.