Newbie to LooknStop - OK for a novice ?

Discussion in 'LnS English Forum' started by Old Monk, Sep 19, 2005.

Thread Status:
Not open for further replies.
  1. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi Good Wilders folks

    Due to some problems detailed in another thread I have ditched ZA Security Suite for the time being. However, the only firewall I have used to date was that in the ZA suite and I found it really user friendly especially as it was basically 'set and forget'.

    Now I have to look elsewhere and am trialling LooknStop after reading a lot of threads.

    Basically, my question is if I set it up with the Enhanced Rule Set is that pretty much all I need to do to be fully protected ? I don't yet understand what these default rules are telling me and the setting up of rules is a bit beyond me at present. I'm impressed with the tests through GRC and PCFlank which tell me I'm stealthed everywhere.

    If I'm not able to set up rules should I really be looking at a different type of firewall ?

    Cheers

    Jon
     
  2. General Noel

    General Noel Registered Member

    Joined:
    May 3, 2005
    Posts:
    68
    Hi Jon,

    With the Enhanced Rule Set you should be protected from all kind of external attack.

    The things get tricky when you want something special (e.g use 2 PC, one behaving like a router etc).

    As a LnS user I must say that this firewall is very powerfull because you can select very specifically a port, IP adress or a MAC adress and do whatever you want. Moreover I apreciate to buy it product once for all without having to pay an anually fee.

    The drawback is that if you make a mistake you can expose your firewall to external attack easily. Therefore if you need to tune up your setting, you must make sure that you change on thing at at time, and that you test your firewall through an available online port scan like Secure Scan from Sygate or Shields Up from GRC

    Cheers

    Gen. Noel
     
  3. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks General Noel

    Seem to be stealthed on all fronts and intend to leave rules well alone at this stage and leave just as it is.

    So far really impressed.

    Thanks for your help.

    Cheers

    Jon
     
  4. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Sorry -just another question :oops:

    In ZA it was clear what was asking for server rights such as Generic Host Process. I denied everything server rights.

    What do I need to look for in LooknStop in Application Filtering as regards what is requesting server rights and what do I need to do do grant internet access without server rights ?

    Cheers

    Jon
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Jon,

    Actually incoming connections (server mode) are blocked directly by the Internet Filtering (packet filter), so there is no specific option for that in the Application filtering.

    Regards,

    Frederic
     
  6. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi Frederic

    Thank you very much for your quick response. Just to be clear then, the rules in the Enhanced Ruleset block any application from getting the right to act as a server ? If so thats great and actually easier than ZA for novice users in making decisions. :)

    Cheers

    Jon
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Actually the application is not really blocked, but the result is the same: the application will simply never receive incoming connections since these packets are blocked by the packet filter.
    To allow an application acting as a server, a specific rule has to be created in the packet filter. Then the application has to be attached to that rule, so the incoming connection on the specific port will be dedicated to this application.

    We effectively tried to be as simple as possible for the Application Filtering, so the questions asked to the user are direct and simple.

    Frederic
     
  8. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks again for your help Frederic

    Looks great so far and at present see no reason not to buy after the trial expires.

    May have one or two questions later.

    Cheers

    Jon
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I bought LnS only a few days after trialing, and have not regretted it in the least. In fact the more I see about other firewalls, the happier I am with LnS :) A rules based firewall couldn't be easier to use.. I especially like the fact that if you need specific rules for specific apps, you can either download them from the site or right click on the log entry and 'create rule'. If you haven't already, try the beta drivers and service, and if you use any p2p apps, you might try Phant0m's ruleset.
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada

    That's the Way I feel about LNS after only 3 to 4 weeks now!! And I Just use the EnhancedRulesSet.rls Instead of standard!!

    cheers,
     
  11. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Got to echo all the above and say that its great value for money as well. Iv been using look n stop over the last few years and Iv only had to pay the one licence . It will , as far as Im aware , stay as that till the version 3.00 arrives. Which is quite aways off if the time frame from 2.04 to 2.05 is anything to go on. Having the forum here is also great value.
    I know zilch about setting up rules and really are not that interested in having to get into that , so enhanced ruleset is fine with me.
     
  12. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks folks for your feedback.

    Reassuring to know that it accomodates both those who have knowledge of rules and those who don't.

    Just another thing regarding my logs and warnings - predominately I only get pop ups advising that such and such had matched a rule and this rule is the Blocks all other UDP packets. In laymans terms - what are these UDP packets ? Are constant alerts of this nature normal ? The log file doesn't specify the traffic was actually blocked unlike other incoming traffic but I guess this rule is working OK ?

    Sorry I can't be clearer - don't have machine in question with me.

    Cheers

    Jon
     
  13. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Jon,
    It depends on the kind of UDP packets (the port numbers and the direction: Uplink/Downlink of the packet), and the rule name that has matched.

    Usually if you didn't notice any particular connecting issue with one application, this means the rule is blocking unnecessary packets (either true alerts/scan or not), and so it is OK.
    If the number of these alerts is too high, then just remove the ! for the rule and the packets will be dropped silently.

    Frederic
     
  14. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks Frederic

    Just logged on my machine and I'm hit by logs referring to '' any other UDP packet'' - direction ''internet to pc '' covering Ports 1026 -1029 -same hit Windows Registry has invalid entries (disclosed in Data of packets contents) download Regwash.net to fix.

    Will do as you suggest - just thought I'd let you know :)

    Cheers

    Jon
     
Thread Status:
Not open for further replies.