Frustrated...

Discussion in 'LnS English Forum' started by p00ter_nerd, Aug 24, 2003.

Thread Status:
Not open for further replies.
  1. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    I heard so many good things about look'n'stop I decided to try it. To my dismay, I am slightly dissapointed. I updated to the advanced rules set, it filters lots of junk, but.... I have to disable it to use the internet. I have Opera v.7.11 w/JAVA. I already set it to let Opera Access the internet. Also, when I try to use WMP 9, it only works if I have LnS disabled. Please help....
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    Could you please disable “Application Filtering Layer” by de-checking “Application filtering enabled” in Look ‘n’ Stop’s “Application Filtering” screen to determine whether or not it’s at fault with your situation.
     
  3. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    Already tried it before posting, doesn't work...
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    Alright, Thanks…

    I just wanted to rule-out any possibilities of App-Layer corresponding with your situation… If you look into Look ‘n’ Stop’s “Log” screen when you find yourself not being capable of connecting to Internet you’ll notice DNS (Domain Name Service) packets being blocked, Outgoing I assume?. Thus should not occur considering EnhancedRulesSet.rls by Default allows outgoings to ALL DNS Destinations.

    Could you confirm for me what I had mentioned resembles your situation?
     
  5. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    in case it helps I have Adelphia Powerlink, opera 7.11. When I have it enabled I also can't use Office Scan, Spybot, ADaware, or WMP 9.
     
  6. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    there aren't any DNS's being blocked. The only thing being blocked outbound is UDP's.
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re:

    Hey p00ter_nerd

    Yea i believe it's Outgoing DNS packets (53udp).

    If you like, Enable “Log file” Feature in Look ‘n’ Stop’s “Log” screen and reproduce your anomaly. I wouldn’t suggest posting what’s inside the log-file onto the forum; if you like you can E-mail it directly to me Phant0m@wilderssecurity.info, All Look ‘n’ Stop’s Log-files should be kept in \Soft4Ever\looknstop\logs\.

    Thanks.
     
  8. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    I cant email it to you because Adelphia is having bandwith issues that are interfering w/email. The only way to crack this is to do it right here...
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    Alright, from here forth I’m going on a theory of your situation.

    First thing I would suggest trying is re-booting the Machine, which you possibly already had done right?
     
  10. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    As another suggestion, you could enable your webspace, upload the file to the webspace, and give Phantom the link to that if you know how.
     
  11. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    Yeah, but I'll do it again, can't hurt
     
  12. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    I seemed to realize that it is blocking the upstream requests. I tried to go to dell.com w/LnS enabled and my blocked uplink packets went up. I'm going to allow that port to go through. Worth a shot.
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    Note; Please don't make any modifications to EnhancedRulesSet.rls just yet... ;)

    If you wouldn’t mind I have two tests for you to perform;

    #1; There is a rule in EnhancedRulesSet.rls labelled “UDP : Authorize name resolution (DNS)”, could you edit that rule and for “Source \ IP: address” section could you use “ALL” rather then “Equal my @”, then click OK button in “Rule Editing” window and click Apply button in “Internet Filtering” screen and “Save” then re-boot the Machine.

    #2; If the above fails try de-checking “Internet filtering enabled” in Look ‘n’ Stop’s “Internet Filtering” screen and re-boot. After boot-up with Look ‘n’ Stop running try surfing before Enabling the “Internet filtering” Layer and afterwards, after enabling Internet Filtering Layer try surfing some more and report back…

    Thanks in Advance.
     
  14. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    I got it to work!!! In the internet filtering I had to set block all TCP Packects to allow it through. At least it works now....

    BTW, what it a TCP and why was it blocked in the first place. (my stupidness is showing, I know)
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    By Default EnhancedRulesSet.rls should apply to you and everyone else, making modifications like the one you just done will critically damage your security defences...
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    To further more my point; run some Online web-scans and you’ll notice many TCP Ports are either “Closed” or “Open” and not “Stealthed” like suppose to, UNLESS user makes improper rule-set modifications…
     
  17. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    I believe you and changed my setting back.

    What bothers me is that it tells me what apps are using the internet and not letting me get on sites(without having to completely disable LnS.
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    I can explain that; Look ‘n’ Stop’s Application Filtering Layer detects at a very early state when something is trying to access Client Environments to access the outside resources… ;)
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    When you get chance I still like you to run those 2 tests for me…

    http://www.wilderssecurity.com/index.php?action=display;board=13;threadid=12846;start=0#msg82450
     
  20. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    I just tried 1, doesn't work. I'm on two and I de-checked interent filtering. It works now. Just wait and I need to follow the rest of the steps.
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    ok :)
     
  22. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    It works after re-boot. Now I just need to re-check internet filtering again... *bum bum bum*
     
  23. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    well, it doesn't work. The only way it works is if internet filtering is un-checked.
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey p00ter_nerd

    If I had copy of the Log-file sent to me I could have had it resolved long ago…

    And I don’t want to frustrate you any further by giving you a work around unless you want to proceed further with tests?
     
  25. p00ter_nerd

    p00ter_nerd Registered Member

    Joined:
    Aug 24, 2003
    Posts:
    40
    This is getting annoying. Is it safe if interent filtering is un-checked? My blocked down and uplinks both go up when it is unchecked, meaning it still has some protection...
     
Thread Status:
Not open for further replies.