Phant0m``s Rule-set $v4.0

Hey folks

Three days after releasing Phant0m``s Rule-set $v3.1, there is yet another release $v4.0!
Phant0m``s Rule-set $v4.0 contains many Enhancements, visual and otherwise, http://www.wilderssecurity.info/Phant0m.shtml.

Phant0m``s Rule-set page been slightly updated, and now a completed Phant0m``s Rule-set $v4.0 Rules Definition page. Each rule listed is in exact order as listed in the Phant0m``s Rule-set $v4.0, it columned up into 6 (Rule name | Rule Status | Acceptance | Warning Flag | Packet Direction | Rule Description). It uses mixture of colors for user’s better interpation.

Maroon = Enabled rules
Blue = Disabled rules
Bolded Blue = Disabled rules that needs to be configured by Default before activation
Purple = Allowed packets
Mediumslateblue = Denied packets
…

Page Available at http://www.wilderssecurity.info/pg41.shtml



I’m more than happy to assist with users Problems and answer Questions and listen to Suggestions either from the Forum or via E-mail Phant0m@wilderssecurity.info.

Enjoy!

 

You're simply my hero!
I've just finished loading & fixing to my necessity your new 4.0 rules!

Ah, you've got to update page41: as I'm writing, I can still read "3.1"

 

LOL!,

Ahh yea i forgot about the "titles" lol

 

Done! Thanks manuangi!

 

Hey great new set - do like the html explanation.

There is no more mac addy rule - why??

All these adapter adresses really get me mixed up, cause there is the numbers for physical - adresses and other 00:00:11:00:00:00

How and which numbers should we use?? You get my idea

Ruben

 

Thx Bro , it's your last rules


Phantom did you have a rules for Mirc plz

 

Hey tosbsas

Thanks! And so do me, thanks for the feedback!

It wasn’t necessary any-longer for which the main purpose was ARP Protocols but since we are controlling ARP at the lower possible capable level.

Personally “I” still use it for labelling purposes to see any MAC Spoofing for target Machines Adapter Address.

00:11:00:11:00:11 represents “Your Adapter Address aka Physical Address”
00:11:00:11:00:12 represents “Your Gateways Adapter Address aka Physical Address”

192.168.0.1 represents “BOOTP or DHCP IP Address (“DHCP Server . . . . . . . . . . . : xxx.xxx.xxx.xxx”, and/or “Default Gateway . . . . . . . . . : xxx.xxx.xxx.xxx”)

 

Hey kamui

Thanks!

No, I don’t. Are you in reference to mIRC file-transferrings?

 

Hey that for I understand, I am getting grey with the adapter adresses -maybe just my case - not being shown that easily in ipconfig /all or else. For example LnS (option dialog) calls the adapter adress:e6:37:20:xx:xx:xx but on our checkings we found a 00:01:00:00 .....

So there I got really lost --((

Ruben

 

I apologize for any inconveniences Ruben… I, will try to improve in the near future...

 

Hey no harm - just trying to capture more of all these security topics - helps me to know what's going on.

Ruben

 

http://www.netzwerkrouter.de/Router/Tipps/SMC_Tipps/SMC_Ports/body_smc_ports.htm

# IRC DCC.
#
# The IRC port is usually 6660-6670, 7000, 8888, or 9999
# If you are using a different port number just change one of
# these apprules to the port number you are using.
"mIRC port 6660" 6660 59,113
"mIRC port 6661" 6661 59,113
"mIRC port 6662" 6662 59,113
"mIRC port 6663" 6663 59,113
"mIRC port 6664" 6664 59,113
"mIRC port 6665" 6665 59,113
"mIRC port 6666" 6666 59,113
"mIRC port 6667" 6667 59,113
"mIRC port 6668" 6668 59,113
"mIRC port 6669" 6669 59,113
"mIRC port 6670" 6670 59,113
"mIRC port 7000" 7000 59,113
"mIRC port 8888" 8888 59,113
"mIRC port 9999" 9999 59,113
"mIRC Chat" 100 101
"mIRC Fserve" 110 111
"mIRC Send" 120 121
"mIRC Get" 130 131,132


thx

 

Once again rules to initiate Client Applications Connections aren’t needed unless you changed into “Paranoid-mode”. For more please visit http://www.wilderssecurity.info/rl44.shtml.

And for the rules to Authorize File Transfers, Chats, and Fserve you should be using one specific port which is in the High range, you configure a specific port in mIRC settings. And then you create a Rule to Authorize Incoming Events onto this specific port chosen for IRC which has the Application in the App-List of the Rule to apply too. Please visit http://www.wilderssecurity.info/rl29.shtml for further details.

 

yes i Know how to creat rules but with mirc , I don't know if I have to open UDP or TCp port , then don't notice that

 

It’s not only about creating rules; it’s about what’s required and what’s not, and about the special rule organizing and so on.

btw; they in reference to TCP Ports....

 

ok tx , but in ur new rules wheres is Anti IP Spoofing and Mac spoofing ?

 

Those specific rules was removed, don't worry you still got the protection..

 

ok but I want to know why......
they were useless ?

 

With current setup, yea it is useless...

 

If you like to use the Anti-IP and Anti-MAC Spoofing rules anyways you can export from the old rule-set and import into the new… Place the Anti-IP Spoofing rule below the “+Block 'Land' Attack” rule…

 

yes , but i can't, i deleted it , can you send me your previous rules 3.1 by mail plz
Thx

 

OK, what's yo E-mail Addy...
PM it to me and i'll send you an Importable rule with the two giving rules.

 

thx bro my mail is the same as Msn


check ur pm