Lns , I dont' Understand T_T ??

Discussion in 'LnS English Forum' started by kamui, Aug 25, 2003.

Thread Status:
Not open for further replies.
  1. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    Hi

    I Receveid a net send spam with Phantom 3 rules o_O, how it's possible I have the best rules of the world for lns :cool:

    Thx ;)
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    kamui

    It's probably because of the manual modifications you made and rules you imported... Send your copy of the rule-set via E-mail and i'll thoroughly Scan through it...
     
  3. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    it's in the box , Bro ;)

    Thx for your support ;)
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey kamui

    There is fault in “ALL” those Additional rule(S) which authorizes; they all need to be disabled or deleted and re-worked. You need to have better understanding of rule-base Software Firewalls before you attempt to add rules otherwise you’ll be doing more harm then good…

    And there are at least 5 rules at the bottom of the rule-set which isn’t there, been deleted? Two are very important rules.
     
  5. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    I agree with Phantom. Do not delete rules until you understand what they stand for, especially the last few rules as one blocks all other udp packets not previously authorized, another one all ICMP types not allowed by other rules, and finally the last rule which blocks any other packets not already authorized
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Actually he was using Phant0m`` Rule-set $v3.0 and the rules that were deleted;

    GRE : Allow (Disabled)
    Other : Allow (Disabled)
    ARP : Authorize all ARP packets. (Disabled)
    ARP : Authorize all ARP packets (Enabled)
    Block : All other packets (Enabled)

    And the last rule which is labelled “Block : All other packets” applies to ALL (IP & Non-IP or Other IP Protocols), Look ‘n’ Stop has “BLOCK ALL” Feature coded right into the Application, so considering that even with that rule disabled or deleted it’ll still be functioning as if that rule does exist. But for number of reasons such like one, Logging purposes I wouldn’t delete that rule.
     
  7. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    Thx Guy , I don't understand ,i Just only add rules "Trillian Rules and anti RiAAA anc co" and don't delete other , how could be happen o_O, by error ,perhaps :rolleyes:
     
  8. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    oky i dlete the last rules set and I set up a new clean ph3 rules ;) , and I have now , my 4 miss rules ;)


    And other questions , How many you can stock in lns ?? , because I have about 90 :eek:
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey kamui

    If you didn’t manually delete the rules then something else happened, perhaps file became corrupted…

    I’m not sure how many rules Look ‘n’ Stop can hold in a rule-set…

    Now since you using a nice clean copy of the rule-set, try learning rule creation before adding any rules to the rule-set...
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Using Phant0m`` Rule-set $v3.0 you shouldn’t have an issue Initiating Connections, however it’s the Initiating Connections from the remote machines which you need to configure rules for when in reference to p2p Software.

    Visit http://www.wilderssecurity.com/showthread.php?t=8806

    Tell me if this helps you understand rule creating little better… :D
     
  11. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    thx Phantom ;)

    What do you think about this rules ;)

    http://www.rz.uni-frankfurt.de/~wagner/lns-rules.html

    :D
     
  12. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    I found a good lns guide for french user like me :D
    http://karibou10.free.fr/tuto/lookstop.htm
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Actually what you see is Outdated Information from Look 'n' Stop french section of the Official website...

    http://www.soft4ever.com/LooknStop/Fr/faq.htm
     
  14. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    oki hx ;)

    Another questions

    By defaults anti Mac spoofing and DNS-Allowed-1 are not quote in Lns , I must quote them in grenn or not o_O

    because i notice that if i quote DNS-Allowed-1 i can connect to the web , and in the other side if i unqote it I can't connect :rolleyes:
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey kamui

    Read the Instructions on the Download page…

    http://www.wilderssecurity.info/Phant0m.shtml ;)
     
  16. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    I read you guide but you don't answer to my questions , in lns i must quote the two rules or not o_O

    plz help, I have à big doubt ;)
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey kamui

    Reason why I had posted the url is because what you ask is all there…

    Rule(S) that needs to be configured and activated.

    • +Anti-MAC Spoofing • UDP-0+: BOOTP / DHCP
    • DNS-Allowed-1 • UDP-0-: BOOTP / DHCP
    "

    Yes the rules needs to be configured and then Activated [Enabled]… :D
     
  18. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    LOL, no prob :)
     
  20. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
Thread Status:
Not open for further replies.