Mobile security settings?

I've decided to take the plunge and give LnS a shot. After scouring numerous posts from several forums, and pounding my head into my computer with that incessant "ding" and countless dropped/blocked connections, I think I'm finally at a stand-still...

Some quick background information first: I'm a student a college and with the commute to campus everyday, my laptop pretty much goes wherever I go. With it, I connect to a private wireless network at school as well as one at home. The school network uses WEP encryption using PEAP authentication, while my home network uses WPA-PSK encryption/authentication. Until recently, I swore by Norton SystemWorks and Internet Security. Then I learned about LnS (coupled with NOD32 ) and haven't looked back (I still keep SystemWorks around for regular system maintainence though). LnS version 2.05 is installed.

My problems currently have (so far) two parts:
1) My WiFi connection keeps dropping and reconnecting every few minutes.
2) I have two completely separate networks which I regularly need to use.
3) Are there different recommended settings for mobile users as opposed to desktop machines?
These problems didn't really seem to surface with NIS, so I know they shouldn't be ISP related, but somehow firewall-specific.

Initially after installing Look'n'Stop I was using the Enhanced Rule's set with Patrice's Configuring Look'n'Stop with Routers guide.
This seemed to work ok, but the connection was dropping so often in both environments (a separate IGMP rule was created for each network) that it was difficult to do work. If i remember right, this was around the time i was noticing quite a few "Type Ethernet: 888E" and "Type Ethernet: 0000" messages in my logs.

After scouring , searching , translating , and googling, I discovered that the error was related to the WPA authentication and/or the capabilities of my hardware being used. Since all my drivers and firmware is about as new as it gets right now, I attempted the rule described by JF in this thread and made sure the Raw Rules edition plugin was installed as instructed. I ran into a problem though, the MAC addresses from the raw rule wouldn't save when I tried to update them to my own.

..... Rats....

In the mix of randomly searching for answers, I managed to learn about Phant0m's Rule Set and decided to give it a go just for grins and chuckles.
After even MORE searching (waay too many links on this one...), much rule-set-massaging, and several reboots later, I think I've got the connection issue solved, at least at home. School will have to wait till tomorrow.

I did manage to stumble across a way to make the MAC addresses stick with the imported "ETH - WiFi Router - WPA encryption" rule: the values for "Value1" would save decimal values, but not HEX values... so I fired up windows calculator, put it in Scientific mode, clicked Hex and Qword, punched in the necessary MAC address, then clicked Dec and VOILA! your mac address is now in a saveable decimal equivalent.

As of writing this, the connection does still continue to drop occasionally, though the logs are completely blank. I know with the settings the way they are, I'll have to repeat/reconfigure at least 4 rules for each network I try to use, so FINALLY... back to my original questions:

Why does my connection keep dropping?
Is there a way to apply the rules to any specific network I choose to connect to?
Are there better rules/ordering that should be used for people like myself (and I'm sure others as well)?


Sorry for the long post, I'm hoping some pieces of my experiences will eventually help others along their way as others have with mine. Attached is my ruleset order for critique.

Thanks in Advance!

 

Quick update: I've had to temporarily revert back to WEP Shared for compatibility reasons with another computer, but the connection continues to get occasionally dropped. So maybe WPA-PSK has nothing to do with it...

 

When the connection is dropping, do you have some specific alerts in the logs ?

If you want to have some rules specific to a network, the best way is to use the MAC address, or eventually the IP address.

Better rules, I don't think so, when you will succeed to have your connection working well with only few additional rules on top of the Phant0m ruleset.
Better ordering, I don't know if we can say an ordering is better than an other one. For me either an ordering is working or not. After that, it's only a question of visibility, and it is more convenient (when possible) to add your own rules on top of an existing ruleset your are using.

Frederic

 

Sadly, nothing shows up in my logs when i get disconnected, or ever for that matter, so it's a little frustrating to see it happen and not have much to help debug the situation

 

Perhaps some packets are blocked without alerting.
You could try to put the ! for all blocking rules.

Otherwise, perhaps the problem is more related to Application Filtering than Internet Filtering.
Disabling one only of the filtering should help to confirm what is the level of filtering causing the issue.

Frederic