More Feature Requests

Discussion in 'LnS English Forum' started by Phant0m, Jun 25, 2003.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Look ‘n’ Stop has a lot of nice Features, but oftenly I miss a number of the Features which was part of ConSeal PC Firewall.

    Like;

    Warn Safe: This option causes traffic matching this rule to cause an immediate warning to user. This is useful when incoming traffic is considered an active threat or breach of security. A warning is issued no more than ever 2 seconds. This is intended to maintain your system performance against heavy traffic...

    Note: With Look ‘n’ Stop’s Default Warning (Logging to Look ‘n’ Stop Log-screen) if large amounts of data are passed, this message warning (Logging to Look ‘n’ Stop Log-screen) will affect system performance, and thus is where “Warn Safe” Feature comes in handy…

    Log Always: This option causes traffic blocked or Allowed by this rule to be recorded in the log file. This is useful in monitoring suspected activity. A log message is written for every data packet blocked.

    Note: Look ‘n’ Stop currently only Logs to file that of which is configured with a Warning Flag (Logging to Look ‘n’ Stop Log-screen), but you have no option to log-to-file whether or not you like to be Warned (Alerted in Look ‘n’ Stop Log-screen).

    I miss this Feature; I really enjoyed this Feature, enabling this Feature on all the Authorized Traffic which normally we don’t configure a Warning Flag (logging to Look ‘n’ Stop Log-screen) because of the annoyances, thus Feature allowing us to go through our logs looking for any security breaches, and Privacy violating traffic at the end of the day or whenever…

    Log Safe: This option causes traffic matching this rule to be recorded in the log file. This is useful in monitoring suspect activity. A log message is written no more than every 2 seconds. This is intended to maintain your system performance against heavy traffic...

    Log Connections: This option causes TCP Connection attempts to be recorded in the log file. This is useful in recording the systems you accessed...

    Anyways this is enough for the moment; I hope you guys will carefully view and take into consideration and show your support and even E-mail Frederic requesting these features… Otherwise how else we going to get these Features if no-one request them? ;)
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    @Feature Request;

    I think one of the reasons why anyone hasn’t attempted to code up Look ‘n’ Stop Log Analyzers is because there are no indications whether or not the logged Traffic is Allowed or Blocked except if you count by Rule-name only :'(. If this Detail stating whether or not Traffic was Allowed or Block was implemented I think this may give coders the push needed to start building up Look ‘n’ Stop Log Analyzers…
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    @Feature Request;

    Ruleset scope: Feature which provides two selections

    One for All Network Devices (default) - this makes the firewall behave in exactly the same on all your devices, using the same ruleset.

    Separate Rulesets for Each Device - this will create a separate ruleset for each device the firewall finds on your system.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    @Feature Request;

    In Rule Editing Dialog there should be Service Drop-down List which provides some of the common Services that you can select from which will automatically insert the Source & Destination Ports Info into the Rule Editing Fields to assist beginners…

    Identification
    E-mail (POP2)
    E-mail (POP3)
    E-mail (SMTP)
    HTTP (World Wide Web)
    HTTPS (Secure HTTP)
    News (NNTP)
    IRC - Internet Relay Chat
    Gopher
    DNS
    RIP
    file and print shares-UDP
    file and print shares-TCP
    ftp
    telnet
    ICQ
    WINS
    RealAudio Part 1: TCP
    RealAudio Part 2: UDP
    ...
     
  5. Plavi

    Plavi Registered Member

    Joined:
    May 1, 2003
    Posts:
    27
    Hi Phant0m & Frederic,

    Im a new L&S user.

    Unless i have misiterpreted Phant0m, i would agree that it would be nice to have a feature (additional info) that differentiated between what was a malicious attack and a friendly ping, or the like. As it stands everything in the log, dispite the e.g. "Block incoming connections" note, looks fine/friendly i.e. normal network activity. I previously tried NIS and ZA - didnt like either anywhere near as much as L&S, but they did inform more clearly when and when not one should start worrying.

    P
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Plavi

    I’m glad to see you sharing your opinions on the matter...
    Hope to see more of it :)
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Any thoughts? *puppy*
     
  8. milobac

    milobac Guest

    A little feature request: could it be possible to use a list of banned IPs (every connection from or to these IPs are blocked).
    Actually, something like PeerGuardian, but in LnS ;).

    I think it is possible by adding a lot of rules, but it uses a lot of CPU and memory...

    Thanks.
    milobac.
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey milobac

    More and more everyday are requesting IP Ban-List Feature in Look ‘n’ Stop, I actually asked for Plug-In with this capability but from what I been told making such a Plug-In also needs works at a driver level.

    And I don’t feel it’s appropriate to make billions of Look ‘n’ Stop rules, even though IT DOES NOT USE A LOT OF CPU AND MEMORY….

    About PeerGuardian yea I actually use this program when I open p2p Software, good program but I prefer not to use it.

    Anyone list off what Software Firewall these days that offers Ban-List capabilities? ;)
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    With few seconds work I made an incomplete version of IP Ban-List Dialog to give some thoughts on an approach.
     

    Attached Files:

  11. milobac

    milobac Guest

    Yeah, looks nice :).

    Don't forget to add an "import" function :D.
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    :D
     

    Attached Files:

  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    LOL!!!!
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    YEAAA!!! THAT IS EXACTLY WHAT I WAS LOOKING FOR TOO!!!! :eek:
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    New webpage Available, "Feature Requests", http://www.wilderssecurity.info/Feature-Requests.shtml
     
  17. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    General review of the feature request :D

    One important part that phant0m was hoping to see is

    "UDP/ICMP Stateful Packet Inspection"

    Now it would be a good thing to have this included has this would benefit the actual udp protocol to be more inspected and not being less imporant in the mix of being able to control the udp packet type of information.

    then we have the Ruleset Scope

    Think about since alot more people have more then one kind of device it would be avisable to be able to use the same ruleset or independant rules set for each device that you have? no ? I have my usual nic and some other network related component... and I have to admit that sometimes it does create a pain.

    Warn Safe, Log Always, Log Safe, Log Connections

    Now what can I say about this one?? Frederic YOU NEED this !! Hell !
    :) *sigh*


    will continue my own review of the features later on.
     
  18. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    In the LNS Log viewer, i would like to have an icon for each type of alert, or at least for each "EXE" related alert, in this case the executabe icon, to make the log more view-friendly :)
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Yes I would like that, and in addition Allow/Block icons to indicate packet authority. :D
     
  20. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    yea good one too Phant0m !

    green arrow for allow and red for blocked :)
     
  21. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    I'll be moving up a few things here so I'll be posting a view on some mentioned features.
     
  22. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Extended Application Filtering
    -------

    Extended Application Filtering, whether its an enhancement to "Ports and IP address selection" in v2.05x or an additional layer which offers us the following capabilities:

    - Controls for both source IP/ports & destination IP/ports
    - Tying IP to port
    - Application Filtering rules that can be exported/imported
    - No limitations of how many rules per Application
    - Controls for Local Activities (Loopback)

    I feel that this is something that should of already be implemented, this is something I would of like to see has all application might request different specific access to the internet on various port and if every program ca be configured for a specific rules set HELLO! :)

    Being able to import and export rules for apps would be a good thing has then we can rely on phant0m to pop up the rules maouhaha :D
     
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    RIGHT!
     
  24. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    :D

    where's my carma cookie?? I'm hungry now! :D
     
  25. technogeek

    technogeek Guest

    Have any of the above suggestions made its way into LNS yet? thanks
     
Thread Status:
Not open for further replies.