Phant0m`` Rule-set $v3.0 *NEW*

Discussion in 'LnS English Forum' started by Phant0m, Aug 13, 2003.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Phant0m`` Rule-set $v3.0 *NEW*


    Phant0m`` Rule-set $v3.0 has been released; few additional Enhancements.

    http://www.wilderssecurity.info/Phant0m.shtml

    Enjoy!

    Note: Any Questions regarding Phant0m`` Rule-set $v3.0 don’t hesitate to post in this topic, Thanks!
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Just earned yourself a well deserved kharma, Phantom :cool:

    regards.

    paul
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    :D

    Thanks! :D
     
  4. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Were's mine?
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    I count seven ;)

    regards,

    paul
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
  7. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hi Phantom,

    Thanks again for your help and support. I just downloaded the 3.0 version of your rules and applied them and I also have one question. The anti-mac spoofing and dns-allowed-1, I noticed that the rule is not enabled by default after loading the ruleset as it was in the ruleset 2.0. Is this correct or do I need to enable it after I enter the appropriate info? Thanks.
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey PikeDude

    Thanks!
    I apologize; yes those rules show at http://www.wilderssecurity.info/Phant0m.shtml requires modifications before activation. I will make some updates to that page to provide better Information in the near future, been trying to get so much finished in such short time…
     
  9. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hi Phantom,

    Sorry about the previous thread, I just noticed where it says rules to be configured and ACTIVATED. My mistake. :oops:
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    LOL; It's OK :)
     
  11. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Phantom, keep them coming as they sound like a good example, when LnS 2.05 comes around I will have to take a look at your master ruleset since I didn't get a chance to view it when I had LnS 2.04 installed ;)
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey BlitzenZeus

    I don’t think there be anymore updates to the Phant0m`` Rule-set, at least not until Look ‘n’ Stop v2.05 release. Then you can be ensured that I’ll have quite a bit of work to-do… :eek:
     
  13. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Hey, when that comes around there isn't a great deal of change, just more restrictions per application, and that is much harder to make pre-made rulesets for unless you keep them in the old LnS packet filter style.

    However CrazyM, and I are just a couple people who can provide examples for you if you are looking for any to add to your collective of information :cool:
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey BlitzenZeus

    I wasn’t in reference to making rule-set changes; I was in reference to many more user Questions on the forums and my E-mails.
     
  15. wong

    wong Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    3
    i discoveredd LnS yesterday, it is the best firewall i have ever used, smallest footprint, just for experiment i ran it together with Kerio, LnS was able to stop Kerio, but Kerio didnt notice the present of LnS, i like it although i dont really know the implication of this test.

    ok, my question is who should use Phant0m`` Rule-set $v3.0? currently i m using enhancedruleset and it gives complete stealth to all the test i throw at it. i m happy, should i change to Phant0m`` Rule-set? its' instruction seems complicated enough.

    thx.
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey wong

    Phant0m`` Rule-set $v3.0 can be used by Dialup, xDSL and Cable+ users, whether their on the Gateway or Client Machines or… Online web-scans don’t cover ALL aspects; and even though EnhancedRulesSet.rls is extremely strong compared to most rule-base Software Firewall Default rule-sets, you should at least do some exploring at some point (better sooner then later?) and gather kn0wledge throughout the trip so you yourself could possibly build your own rule-set.

    I apologize the Instructions seems complicated; I just renewed the page yesterday and I was more focus on trying to keep it basic and get it publicly released, I will in the near future update the page to be more efficient. In the meantime I’ll see if I can explain this;

    You have listed rule(s) which needs modifications & Activations; for “+Anti-MAC Spoofing” rule you need your Adapter Address shown by Winipcfg (Win9x/ME) and WntIpcfg (WinNT/2K/XP) an separate Utility or IPCONFIG (Using; IPCONFIG /ALL in Command Prompt). There are images with RED coloured circles in them to show you which area needs modifications; DNS-Allowed-1 rule needs the Primary and Secondary DNS server addresses which you can get using the mentioned utilities, and UDP-0+: BOOTP / DHCP, UDP-0-: BOOTP / DHCP rules need your DHCP server Address which you can get using the mentioned utilities…

    It would be recommended before “Loading..” up the rule-set that you get the Primary and Secondary DNS server Addresses and DHCP server Address if exists for your type of connection. ;)

    Regards,
     
  17. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    one question:

    On ipconfig /all I get as dns 10.0.0.2 but I know the isp's dns as they were give to me. Which ones do I use??

    Ruben
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Assistance being provided for this situation currently over MSN… ;)
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey wong

    I’ve made modification to the Master Rule-set page to provide better Instructions, I hope you can take a gander at the Master Rule-set page http://www.wilderssecurity.info/Phant0m.shtml and comment on-it...

    Thanks! :D
     
  20. Siddhartha

    Siddhartha Guest

    All right. French language here, so I apologize.
    Panth0m.. I did the modifications about the DNS servers, but what's the difference even if the new rules are activated now?
    I had no problem before to access the Web.
    Do I need to add a rule after to block something ?
    o_O
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Siddhartha

    Would you happen to be a Dialup user or?

    It’s not necessary to add rules to block anything unless you want specific labelling, or wanting to block without warning common and annoying attempts… :)
     
  22. Siddhartha

    Siddhartha Guest

    Thank you for you reply Phant0m.
    I use a Cable connection.
    OK... not necessary to add rules to block something.
    But tell me; why do we need to add rules for the DNS servers ?
    Like I said, it was not a problem for me to surf on the Web without it.
    Hmmm?
    Why do I need DNS rules ?
    o_O
     
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Siddhartha

    If you in reference to using Phant0m`` Rule-set $v3.0 without activation of the DNS rules then I find this quite interesting considering DNS is constantly required to resolve and without it Communications to the Outside would be impossible. This makes me wonder if your Packet Filtering Layer is properly functional in Look ‘n’ Stop? :eek:

    If you set warning flag on “TCP: Allow” rule and refreshed the page, do you see the TCP Uplinks, and Downlinks? o_O
     
  24. Siddhartha

    Siddhartha Guest

    Maybe I do something wrong about the DNS servers.
    Look here:
    http://pages.infinit.net/delta1/WntIpcfg.jpg

    When I click in the black square, I see 3 DNS servers available. But, no primary or secondary servers.
    I don't need rules maybe ?
    :D
     
  25. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Siddhartha

    If you in reference to the usage of Phant0m`` Rule-set $v3.0 without activation of the DNS rule, then I find it quite interesting. Try visiting a website you’ve never been too before, while DNS-Allowed-0 rule is kept non-active.

    If you capable of loading a page from server you’ve not been too before then I would have to assume your Packet Filtering Layer is not functioning properly on your System.

    -

    Alright what you see right off hand when accessing that area is the Primary DNS, when you click on the square then the Secondary DNS server becomes visible, and you click on the square again and a new DNS server shows then that’s your third and so on… ;)
     
Thread Status:
Not open for further replies.