Phant0m`` $v3.1 Rules Definition

Hey folks

I like to mention a new addition to my Look ‘n’ Stop website, it’s titled “Phant0m`` $v3.1 Rules Definition”. Many of you been wanting something which explains a bit about per rule in Phant0m`` Rule-sets and now I have been taking Time-Out throughout my busy day to work on providing you guys with something of the sort.

It’s not completed page but I thought I would poster the url and you guys take a gander at it and give me you all opinions, and suggestions on improving it that much more. I would be extremely grateful if little time was spared to assist me in this area, Thanks!

http://www.wilderssecurity.info/pg41.shtml

 

To be little more Informative about that page; It’s actually a replica of Phant0m`` Rule-set $v3.1, every rule on the page is in exact order as listed in the rule-set, and the states for each rule is what you’d see when you 1stly Load up the Phant0m`` Rule-set, and mixture of colors been used for user efficient interpretation.

Maroon = Enabled rules
Blue = Disabled rules
Bolded Blue = Disabled rules that needs to be configured by Default before activation
Purple = Allowed packets
Mediumslateblue = Denied packets

Hope this is clarity for you…

 

You ARE the man --))

Thanks for all your efforts. Its goos to know you are around.

Ruben

 

Hey Phantom,

I just installed your new ruleset and it works great. Thanks once again for all the help you give us .
I have enabled all of them except the Arp Gateways Arp Reply because I am behind a router and the Gateway address that is shown in the IPConfig utility is not taken by ARP : Authorize Gateways ARP Replies where it's circled in red. The address is 198.168.1.1 unlike the picture that shows it as a mac address. Do I need to add the same Mac address in both fields or do i simply not enable the rule being behind a router.
Thanks.

 

Hey Phantom,

I found the answer (I believe ) in manuangi's post. When I logged into my Linksys router, on the front page, there was the router's mac address and I placed it in the Source Ethernet Address and I was able to surf the web again. Is this right?

Although, in the logs as you described to manuangi, I still have another ethernet address that appears from time to time (always the same one). I don't know which one to use! I also keep getting the FF:FF:FF:FF:FF:FF” rule appearing in the logs even though the rule is disabled.

Thanks for all the help.

 

Hey PikeDude

Well done!

Apparently you got the right Ethernet Adapter Address otherwise you wouldn’t be capable of surfing like you are now.

LOL! Can you verify that “FF:FF:FF:FF:FF:FF”, or “+FF:FF:FF:FF:FF:FF”?
Verify from the Loggings in the Look ‘n’ Stop’s “Log” screen that “*FF:FF:FF:FF:FF:FF” isn’t being shown on the “Address / Application” column, possible it must be confusing with rule-name “+FF:FF:FF:FF:FF:FF”.

 

Hi Phantom,

Just figured out what the other Mac Address was, it's my wife's computer that is also sharing the router. It's her Mac address, since we share files between computers I guess it was only verifying if I was there. I had not given that computer access with the new 3.1 rules.
Since she turned off her computer, I got no more entries in the log.
Again great work and Thanks a million.

 

Hey PikeDude

You have any situations regarding Phant0m`` Rule-set and Client Machines, don’t hesitate to tell me…

Also; between you and I, I’m currently working on upcoming Phant0m`` Rule-set release. It’s has number of Enhancements, efficient rule labelling for user easy interpation. I also decreased the rule-set filesize greatly, thus allowing the rule-set to be read even faster.

It’s completed but wont be publicly released until after I complete that Phant0m`` Rule-set Rules Definition page to apply to this new rule-set.