Phant0m`` Rule-set $v3.1 (NEW)

Discussion in 'LnS English Forum' started by Phant0m, Aug 26, 2003.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey folks

    I like to introduce yet another Phant0m`` Rule-set Update, Phant0m`` Rule-set $v3.1.
    It includes few Enhancements; one enhancement corresponds with ARP Threats, and this brought possible by ALL the beautiful Phant0m`` Rule-set users, couldn’t of included this from beginning without verifying firstly that the users aren’t going to be encountering any anomalies with the basic setup.

    Phant0m`` Rule-set page been updated also, http://www.wilderssecurity.info/Phant0m.shtml.

    REMEMBER ALL; ALL listed Rules which need to be configured ALSO needs to be ACTIVIATED afterwards aswell!

    And there is something else I like to add; even though no one reported experiencing any reconnecting anomalies in reference to xDSL, Cable+ users, be advised you might need to include your Gateways IP Address in those BOOTP / DHCP rules that needs to be configured.

    To include the Gateways IP Address in the same BOOTP / DHCP rules, use “Equal Or” rather then “Equal” and fill in the secondary IP Field listed under “IP: address” section.

    Remember don’t hesitate to poster Questions/Comments and Suggestions…

    Thanks and Enjoy! :D
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Further Information; In addition to using Phant0m`` Rule-set $v3.1, absolutely make sure you activate “TCP Stateful Packet Inspection” Feature;
    http://www.wilderssecurity.info/images/OptionsAdv.bmp

    otherwise I wouldn’t consider you equipped with Maximum level security… :mad:
     
  3. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    thx bro , ;) , where did you find you rules ?, or Your base on what in order to create it ??,

    Sorry ,I'm too curious :oops:
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    No-place, I don’t use other people’s rule-sets and rules…
    I’ve always been using my own lay-out to ensure I get the Maximum Level “Software” Security one can possibly get… For many years my Lay-out being used, works for all different kinds of Rule-base Software Firewalls. In-fact before Look ‘n’ Stop my lay-out was used in ConSeal PC Firewall, of course many additional Features to take advantage of now with today’s technology… ;)
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    In Addition; as for knowing rule-ordering, it’s just common sense, I don’t think I can explain it any better than that… LOL
     
  6. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    you 'd a lot of security skills ;) , I've always questions lol , how or where can i find my getway address o_O :oops:
     
  7. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    sorry again :D

    ;)
     
  8. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    which version of lns did you use because and i don't have "protocole option" in the advance option of my french lns 2.04p2 version :rolleyes:
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    That Feature relates to Win9x/ME customers… ;)
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Gateway IP Address can be found using “IPCONFIG /ALL” utility;
    “Default Gateway . . . . . . . . . : xxx.xxx.xxx.xxx”

    Or by accessing “Support” TAB from your Connections Properties and clicking “Details…” button...
     
  11. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    o_O


    Is it possible thats my ip address and my getways addres are the same ??
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    You Dialup user?
     
  13. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
  14. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Some ADSL connection act very similar to dialup connections. Mine uses PPPoE and is implemented with RASPPPOE, so to my system it looks like a simple PPP dialup connection. My default gateway is my IP address, as well. If that's what ipconfig/all is showing you, then, yes, that's your default gateway.
     
  15. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    I Have a PPPoA connection ;)

    and which connection is better PPPOE or PPPoA ?? :rolleyes:
     
  16. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    ok if it is ok i can't put my ip address as getway address in ARP : Authorize Gateways ARP Replies , because the number is not correct you need about 10 numbers for a coorect Gatetway Address but my IP addres didn't match with this rules :rolleyes:

    and my ip is like that's 74.49.160.3 o_O(this no my ip it's just an example )

    o_O
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hmmm, No those ARP rules relies on the Adapter Addresses....

    Regards,
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    In Command Prompt type; ARP –a

    Interface: xxx.xxx.xxx.xxx --- 0x2
    Internet Address Physical Address Type
    xxx.xxx.xxx.xxx 00:11:00:11:00:12 dynamic
    -

    A Gateway IP Address doesn’t have to contain at least 10 numbers to be valid Gateway IP Address; you must be getting Adapter Addresses and IP Addresses mixed up or something… :doubt:
     
  19. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    arp -a , doesn't work :( , I have "aucune entrée Arp trouvé" :'( in english" No Arp Entry found" I think sorry for the bad translation :oops:


    and th TCP Stateful inspection it isn't good for emule :(.
     
  20. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey Phantom as siad in my mail - great ruleset.

    2 questions:

    1. I get as gateway adapter adress two things:

    ip 10.0.0.2 or 216.2xx.xxx.xx thats with ipconfig/all

    or with arp -a

    i get 00-d0-41-10-2e-ae which looks a lot more like an adapter adress for the gateway, but I remeber that we got my mac adress thru a log from lns itself - any tips??

    2. I am normally on raspppoe and adsl with my isp here in Buenos Aires, but at times (often) I travel and have to use any connection I can get - how would you set the dns allow rule in this case - just all?? Cause normally I will not know the actual dns??

    Ruben
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey tosbsas

    I thoroughly scanned through your copy of a configured Phant0m`` Rule-set $v3.1 and all the configured rules appears accurate, However I do see fault in additional rules you've added;

    TCP : Allow Trillian 5190
    TCP : Allow Trillian 5190 ALL "file-send"
    TCP : Allow Trillian 5190 (2)
    TCP : Allow Trillian 5190 (3)
    TCP : Allow Trillian 5050 Yahoo
    TCP : Allow Trillian 5050 Yahoo II
    TCP : Allow Trillian 1863 MSN

    Reason why I see fault in those rules being there is because you aren’t in Paranoid mode, considering “TCP : Allow” rule is active full time which authorizes Outgoing initiating connections to ALL source ports with destination temp-range (1025-4999) ports. Basically saying regardless if those Additional rules existed, those Outgoing initiating connections will still succeed.

    I’ve also noticed those rules you have Applications configured on them, well if the Application isn’t running the Outgoing initiating connections will still succeed, once again because of that rule labelled “TCP : Allow” being Active.
     
  22. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    ok thanks - are you saying that the all dns rules for dialup is ok like that too??

    Ruben
     
  23. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey kamui

    Yes the TCP SPI Feature needs slight Enhancement, doesn’t currently work well with p2p Software like emule…

    The ARP Entries must have been cleared at that time, what I would do if I was you is disable the two ARP Rules and wait till you see Log blockings of ARP packets to retrieve the Gateways Adapter Address…
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey tosbsas

    Yea for the current Connection; if I was you though since you do a lot of traveling is to keep that rule-set as is, for that current location. Then have another copy which you modify whenever you travel, I suggest not to use “ALL” for DNS Addresses, I suggest to keep using “IPCONFIG” utility to retrieve your DNS Informatic and manually configure the DNS rules and DHCP rules if need to be…
     
  25. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    ok will do thanks

    Ruben
     
Thread Status:
Not open for further replies.