Look'N'Stop Beta 2.05

Discussion in 'LnS English Forum' started by RobNyc, Jan 23, 2004.

Thread Status:
Not open for further replies.
  1. RobNyc

    RobNyc Registered Member

    Joined:
    Sep 28, 2002
    Posts:
    27
    Location:
    NYC
    I'm using this beta and I don't know if it's a problem with the beta because I haven't tried the release version but I ran a security check in grc.com >

    I like Look'N'Stop but it has a lot of open ports

    113
    IDENT
    Closed Your computer has responded that this port exists but is currently closed to connections

    1024
    DCOM
    Closed Your computer has responded that this port exists but is currently closed to connections.

    1025
    Host
    OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

    1026
    Host
    Closed Your computer has responded that this port exists but is currently closed to connections.

    1027
    Host
    Closed Your computer has responded that this port exists but is currently closed to connections.

    1028
    Host
    Closed Your computer has responded that this port exists but is currently closed to connections.

    1029
    Host
    Closed Your computer has responded that this port exists but is currently closed to connections.

    1030
    Host
    Closed Your computer has responded that this port exists but is currently closed to connections.

    1720
    H.323
    Closed Your computer has responded that this port exists but is currently closed to connections.

    5000
    UPnP
    Closed Your computer has responded that this port exists but is currently closed to connections.


    Then all the rest were stealthed
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey RobNyc

    Have you switched from StandardRulesSet.rls to EnhancedRulesSet.rls rule-set yet?

    In Look ‘n’ Stop Internet Filtering screen go-to “Load…” button.. ;)
     
  3. RobNyc

    RobNyc Registered Member

    Joined:
    Sep 28, 2002
    Posts:
    27
    Location:
    NYC
    Just did it .. There we go perfect =]
    Another Question, is being pingable good or not?
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    As in ICMP Ping? ;)
     
  5. RobNyc

    RobNyc Registered Member

    Joined:
    Sep 28, 2002
    Posts:
    27
    Location:
    NYC
    Ya
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Allowing ICMP Pinging of your Machine can be a bonus for the Attacker wanting to wipe you off the Internet easily. ;)
     
  7. RobNyc

    RobNyc Registered Member

    Joined:
    Sep 28, 2002
    Posts:
    27
    Location:
    NYC
    Ouch! . But I noticed when I ran the dslr tweak test I am pingable because it pinged it and I saw my ping rates
     
  8. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Being 'pingable' is not as evil as he makes it sound, but there are some malicious things people can do with it.

    Its fine to use your normal icmp rules that don't make you 'pingable', but you can also easily make two rules to allow a single site to ping you. Make sure they go above the icmp blocking rule(s).
    Inbound icmp type 8, code 0 from xx.xx.xx.xx
    Outbound icmp type 0, code 0 to xx.xx.xx.xx
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    BlitzenZeus

    A Computer that is “Pingable” can be wiped off the Internet much easier then a Machine that is not, are you trying to say otherwise?

    Hey RobNyc

    BlitzenZeus is right that the Look ‘n’ Stop EnhancedRulesSet.rls rule-set contains normal ICMP rules that don’t make you “pingable”.
     
  10. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Ok, just who are you going to piss off that would want to force you offline by filling your inbound bandwidth anyway, effectively doing a Denial of service attack, or send some of the malicious variants of the icmp 0 packet? Realisticly most people will not have this used against them, but most firewall configurations do block type 8 inbound along with most of the other icmp types and codes.

    To this day servers have ran on the internet without any ill effect from responding to pings, even with everything malicious you can do with them.
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    To simplify what BlitzenZeus had said, he agrees… Thank you BlitzenZeus! ;)
     
  12. RobNyc

    RobNyc Registered Member

    Joined:
    Sep 28, 2002
    Posts:
    27
    Location:
    NYC
    Okay got'cha then I guess I'm good I haven't edit nothing I only changed from the rule set they told me to change since i wasn't stealth and stuff
     
  13. RobNyc

    RobNyc Registered Member

    Joined:
    Sep 28, 2002
    Posts:
    27
    Location:
    NYC
    Heheh thanks
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Anyone who’s anyone knows you don’t need to give a reason for a lamer to start attacking. ;)
     
  15. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    LOL, should I put on my tin foil hat now? Are they coming to attack me? :)

    The only thing I could consider an 'attack' was some lamer who was getting their butt handed to them in an online game, and wanted to flood my bandwidth. Well they coudln't do that on their DSL connection with 128kbps upload when I had cable! :cool:
     
  16. RobNyc

    RobNyc Registered Member

    Joined:
    Sep 28, 2002
    Posts:
    27
    Location:
    NYC
    When you're pingable aren't you going faster?
     
Thread Status:
Not open for further replies.