Phant0m``s Rule-set $v4.1

Phant0m``s Rule-set $v4.1
http://www.wilderssecurity.info/images/Phant0m_Rule-set.PNG
​

I’m proud to announce the public release of Phant0m`` Rule-set $v4.1; It’s most likely the last version of Phant0m``s Rule-set for Look ‘n’ Stop v2.04p2, any additional updates will be provided via “Importable” rules. I had suspended ARP Security measures by Default of Phant0m`` Rule-set $v4.1 usage, though the two ARP rules for Security measures still exists but disabled by Default. Any Technical Support for ARP Security measures setup will be still available via Look ‘n’ Stop Official English Forum for those who more than interested in getting the Maximum Level Software Security…

Necessary Configuring & Activation required for the following Rules;
DNS-Allowed-1 (By Default this rule uses “Equal Or” Technology which allows you to specify both Primary and Secondary DNS servers using the one rule.)
DNS-Allowed-2 (This is offered to those who has more than 2 DNS servers giving by the rare few ISP)
BOOTP / DHCP
BOOTP / DHCP.

Alright now there’s special Rule-Ordering which needs to be followed;
- Authorizing Incoming TCP Connections to Locally hosted server Software you place the rules just below or above “HTTP-SERV” rule, you can use this “HTTP-SERV” rule for an example of creating server rules. And absolutely ensure you configure the server Application to the rules Application List.
- Authorizing Outgoing TCP Connections from the local Machine you place the rules just below or above “www-http-1=80” rule, you can use this “www-http-1=80” rule for an example of creating Client Applications TCP Outgoing rules.

There are two ICMP rules “ICMP : Ping other (Req)”, & “ICMP : Ping other (Rsp)” which are disabled by Default and if you wish to have PING capabilities you’ll need to Enable these. “ICMP : Ping other (Req)” rule authorizes Outgoing, and “ICMP : Ping other (Rsp)” rule authorizes incoming. In Reference to the “ICMP : Ping other (Rsp)” rule please visit http://www.wilderssecurity.info/pg21.shtml.

“SYN Time” Rule has been updated for time.windows.com & time.nist.gov for Internet time servers.

Following rules that blocks Inbounds without annoying Warnings are;
+microsoft-ds
+Block NetBIOS-ns|dgm

Following rules that blocks Outbounds without annoying Warnings are;
+MSN Privacy Violations
+Block NetBIOS
ICMP : Allow

Regarding FTP issues, please visit http://www.wilderssecurity.info/pg40.shtml.

There as been few additions to the Phant0m``s Rule-set, and http://www.wilderssecurity.info/pg41.shtml has been updated to provide Phant0m``s Rule-set $v4.1 Rule Definition.

Any Questions, Suggestions or comments are much appreciated…

Enjoy!

 

Hey Phantom you are the man -))

Just two questions:

1. Ithought the loopback rule was dealt with under advanced options

2. Am I right - I can either use the allow all arp rule or the ones on top of it??

Ruben

 

Hey tosbsas

Loopback isn’t dealt anyplace; Look ‘n’ Stop Personal Firewall doesn’t have Loopback Controls. However this rule will block the unnecessary Incoming (Actually From the Internet) with Source-IP Address 127.0.0.1 which normally gets leaked in by TCP Authorizing rules like “TCP : Allow”…

Pointless to Configure/Enable the two other ARP rules unless you disable the currently Activated ARP rule…

 

Thanks !!!

 

Anytime!

 

Phant0m''

AGAIN?

Now do I need any modif to the rules I configured this week, or can you just tell me what was changed and added?

So that I can take a look and see if its needed or not thx
Oh and forgot about this last time I talked to ya, better get on MSN bud. Aside from that when you'll be on msn gimme a buz at the same time... I have couple questions

mouahahahaahhahaahhaah

 

I was waiting for this new update...you'd promised you'd issue that shortly!

about the BOOTP/DHCP rules (all 4 of them)...for people who, like me, don't have any DHCP enabled, is it ok to deactivate them all, as you'd told me?

 

thx bro

loopback , what is this rules goal ??

 

Hey manuangi

Yea that’s correct…


Hey Kamui

In Short; Blocking unnecessary Incoming Packets with Source-IP Address 127.0.0.1…

 

Sorry if this is a silly question, but where's the download link to v4.1?

 

Hey stannsulyn

Not silly; Download Link is available on the page http://www.wilderssecurity.info/Phant0m.shtml.

 

Got it, thanks.

However, I now have a question.

My reply to IPCONFIG/ALL differs from your example in that Dhcp Enabled says 'No', and there is no line for DHCP server.

Therefore, what do I enter for the BOOTP/DHCP rules?

 

Hey stannsulyn

ALL Dialup users don’t require any of those “BOOTP / DHCP*” rules existing in the rule-set, preferably deleting those are recommended. If you aren’t Dialup user then ensure all those “BOOTP / DHCP*” rules are disabled and surf around like you normally do, you shouldn’t encounter any anomalies but if and when you ever do just send me Look ‘n’ Stop log-files via E-mail…

 

That's the same situations as mine...
Anyway, I'm not a dialup user, I surf with an aDSL connection...and I don't have any BOOTP/DHCP, as I have a single PC behind the InternetGateway..
As I said, I disable all those rules, and all seems to be ok...

 

Not everyone requires DHCP

 

Phant0m``

I figured why everything was locking up. It wasn`t an issue with looknstop, my DNS servers had changed.

When I reinstalled LnS everything was fine, had the basic rules, the moment I slammed my saved rules PAFFF.... got disconnected from everywhere.

So goes to show that my DNS server is on rotation basis......

 

I liked the Maximum level security offered by ruleset 4.0, can I import the ARP rules from my 4.0 config. to 4.1?

 

Hey flee

You can Export/Import or you can make manual modifications to the existing rules in $v4.1 with the old $v4.0 Informatics…

 

Thanks, Mr. Phantom!

I have imported the Arp rules over from 4.0.

Now do I de-activate the "ARP: Authorize all ARP packets" rule or leave it active?

 

Hey flee

After importing, jump the rules to the near bottom either on-top or below the current ARP rules, and disable “ARP: Authorize all ARP packets” rule.