Phantom Rules - Enchanced Rules Comparison

Discussion in 'LnS English Forum' started by Stephanos G., May 5, 2005.

Thread Status:
Not open for further replies.
  1. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    What is the difference between Phantom rules and Enhanced Rules?
    Phantom rules can be used only for a specific category of users? What more they can offer?
    Can we compare them?

    Thanks
     
  2. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    This is a great idea. Unless Phantom has some documentation he could provide about his ruleset.

    I would also like to know for his Anti Mac Spoofing rule, after you enter in your MAC address do you activate as shown in this pic?

    I mean I know you click on the left to place the green check, but do you also place a red stop sign next to it? I would assume that would block attempts or does it need to be open to stop attempts?

    Please advise.

    Thanks,

    Jag
     

    Attached Files:

    • lns2.JPG
      lns2.JPG
      File size:
      69.6 KB
      Views:
      1,480
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Phant0m's ruleset offers protection against a lot of specific methods to try and sneak things past your firewall that -may- not be covered otherwise. This is especially for p2p and IRC users, since those programs can leave you open. I placed my eMule rules below all of the rules for XMAS Stealth Scan, SYN-FIN-x-x-x, etc, and have occassionally seen blocked attempts in the log while using eMule, although I never had any problems before using that ruleset. I would be interested in hearing Phant0m and Frederick's thoughts on it, though.

    You can also use HardenIt (http://www.sniff-em.com/) to protect against some of this stuff and a little more.
     
  4. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    If is like this, why the LnS company dont publish more rules if the enchance rules are not so sufficient?
    Also, if is possible Phantom to publish an image with all the rules like Jaguar did.

    Thanks
     
  5. xamenos

    xamenos Guest

    Notok: Do you place the p2p rules on top or on bottom?
     
  6. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    YOu need to place them (p2p rules) at bottom if you want the other security filters to be active first.

    The filters are processed from top down.
     
  7. xamenos

    xamenos Guest

    that means that the best thing to do, is having the p2p rules ON TOP... Right?
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Server Rules, for TCP initiation connections from remote machines get placed “just” above the “+TCP : Block incoming connections” rule. :)
     
  9. xamenos

    xamenos Guest

    So, as long as the p2p rules are above the +TCP : Block incoming connections, it doesn't matter??
    Or do you mean I SHOULD place them JUST ABOVE the +TCP : Block incoming connections
     
  10. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    For maximum protection you should place it JUST ABOVE the +TCP : Block incoming connections rule, so that the other rules above are still effective.
     
  11. edition

    edition Guest

    is there any link to download Phant0m rule?

    what is better for me Phantom rules or Enhanced ?
     
  12. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
Thread Status:
Not open for further replies.