Phant0m`` Rule-set $v3.0 and ports 135 - 139

Discussion in 'LnS English Forum' started by puff-m-d, Aug 14, 2003.

Thread Status:
Not open for further replies.
  1. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hello all,

    I get ports 135 - 139 showing only as closed with the new ruleset at PCFlank.... They always showed as stealth with thoe old ruleset....

    Any ideas?

    Regards,
    Kent
     

    Attached Files:

  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey puff-m-d

    Please do a re-scan by that Online webscan, and if it still shows the same then wait a hour or so. And in the mean-time get secondary opinions, do other Online web-scans...
     
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Phant0m``,

    At GRC, They show up stealthed.... and the beeps from L'n'S sound during the scan and it shows in the log.... However at PCFlank, no beeps and no entries in the log...

    Regards,
    Kent
     

    Attached Files:

  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey

    I’m assuming you just done another grc. Scan to verify the 1st results, could you please try http://www.blackcode.com/scan/ ?

    Thanks…
     
  5. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hey.
    I had the same results from pcflank with enhanced rules sets.

    grc.com shows all ports stealth every time I use that site.
    I get a lot of entries in my log also.


    I don't use that pcflank scan anymore!
    I don't trust it.
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Yea the Tester is right, there has been many false readings with other peoples scan results. And this doesn’t just revolve around Look ‘n’ Stop but other Software Firewall products. And you using Phant0m``s Rule-sets and you leaked to these Online web-scans I would say that’s impossible unless improper configuring and/or user additional improperly configured rules (Unless one is purposely running Servers and authorized remote access in through your Software Firewall).
     
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hello all,

    Just a quick note to say I have now tested the ruleset at several sites (six to be exact). PC Flank is the only site that reports these ports as closed. the other 5 sites report them as stealthed. From this I "assume" that the PC Flank test is not reliable as it is the only site i have found to give these results....

    Regards,
    Kent
     
  8. Finn McCool

    Finn McCool Registered Member

    Joined:
    Mar 3, 2003
    Posts:
    49
    Location:
    New Orleans
    I agree. I ran the PC Flank test on this machine with LnS w. Phantom's ruleset, on another XP running Outpost fw, and on my NAT router. In each case, the PC Flank test shows ports 80 and 135 closed and all other ports stealthed. In each case, other sites' port scans showed all ports stealthed.
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi Finn McCool,

    Glad to see someone else gets the same results as me!!!!! ;)

    Regards,
    Kent
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Actually guys no one Online Scan is reliable, don’t put faith all into one particular online web-Scanning System. They all have its bad moments and currently pcflanks seems to be having a lot, but I just tested it out tis morning and now it shows my 135port stealthed when it had not the other day…
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    In Addition; when indeed they are unreliable it’s usually with common “Non-existing” ports like 113, 80, and 135 and so on.

    btw; Guys! don't forget to-do pc-flanks stealth-test! :rolleyes:
     
  12. Plavi

    Plavi Registered Member

    Joined:
    May 1, 2003
    Posts:
    27
    Hi Phant0m,

    Please help having problems with the version 3.0 rule set. I am dialup and had installed your july 18 rules which worked a treat. Have followed the instructions for the version 3.0 ruleset exactly, to the tee as you say, and cannot access the internet and no other application can access the internet. This initially happened to the July-18th rules, at that time you told me to ensure the primary and secondary DNS values were in the appropriate rule set, which of course worked. For this version 3.0 the 1ry and 2ry DNS values are there alongside everything else but no luck. In another thread you mention adjusting the settings and then activating them. Presumably activating means = this is ensuring the internet filtering is enabled (ticked?).

    Thanks in advance - P
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Plavi

    The page don’t recommend Disabling/Enabling Internet Filtering, you must retrieve the DNS and Adapter Addresses with EnhancedRulesSet.rls before switching to Phant0m`` Rule-set $v3.0. Verify there are 2 DNS servers and not three or four, you may need to add additional DNS rules if that’s the case. And when you configure the DNS-Allowed-0 rule you must then activate the DNS-Allowed-0 rule, and perhaps try re-booting.

    Regards,
     
Thread Status:
Not open for further replies.