Phant0m's rule-set and SecuritySpace.com NoRisk Audit

Discussion in 'LnS English Forum' started by Defenestration, Oct 14, 2005.

Thread Status:
Not open for further replies.
  1. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I've just finished the SecuritySpace.com NoRisk audit (it's free to do the basic test, although you have to register, and it takes about 3 hours to complete) of my machine which has LnS 2.05p3 beta coupled with Phant0m's rule-set, and it only had two minor vulnerabilities:

    1) Misc.: Traceroute (Low Risk Vulnerability)
    2) General : Reverse DNS Lookup (Other Items to be Considered)

    Below is a quote of what they mean:

    Can these be fixed with a new/updated rule ?

    I know they're only minor, but I enjoy the satisfaction of passing all tests I aim at my system :)
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hi Defenestration

    Did you download the rule-set from official location?
    And have you made any changes to the rule-set?
     
  3. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Hi Phant0m,

    The rule-set was download from an official location several months ago (V6 I believe). Have you released the updated rule-set you were promising ?

    If so, then I was not using this very latest version.

    The only change made to the rule-set was to modify the DNS-Allowed-1 rule as per instructions.
     
  4. PnP

    PnP Registered Member

    Joined:
    Jun 12, 2003
    Posts:
    194
    Location:
    Italy
    Sorry when can download this ruleset officially? Thanks
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Defenestration,

    Thanks for the test and this report.

    By default, normally Look 'n' Stop is already configured for "filtering ICMP Destination Unreachable (Code 3) and ICMP Time Exceeded (Code 11) messages", so it is strange there is an issue there. Did you check "if the route shown above is revealing sensitive IP addresses internal to your network" ?

    Not sure what is really the vulnerability there are testing for "Reverse DNS Lookup". If it is simply the possibility to retrieve a name based on an IP, I don't see the point.

    Frederic
     
Thread Status:
Not open for further replies.