Phant0m``s Rule-set $v4.1

Discussion in 'LnS English Forum' started by Phant0m, Sep 7, 2003.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada

    I’m proud to announce the public release of Phant0m`` Rule-set $v4.1; It’s most likely the last version of Phant0m``s Rule-set for Look ‘n’ Stop v2.04p2, any additional updates will be provided via “Importable” rules. I had suspended ARP Security measures by Default of Phant0m`` Rule-set $v4.1 usage, though the two ARP rules for Security measures still exists but disabled by Default. Any Technical Support for ARP Security measures setup will be still available via Look ‘n’ Stop Official English Forum for those who more than interested in getting the Maximum Level Software Security…

    Necessary Configuring & Activation required for the following Rules;
    DNS-Allowed-1 (By Default this rule uses “Equal Or” Technology which allows you to specify both Primary and Secondary DNS servers using the one rule.)
    DNS-Allowed-2 (This is offered to those who has more than 2 DNS servers giving by the rare few ISP)
    BOOTP / DHCP
    BOOTP / DHCP.

    Alright now there’s special Rule-Ordering which needs to be followed;
    - Authorizing Incoming TCP Connections to Locally hosted server Software you place the rules just below or above “HTTP-SERV” rule, you can use this “HTTP-SERV” rule for an example of creating server rules. And absolutely ensure you configure the server Application to the rules Application List.
    - Authorizing Outgoing TCP Connections from the local Machine you place the rules just below or above “www-http-1=80” rule, you can use this “www-http-1=80” rule for an example of creating Client Applications TCP Outgoing rules.

    There are two ICMP rules “ICMP : Ping other (Req)”, & “ICMP : Ping other (Rsp)” which are disabled by Default and if you wish to have PING capabilities you’ll need to Enable these. “ICMP : Ping other (Req)” rule authorizes Outgoing, and “ICMP : Ping other (Rsp)” rule authorizes incoming. In Reference to the “ICMP : Ping other (Rsp)” rule please visit http://www.wilderssecurity.info/pg21.shtml.

    SYN Time” Rule has been updated for time.windows.com & time.nist.gov for Internet time servers.

    Following rules that blocks Inbounds without annoying Warnings are;
    +microsoft-ds
    +Block NetBIOS-ns|dgm


    Following rules that blocks Outbounds without annoying Warnings are;
    +MSN Privacy Violations
    +Block NetBIOS
    ICMP : Allow


    Regarding FTP issues, please visit http://www.wilderssecurity.info/pg40.shtml.

    There as been few additions to the Phant0m``s Rule-set, and http://www.wilderssecurity.info/pg41.shtml has been updated to provide Phant0m``s Rule-set $v4.1 Rule Definition.

    Any Questions, Suggestions or comments are much appreciated…

    Enjoy!
     
  2. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey Phantom you are the man :)-))

    Just two questions:

    1. Ithought the loopback rule was dealt with under advanced options

    2. Am I right - I can either use the allow all arp rule or the ones on top of it??

    Ruben
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey tosbsas

    Loopback isn’t dealt anyplace; Look ‘n’ Stop Personal Firewall doesn’t have Loopback Controls. However this rule will block the unnecessary Incoming (Actually From the Internet) with Source-IP Address 127.0.0.1 which normally gets leaked in by TCP Authorizing rules like “TCP : Allow”…

    Pointless to Configure/Enable the two other ARP rules unless you disable the currently Activated ARP rule…
     
  4. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Thanks !!!

    :D :-*
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Anytime! :D

     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Phant0m''

    AGAIN?

    Now do I need any modif to the rules I configured this week, or can you just tell me what was changed and added?

    So that I can take a look and see if its needed or not :) thx
    Oh and forgot about this last time I talked to ya, better get on MSN bud. Aside from that when you'll be on msn gimme a buz at the same time... I have couple questions ;)

    mouahahahaahhahaahhaah :D
     
  7. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
    I was waiting for this new update...you'd promised you'd issue that shortly! ;)

    about the BOOTP/DHCP rules (all 4 of them)...for people who, like me, don't have any DHCP enabled, is it ok to deactivate them all, as you'd told me?
     
  8. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    thx bro ;)

    loopback , what is this rules goal ??
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey manuangi

    Yea that’s correct… :)


    Hey Kamui

    In Short; Blocking unnecessary Incoming Packets with Source-IP Address 127.0.0.1… :D
     
  10. stannsulyn

    stannsulyn Guest

    Sorry if this is a silly question, but where's the download link to v4.1?
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey stannsulyn

    Not silly; Download Link is available on the page http://www.wilderssecurity.info/Phant0m.shtml. :)

     
  12. stannsulyn

    stannsulyn Guest

    Got it, thanks.

    However, I now have a question.

    My reply to IPCONFIG/ALL differs from your example in that Dhcp Enabled says 'No', and there is no line for DHCP server.

    Therefore, what do I enter for the BOOTP/DHCP rules?
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey stannsulyn

    ALL Dialup users don’t require any of those “BOOTP / DHCP*” rules existing in the rule-set, preferably deleting those are recommended. If you aren’t Dialup user then ensure all those “BOOTP / DHCP*” rules are disabled and surf around like you normally do, you shouldn’t encounter any anomalies but if and when you ever do just send me Look ‘n’ Stop log-files via E-mail…

     
  14. manuangi

    manuangi Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    148
    Location:
    Italy
    That's the same situations as mine...
    Anyway, I'm not a dialup user, I surf with an aDSL connection...and I don't have any BOOTP/DHCP, as I have a single PC behind the InternetGateway..
    As I said, I disable all those rules, and all seems to be ok...
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Not everyone requires DHCP :D

     
  16. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Phant0m``

    I figured why everything was locking up. It wasn`t an issue with looknstop, my DNS servers had changed.

    When I reinstalled LnS everything was fine, had the basic rules, the moment I slammed my saved rules PAFFF.... got disconnected from everywhere.

    So goes to show that my DNS server is on rotation basis......
     
  17. flee

    flee Guest

    I liked the Maximum level security offered by ruleset 4.0, can I import the ARP rules from my 4.0 config. to 4.1?
     
  18. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey flee

    You can Export/Import or you can make manual modifications to the existing rules in $v4.1 with the old $v4.0 Informatics…

     
  19. flee

    flee Guest

    Thanks, Mr. Phantom!

    I have imported the Arp rules over from 4.0.

    Now do I de-activate the "ARP: Authorize all ARP packets" rule or leave it active?
     
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey flee

    After importing, jump the rules to the near bottom either on-top or below the current ARP rules, and disable “ARP: Authorize all ARP packets” rule. :D
     
Thread Status:
Not open for further replies.