New ICMP message in Log

Discussion in 'LnS English Forum' started by hjbyram, Dec 22, 2006.

Thread Status:
Not open for further replies.
  1. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    I am still a newbie, but 1st let me say, I have executed the Shields Up! tests and my PC passed all of them - I'm thrilled.

    My question is regarding a new ICMP message I am receiving:
    I have a Westell Versalink Router, Model 327W & Verizon DSL. The router includes a wireless connection - which I am not using currently. However, I did recently reconfigure the wireless portion to only allow my PC & Laptop.

    I just noticed that I am now receiving the ICMP message for the DSLROUTER, Type:3 (destination unreachable) Code:4 (fragmentation needed & DF set). The router (internet) is trying to communicate with my PC. But I don't know if this is good or bad.

    How can I determine if a new rule is needed to allow for this, or if, in fact, it is correct to block it? Thanks (as an fyi, there's a possibility a neighbor was connecting to the internet through my previously unprotected wireless access point, perhaps not deliberate on his part, but stupid on mine for not securing sooner)
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    You may add a rule to authorised the Icmp Type 3 code 4.
    This is often required for some router, some internet connections and local network.

    I joint the rule. Just removed the ".txt" and import it in your rule set.
    Put this rule at the end of your Icmp's rules, save it and reboot.

    Hope this help. Let us know.

    :)
     

    Attached Files:

  3. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Hi Climenole, remember me? To much Christmas, then too many problems with the Westell Versalink Gateway modem.

    So, the Westell modem has been replaced with the ActionTec GT704WG DSL Gateway modem.

    I did copy in your rule, and placed it at the end of the ICMP rules. Before rebooting, I was getting messages in the log from this rule. After rebooting, I see tons of these (original) messages for the new modem, with dslmodem.domain as the address. I think I need to review my original installation set-up instructions & check if I need to plug in the actual modem IP address.

    Things work, my downloads (my original modem problem) take forever.

    Thanks for the help!
     
  4. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Climenole - fyi, I fixed the IGMP:Allow Packet rule to reflect the new modem address. I am still getting ICMP:All ICMP(nukes ---) etc. in the log, however, it now reflects the correct address instead of the dslmodem.domain in the address.

    Tonight I will be working on adding the additional router rules that I didn't seem to need in the past.

    Thanks!
     
  5. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    Is it possible for you to upload a sample of your LNS log with your next message?

    Most of the time the log is a good source of information to fix a problem...

    In the internet filtering tab, third column, put an exclamation mark to keep track of all rules used by LNS then make a copy of your log (C:\Program Files\Soft4Ever\looknstop\logs), rename it for xxx.log to xxx.txt and upload it here.

    If your're using a modified rule set it's also a good idea to upload it here...
    just add a .txt extension to the rule set ...

    :)
     
  6. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Hi Climenole - yikes - I deleted my original post because I had done something really really so stupid, I won't tell you what I did. Oh what the heck here's what I did - left .txt on my rule set when I imported it again - what an idiot! :oops:

    My log is looking much better & I will send you the log tomorrow - to make sure it truly reflects everything correctly now. I cannot believe I did that - I just now noticed it.

    I have uploaded the current copy of the rule set I am using - with the .txt!

    Since installing the Actiontec Gateway Router, I have found these issues:
    1) To upload my rules set to post just now, had to shut down LnS
    2) ShieldsUp! test shows all ports stealthed, BUT, fails the Ping test - with the old Westell, I passed all of these tests
    3) Although I can go everywhere on the internet, I cannot post to this forum without closing LnS; I cannot access my online Verizon DSL account or my online Verizon Webmail - unless I shut down LnS
    4) Everything works fine in Outlook Express, excepts download take forever

    The slow downloads was my initial issue, and it appeared the old Westell gateway router was giving out with very weak internet signal.

    Will send the log sample tomorrow - any help is greatly appreciated!
    Thanks!
     

    Attached Files:

  7. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Climenole - don't get this - but with LnS active, I was just able to log into my Verzion WebMail & my account - did it multiple times in a row. This was the first I have been able to do so since installing the new router.

    Will try leaving LnS active when I post this & see if it will post.

    THANKS
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    1) Its possible something else besides the packet-filter is playing a roll here, depending on the windows and the features activated in Look ‘n’ Stop, and what’s there currently set to be denying for connecting, starting rights on Application filtering screen.

    2) Routers (with its default configurations) usually at fault for responding to PINGs, so far all the routers I have came across does offer controls to enabling blocking of WAN PINGs…

    3) This can be simply a DNS issue, see any loggings for UDP packets with port 53 for either source or destination ports?

    4) This also can relate to DNS issues


    To make it simple for you, make it simple for the people trying to help you, just poster the Log contents showing of the blockings for that timeline you experiencing problems...
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Try cleaning your browser caches, and do this in CMD (Command Prompt), IPCONFIG /FlushDNS

    Then with Look ‘n’ Stop still running, and with Look ‘n’ Stop Application filtering and the Internet filtering features both active, and with your Network Adapter selected on the Look ‘n’ Stop options screen, try Verzion WebMail and re-posting to the wilders forum again… ;)

     
  10. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    So you have done somethings stupid ? Great! Wellcome to the Club!
    I guess stupidities are normal in the (in my) learning process ... ;)


    Ok, thanks.

    Realy ? Hmmmm ... Strange: if you make a copy of the rule set you don't have to shutdown LNS...

    Check the router setup: most of the times the "ping" problems comes from there...

    May be a problem related to your DNS rule parameters...
    The DNS server IP addresses in the Windows connections parameters and the addresses in the DNS rules must be the same.
    If the problem is related to the DNS server of yout ISP you ma use the OpenDNS server instead.
    http://www.opendns.com/

    If you decide to use this DNS service the connections parameter of Windows and the LNS DNS rules must be changed accordingly ...

    OK : I'll checked this and give you my opinion on this very soon.

    Phant0m give you some hints about your connection problem. Check this too.
    :)
     
  11. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    I checked your rule set and made some modifications.
    The main problem was with the DNS rule which have no IP addresses for your DNS server...
    I put my DNS servers IP addresses in this rule as example.

    I out the DNS servers Ip addresses of OpenDNS which is an alternate DNS server. It can be used by anybody. If you used these addresses instead of the ones of your ISP DNS server these changed must be reflected in both Windows connections parameters and your LNS DNS rule. (Reboot the PC to apply any modifications in this...)

    See Picture (letter B in blue...)

    The second problem was with the rules "Netmeeting" ... These are specific rules for programes such as MSN Messenger, Windows Live Messenger and so on...

    See Picture (letter A in red and C in green...)

    The program allowed in the application filtering must be added to these specific rules. For example I put in your Netmeeting rules Windows Live Messenger (change this to the program you're using... save and reboot the PC after the modification...)
     

    Attached Files:

  12. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    The IP addresses of the DNS servers in Windows network connections:
     

    Attached Files:

    • nc.jpg
      nc.jpg
      File size:
      70.4 KB
      Views:
      387
  13. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    The DNS servers IP addresses in the LNS DNS Rule:
     

    Attached Files:

  14. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    The program included in a specific rule (Messenger as an example here...)
     

    Attached Files:

  15. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    And here the modified rule set (to be tested by you...)
     

    Attached Files:

  16. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    Because you're becomes an LNS expert very soon here I give you an other rule set to experiment ( have fun and ask question if needed... ;) )

    The is some rules disabled (The one for local network: purely experimental... )
    There is some other rules for specific application requiring TCP and UDP or UDP only:
    mainly for VoIP programes... check in the rule editing ...)

    Hmmm ... (Did I'm a LNS crackpot? May be... :rolleyes: )
     

    Attached Files:

    Last edited: Jan 13, 2007
  17. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    And last but not least a new version of the LNS well known ports...
    with 763 ports... (for LNS maniacs and crackpots only ;) )

    Rename the file "C:\Program Files\Soft4Ever\looknstop\lns_known_tcp_ports.txt"
    to
    "C:\Program Files\Soft4Ever\looknstop\lns_known_tcp_ports.OLD"

    then
    used the new one included with this message...

    Have fun.

    :)
     

    Attached Files:

  18. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    This is just a quick reply & thank you both for responding with so much great info. You'll have to give me a little time to digest & try it all out -- WOW this is great, Thanks so much!

    I have been playing with the new Actiontec firewall & cannot find the correct combination. I am back to all ports stealthed, but the Ping failure. SO, using ShieldsUP!, I probed port 53 - it is stealthed. I will call verizon again & see if they can assist with a fix for this one. (hey I had it so fortified, ShieldsUp couldn't find the server on occassion) I executed the ping test included within the Actiontec itself - it failed 2 tests: Far End F4 Loop & Near End F4 Loop. F5 Loops worked. Have no clue what that means by the way, but will find out.

    With verizon, they send you no documentation, and supposedly the gateway router is all setup for me to just install & use. The default firewall setting on the router is off & they rely on the NAT firewall. All I can do with the NAT is turn it off/on, so won't touch that! I have the manual, but it is no good for resolving issues like this.

    Will get back to you on the rest! THANKS AGAIN -you guys are great, H
     
  19. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Hi Climenole & Phant0m - I wanted to give you an update:

    1) I did the ipconfig/flushdns
    2) I corrected the Net Meeting LnS rules (duh, think I didn't save when I imported them originally)
    3) I updated UPD: Authorize name resolution LnS rulewith the 2 DNS servers provided from ipconfig/all (too chicken to try opendns yet!) another DUH
    4) Have called Verizon regarding disabling Ping on router & inability to sign on to Web mail - no help there.
    5) Haven't played with the extras Climenole sent just yet, either, though I checked TCP/IP properties. Mine is set to automatically obtain the IP address & to Automatically obtain the DNS servers. Is the Auto DNS thing an issue?

    RESULT: Sometimes it works, sometimes it doesn't

    BUT, another suspected problem, maybe root cause:
    I also use NOD32. I just happened to notice that when I boot up, the AMON scans are taking a VERY VERY LONG TIME. I think this might be my problem & not so much LnS?
    I am hopping over to NOD32 forum to search there. I see there is a new version of NOD32, but it appears mine is still the 2.51.30 version.

    Sneaking in 1 last question regarding Rule placement:
    Where should the UPD Broadcasting Signal rule (the one for routers) and the ICMP Broadcasting Signal rule (for routers) be placed in the list?

    As Always - THANKS!
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Assuming this is a correspondent DNS issue, you would see blockings on the Look ‘n’ Stop ‘Log’ screen, unless you had been toggling with different rules logging flag.

    I would suggest posting a screenshot of the Look ‘n’ Stop Log screen containing blockings for about the time you have bad experiences, or attach the right Look ‘n’ Stop log-file containing the time-line blocks... the log-file can be found in the Look ‘n’ Stop installed location (\soft4Ever\looknstop\logs\)


    Regards
     
  21. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Phant0m & Climenole - I think I have found the problem. I finally located some information for this Actiontec gateway router & found this Question/Answer:
    'Can I use Internet firewall or security programs with my network?
    Because the Actiontec Wireless DSL Gateway uses NAT firewall security it is not necessary to use any other program for security. The use of third party firewall or Internet security software is not recommended, as certain programs will create problems on a private network (Example. BlackIce Defender, Norton Internet Security and ZoneAlarm).'

    When I shut down LnS & do the ShieldsUp! tests - I get the same results as when LnS is active. It's looking like I can't use LnS with this Router.

    It does seem that when LnS is shut down, my problems go away.
    What do you think?
     
  22. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Sorry I forgot to include this -

    with LnS active, I can't post to any forums, either. I can log on to the forums, I can type my post, but when I hit submit, it clocks & then finally returns the page with unable to access server.

    I get the same results with LnS active when trying to sign on to Webmail. Also prevents some links.

    So, is there any part of LnS I can continue to use, or should I attempt to rely on the Actiontec people to protect me? Hmm, not sure I'm liking this router after all!
     
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Only problem with that Router of yours is, you aren’t yet able to block WAN PINGs, and when it doesn’t block WAN PINGs, your Router HARDWARE (NOT MACHINE SOFTWARE) is capable of responding back which is what’s happening with GRC ICMP PING test….. Anyways, I’d rather have the Router receive/respond then the PC to these packets…

    NAT firewalling in a Router is nice, several reasons why I wouldn’t use, instead of a software firewall, but what they really need to be saying here is … a standalone software packet-filter (aka firewall) may not be as necessary, but with a software firewall product like Look ‘n’ Stop you are benefiting from the Application filtering layer and other features which could differ by the window operating system you use…

    Have you activated Look ‘n’ Stop advanced features? Visit Look ‘n’ Stop ‘Options’ screen click ‘Advanced options’ button, click ‘Protocols’ button and make a list of all the entries you see there, and whether they are active and set to block, for me I see NETBT.SYS, TCPIP.SYS. Post back with the list…
     
  24. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Phant0m & Climenole -
    I wanted to pass on what has transpired this week, after several calls to Verizon and one to Actiontec.
    To fix my many problems, I had to uninstall LnS completely (following the documented procedures); Reinstall the software that came with the new Actiontec; things have cleared up considerably.

    What I got out of Actiontec is that they don't necessarily say you HAVE to uninstall 3rd party firewalls, BUT, you have to know explicitly how to configure them for their router. I'm hardly experienced enough to know how to do that, obviously!

    So, on to another question, which I will post in one of the other forums.

    Thanks so much for all of your time in trying to resolve my problem.
     
Thread Status:
Not open for further replies.