new version 2.05 beta 01

Discussion in 'LnS English Forum' started by Thomas M, Dec 11, 2003.

Thread Status:
Not open for further replies.
  1. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    I am surprised to see so few reports about problems with the new LnS 2.05. Does it mean Frederic has done a perfect job ;)

    Unfortunately I am too busy right now to test it on my own, but I will try on December 26th...

    Thomas :)
     
  2. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Ok, I just downloaded LnS 2.05 on my old Win98SE machine to give it a fast try.

    1.) installation on top of 2.04: no problem

    2.) usage of my previous ruleset: no problem, run full stealth at GRC.

    2.) configuration of the new application filtering module including specific ports/addresses: no problem

    3.) stability: just perfect

    In summry: Frederic, you did a perfect job!!! And the installation file is only 600KB in size

    The only thing that makes me thinking is, why do I still need to configure specific ports in the Internet filtering moduleo_O Doesn't the app filtering covers all of my allowed ports?? But my brain is blocked: I am so damned tired at the moment, because I have way too much work at my office....
    Is there maybe someone in this forum, who could shine some light on this...

    Thanks so much Frederic for this update,

    Thomas :)
     
  3. Phant0m```

    Phant0m``` Guest

    Heya Thomas M

    That's because Look 'n' Stop works diff from other Software Firewalls, trusted Applications still needs rules at the Internet Filtering Layer....

    * Application Filtering Layer
    * Internet Filtering Layer

    ;)
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Thomas,

    Thanks for your positive feedback. :cool:

    And the new bitmap on the welcome page "consumes" 52 KB... ;)

    The Internet Filtering is still very important. For incoming packets this is the first barrier, and these packets are not necessarily associated to an application.
    The port selection in the application filtering is especially useful when you want to limit an application to use some ports only (for instance 110+25 for an email client, and block port 80). It is only for outgoing connections.

    You're welcome.

    Frederic
     
  5. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Hmm, maybe I have found something:

    I created a complex application filtering rule for TRILLIAN.

    It allows the following address ranges:
    (copy-paste)
    64.12.24.12-64.12.24.34;205.188.1.152-205.188.179.233;216.136.130.46-216.136.233.238;66.163.173.78-66.163.173.202;207.46.104.20-207.46.108.23;65.54.226.247-65.54.231.248

    plus it allows the following ports:
    80;443;1863;5050;5190

    However I get constant logs with:

    APP: IP Address not allowed for TCP:
    Port: 443, IP: 65.54.231.240
    (This is the MSN auth server)

    But my allowed port/IP range rule in appl. filtering should cover port 443 and also 65.54.231.240

    So why do I get these logs o_O? I can not connect to the MSN messenger network...

    Thanks for help,
    Thomas :)
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Thomas M

    Masking Example; 65.54.231.0/65.54.231.255

    For MSN Messenger to connect Port 443tcp and IPs 65.54.230.240;65.54.231.240 needs to be specified…

    Enjoy
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Thomas,

    I think you reached the limit of conditions. This limit is fixed to 10 and you are using 11. Unfortunately, there is no error message when this occurs, I will add one.
    To confirm that, could you place "65.54.226.247-65.54.231.248" at the beginning of the list (instead of the end).

    Thanks,

    Frederic
     
  8. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Frederic,

    I hope you can follow my report :rolleyes:

    Most important: This huge application filtering rules for Trillian get lost after starting TRILLIAN! The IP range and port selection is gone... Could this have to do with more then 10 entries in the IP-fieldo_O

    Anyway, first I changed the one address range as requested from the end to the begin of the line. Still no connection.
    Then I added the single IP (which is shown as blocked in the logs) for this port 443 authetification connection. Now it works, independent of the location of this IP (begin or end of line) This is what I am calling problem number 2 in my list at the bottom of this message.

    So here is my current application filterting definition (before it disappears...)

    ports: 80;443;1863;5050;5190
    IPs: 65.54.230.240-65.54.230.248;65.54.231.240-65.54.231.248;64.12.24.12-64.12.24.34;205.188.1.152-205.188.179.233;216.136.130.46-216.136.233.238;66.163.173.78-66.163.173.202;207.46.104.20-207.46.108.23

    As you can see, the line is even longer then before!

    And here are my current TRILLIAN connections according to LnS:

    Yahoo (5050):
    allowed range is: 216.136.130.46-216.136.233.238
    connected to: 216.136.226.208

    AIM and ICQ (5190):
    allowed ranges are: 64.12.24.12-64.12.24.34,
    205.188.1.152-205.188.179.233

    connected to:
    64.12.26.23 and 64.12.29.179
    THESE IPs ARE SHOWN AS CONNECTED TO MY MACINE, BUT ARE OUT OF RANGE OF MY ALLOWED IP RANGE DEFINED BY THE RULE!!! Now I know this is no surprise, since all entries disappear after a while! I tested this twice with reboots in between!

    and connected to 205.188.7.160, 205.188.5.152
    this is OK with my rules

    MSN (1863):
    defined rule is: allow 207.46.104.20-207.46.108.23
    connected to 207.46.106.173

    MSN (443):
    defined rule is: 65.54.230.240-65.54.230.248
    65.54.231.240-65.54.231.248

    So now I have 2 problems:

    (1) My specific entries in the applic.filt. list for Trillian .exe are disappearing after a while.

    (2) For port 443 auth with MSN I can not define a range of IPs, it somehow needs a single IP address to connect.

    Unfortunately I am too busy at the moment to help you with this problem, Frederic! The pre-Christmas time at work is horror :(
    Maybe someone else in the forum can cofirm my observations?? For example I think "tosbsas" is using TRILLIAN, too.

    Thomas :)
     
  9. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    To be more specific:
    After each reboot all of my entries for the application filtering rule for "Trillian.exe" are missing!
    All other entries from other apps are still there!

    Thomas :)
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Thomas,

    Thanks for your help.

    I effectively found some issues when the maximum number of fields is reached (all fields were reset).

    So, this will be fixed in a 2.05b2, with the addition of a message box when the limit is reached.

    Regards,

    Frederic
     
Thread Status:
Not open for further replies.