Phant0m``s Rule-set $v4.0

Discussion in 'LnS English Forum' started by Phant0m, Aug 29, 2003.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey folks

    Three days after releasing Phant0m``s Rule-set $v3.1, there is yet another release $v4.0!
    Phant0m``s Rule-set $v4.0 contains many Enhancements, visual and otherwise, http://www.wilderssecurity.info/Phant0m.shtml.

    Phant0m``s Rule-set page been slightly updated, and now a completed Phant0m``s Rule-set $v4.0 Rules Definition page. Each rule listed is in exact order as listed in the Phant0m``s Rule-set $v4.0, it columned up into 6 (Rule name | Rule Status | Acceptance | Warning Flag | Packet Direction | Rule Description). It uses mixture of colors for user’s better interpation.

    Maroon = Enabled rules
    Blue = Disabled rules
    Bolded Blue = Disabled rules that needs to be configured by Default before activation
    Purple = Allowed packets
    Mediumslateblue = Denied packets


    Page Available at http://www.wilderssecurity.info/pg41.shtml



    I’m more than happy to assist with users Problems and answer Questions and listen to Suggestions either from the Forum or via E-mail Phant0m@wilderssecurity.info.

    Enjoy!
     
  2. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
    You're simply my hero! :D
    I've just finished loading & fixing to my necessity your new 4.0 rules!

    Ah, you've got to update page41: as I'm writing, I can still read "3.1" ;)
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    LOL!, :D

    Ahh yea i forgot about the "titles" lol
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Done! Thanks manuangi! :)
     
  5. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
  6. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey great new set - do like the html explanation.

    There is no more mac addy rule - why??

    All these adapter adresses really get me mixed up, cause there is the numbers for physical - adresses and other 00:00:11:00:00:00

    How and which numbers should we use?? You get my idea

    Ruben
     
  7. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    Thx Bro :) , it's your last rules :'(


    Phantom did you have a rules for Mirc plz ;)
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey tosbsas

    Thanks! And so do me, thanks for the feedback!

    It wasn’t necessary any-longer for which the main purpose was ARP Protocols but since we are controlling ARP at the lower possible capable level.

    Personally “I” still use it for labelling purposes to see any MAC Spoofing for target Machines Adapter Address.

    00:11:00:11:00:11 represents “Your Adapter Address aka Physical Address”
    00:11:00:11:00:12 represents “Your Gateways Adapter Address aka Physical Address”

    192.168.0.1 represents “BOOTP or DHCP IP Address (“DHCP Server . . . . . . . . . . . : xxx.xxx.xxx.xxx”, and/or “Default Gateway . . . . . . . . . : xxx.xxx.xxx.xxx”)
    :p
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey kamui

    Thanks!

    No, I don’t. Are you in reference to mIRC file-transferrings?
     
  10. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey that for I understand, I am getting grey with the adapter adresses -maybe just my case - not being shown that easily in ipconfig /all or else. For example LnS (option dialog) calls the adapter adress:e6:37:20:xx:xx:xx but on our checkings we found a 00:01:00:00 .....

    So there I got really lost :)--((

    Ruben
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I apologize for any inconveniences Ruben… I, will try to improve in the near future...
     
  12. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey no harm - just trying to capture more of all these security topics - helps me to know what's going on.

    Ruben
     
  13. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France

    http://www.netzwerkrouter.de/Router/Tipps/SMC_Tipps/SMC_Ports/body_smc_ports.htm

    # IRC DCC.
    #
    # The IRC port is usually 6660-6670, 7000, 8888, or 9999
    # If you are using a different port number just change one of
    # these apprules to the port number you are using.
    "mIRC port 6660" 6660 59,113
    "mIRC port 6661" 6661 59,113
    "mIRC port 6662" 6662 59,113
    "mIRC port 6663" 6663 59,113
    "mIRC port 6664" 6664 59,113
    "mIRC port 6665" 6665 59,113
    "mIRC port 6666" 6666 59,113
    "mIRC port 6667" 6667 59,113
    "mIRC port 6668" 6668 59,113
    "mIRC port 6669" 6669 59,113
    "mIRC port 6670" 6670 59,113
    "mIRC port 7000" 7000 59,113
    "mIRC port 8888" 8888 59,113
    "mIRC port 9999" 9999 59,113
    "mIRC Chat" 100 101
    "mIRC Fserve" 110 111
    "mIRC Send" 120 121
    "mIRC Get" 130 131,132


    thx ;)
     
  14. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Once again rules to initiate Client Applications Connections aren’t needed unless you changed into “Paranoid-mode”. For more please visit http://www.wilderssecurity.info/rl44.shtml.

    And for the rules to Authorize File Transfers, Chats, and Fserve you should be using one specific port which is in the High range, you configure a specific port in mIRC settings. And then you create a Rule to Authorize Incoming Events onto this specific port chosen for IRC which has the Application in the App-List of the Rule to apply too. Please visit http://www.wilderssecurity.info/rl29.shtml for further details. ;)
     
  16. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    yes i Know how to creat rules but with mirc , I don't know if I have to open UDP or TCp port , then don't notice that :'(
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    It’s not only about creating rules; it’s about what’s required and what’s not, and about the special rule organizing and so on.

    btw; they in reference to TCP Ports.... ;)
     
  18. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    ok tx , but in ur new rules wheres is Anti IP Spoofing and Mac spoofing o_O? o_O
     
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Those specific rules was removed, don't worry you still got the protection.. :)
     
  20. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France

    ok but I want to know whyo_O......
    they were useless o_O? o_O
     
  21. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    With current setup, yea it is useless... :)
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    If you like to use the Anti-IP and Anti-MAC Spoofing rules anyways you can export from the old rule-set and import into the new… Place the Anti-IP Spoofing rule below the “+Block 'Land' Attack” rule…
     
  23. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France

    yes , but i can't, i deleted it :oops:, can you send me your previous rules 3.1 by mail plz ;)
    Thx ;)
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    OK, what's yo E-mail Addy...
    PM it to me and i'll send you an Importable rule with the two giving rules.
     
  25. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    thx bro my mail is the same as Msn ;)


    check ur pm ;)
     
Thread Status:
Not open for further replies.