newbie questions

Discussion in 'LnS English Forum' started by jag1967, Aug 19, 2004.

Thread Status:
Not open for further replies.
  1. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Hi

    LnS - great product!

    Just a couple of questions though:

    - most firewalls when asking if you want a prog to access the net allow you to also set as a client and/or server. By default, does LnS do neither? Sorry if this is such a dumb question (!)

    - I used to use sygate. This f/w showed individual progs/services trying to access the net such as ntoskrnl.exe, LnS doesn't seem to show these things?

    thanks
     
  2. callthedoctor

    callthedoctor Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    7
    Good questions....


    I'm new to LNS and would like to know also....

    I can't seem to find anyway to see 'real-time' net activity....
     
  3. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    you can do the same, but it is not presented in the same way.
    For instance you just want an application to send traffic but not to act as a server : create the rule to allow outoing traffic, and inbound traffic from them (create so one inbound/outbound rule) and create an additional inbound rule toward the local server ports of this application and deny the traffic.

    It is not as easy as to check a box, but it is possible.

    Then generally, in my opinion, if you allow an app to access the internet (for particular ports and protocols) why would you will to deny it to bind to your network interface to receive data if it has been restricted to only receive data from allowed IP and ports ?

    gkweb.
     
  4. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Thanks gkweb

    My follow up questions will reveal how much a newbie I really am :oops:

    Lets take an example. When using firefox, I authorise it, so it appears in the application filtering window with the green indicator.
    Should I leave it at that? What is the default regarding its client/server status, when I just authorize it & do nothing else.
    Or should I set up rules about what port it should access etc as you indicate. Not that I really know how to do this :doubt:
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi jag1967,

    With Look 'n' Stop, the Application Filtering doesn't contain a server/client selection.

    By default the Internet Filtering block common ports for incoming server connections and you can fully block incoming connection by using the "Blocking the incoming connection" rule (see here).

    After that, if you need anyway to allow an application to act as a server, here are the steps:
    - the application needs to be allowed in the Application Filtering
    - in the Internate Filtering, create a specific rule to the port used by the server application (21 for FTP server, 80 for Web server...).
    - additionnaly (for a better security) associate the server application to the rule

    Frederic
     
  6. jag1967

    jag1967 Registered Member

    Joined:
    Sep 17, 2003
    Posts:
    68
    Thanks Frederic

    Looks like I'm gonna have to some homework before I grasp the real power of LnS :eek:
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    After all this time I’m still puzzled why ntoskrnl.exe isn’t detected by Look ‘n’ Stop when some other powerful software firewalls like Sygate, BitGuard… are capable. Is this file excluded on purpose? Or do this and other apps and alike bypasses the detection from Look ‘n’ Stop Application filtering?
     
  8. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Is it the same as the "System" process referenced by Task Monitoring apps ?

    If yes, it is allowed by default.

    Frederic
     
Thread Status:
Not open for further replies.