Phant0m`` Rule-set $v3.1 (NEW)

Hey folks

I like to introduce yet another Phant0m`` Rule-set Update, Phant0m`` Rule-set $v3.1.
It includes few Enhancements; one enhancement corresponds with ARP Threats, and this brought possible by ALL the beautiful Phant0m`` Rule-set users, couldn’t of included this from beginning without verifying firstly that the users aren’t going to be encountering any anomalies with the basic setup.

Phant0m`` Rule-set page been updated also, http://www.wilderssecurity.info/Phant0m.shtml.

REMEMBER ALL; ALL listed Rules which need to be configured ALSO needs to be ACTIVIATED afterwards aswell!

And there is something else I like to add; even though no one reported experiencing any reconnecting anomalies in reference to xDSL, Cable+ users, be advised you might need to include your Gateways IP Address in those BOOTP / DHCP rules that needs to be configured.

To include the Gateways IP Address in the same BOOTP / DHCP rules, use “Equal Or” rather then “Equal” and fill in the secondary IP Field listed under “IP: address” section.

Remember don’t hesitate to poster Questions/Comments and Suggestions…

Thanks and Enjoy!

 

Further Information; In addition to using Phant0m`` Rule-set $v3.1, absolutely make sure you activate “TCP Stateful Packet Inspection” Feature;
http://www.wilderssecurity.info/images/OptionsAdv.bmp

otherwise I wouldn’t consider you equipped with Maximum level security…

 

thx bro , , where did you find you rules ?, or Your base on what in order to create it ??,

Sorry ,I'm too curious

 

No-place, I don’t use other people’s rule-sets and rules…
I’ve always been using my own lay-out to ensure I get the Maximum Level “Software” Security one can possibly get… For many years my Lay-out being used, works for all different kinds of Rule-base Software Firewalls. In-fact before Look ‘n’ Stop my lay-out was used in ConSeal PC Firewall, of course many additional Features to take advantage of now with today’s technology…

 

In Addition; as for knowing rule-ordering, it’s just common sense, I don’t think I can explain it any better than that… LOL

 

you 'd a lot of security skills , I've always questions lol , how or where can i find my getway address

 

sorry again

 

which version of lns did you use because and i don't have "protocole option" in the advance option of my french lns 2.04p2 version

 

That Feature relates to Win9x/ME customers…

 

Gateway IP Address can be found using “IPCONFIG /ALL” utility;
“Default Gateway . . . . . . . . . : xxx.xxx.xxx.xxx”

Or by accessing “Support” TAB from your Connections Properties and clicking “Details…” button...

 

Is it possible thats my ip address and my getways addres are the same ??

 

You Dialup user?

 

I Have 512 kbits ADSL-Wanadoo Modem Alcatel Speed tOUCH usb


this my dsl modem lol

http://speedtouch.sourceforge.net/images/SpeedTuxDaemon.jpg

 

I Have a PPPoA connection

and which connection is better PPPOE or PPPoA ??

 

ok if it is ok i can't put my ip address as getway address in ARP : Authorize Gateways ARP Replies , because the number is not correct you need about 10 numbers for a coorect Gatetway Address but my IP addres didn't match with this rules

and my ip is like that's 74.49.160.3 (this no my ip it's just an example )

 

Hmmm, No those ARP rules relies on the Adapter Addresses....

Regards,

 

In Command Prompt type; ARP –a

Interface: xxx.xxx.xxx.xxx --- 0x2
Internet Address Physical Address Type
xxx.xxx.xxx.xxx 00:11:00:11:00:12 dynamic
-

A Gateway IP Address doesn’t have to contain at least 10 numbers to be valid Gateway IP Address; you must be getting Adapter Addresses and IP Addresses mixed up or something…

 

arp -a , doesn't work , I have "aucune entrée Arp trouvé" in english" No Arp Entry found" I think sorry for the bad translation


and th TCP Stateful inspection it isn't good for emule .

 

Hey Phantom as siad in my mail - great ruleset.

2 questions:

1. I get as gateway adapter adress two things:

ip 10.0.0.2 or 216.2xx.xxx.xx thats with ipconfig/all

or with arp -a

i get 00-d0-41-10-2e-ae which looks a lot more like an adapter adress for the gateway, but I remeber that we got my mac adress thru a log from lns itself - any tips??

2. I am normally on raspppoe and adsl with my isp here in Buenos Aires, but at times (often) I travel and have to use any connection I can get - how would you set the dns allow rule in this case - just all?? Cause normally I will not know the actual dns??

Ruben

 

Hey tosbsas

I thoroughly scanned through your copy of a configured Phant0m`` Rule-set $v3.1 and all the configured rules appears accurate, However I do see fault in additional rules you've added;

TCP : Allow Trillian 5190
TCP : Allow Trillian 5190 ALL "file-send"
TCP : Allow Trillian 5190 (2)
TCP : Allow Trillian 5190 (3)
TCP : Allow Trillian 5050 Yahoo
TCP : Allow Trillian 5050 Yahoo II
TCP : Allow Trillian 1863 MSN

Reason why I see fault in those rules being there is because you aren’t in Paranoid mode, considering “TCP : Allow” rule is active full time which authorizes Outgoing initiating connections to ALL source ports with destination temp-range (1025-4999) ports. Basically saying regardless if those Additional rules existed, those Outgoing initiating connections will still succeed.

I’ve also noticed those rules you have Applications configured on them, well if the Application isn’t running the Outgoing initiating connections will still succeed, once again because of that rule labelled “TCP : Allow” being Active.

 

ok thanks - are you saying that the all dns rules for dialup is ok like that too??

Ruben

 

Hey kamui

Yes the TCP SPI Feature needs slight Enhancement, doesn’t currently work well with p2p Software like emule…

The ARP Entries must have been cleared at that time, what I would do if I was you is disable the two ARP Rules and wait till you see Log blockings of ARP packets to retrieve the Gateways Adapter Address…

 

Hey tosbsas

Yea for the current Connection; if I was you though since you do a lot of traveling is to keep that rule-set as is, for that current location. Then have another copy which you modify whenever you travel, I suggest not to use “ALL” for DNS Addresses, I suggest to keep using “IPCONFIG” utility to retrieve your DNS Informatic and manually configure the DNS rules and DHCP rules if need to be…

 

ok will do thanks

Ruben