Phantoms Rules Sept 9 Version 5- File Attached

Discussion in 'LnS English Forum' started by Looney, Jul 26, 2004.

Thread Status:
Not open for further replies.
  1. Looney

    Looney Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    7
    Hello All,

    I have seen many persons ask for a copy of Phantoms ruleset Version 5 dated Sept 9 2003. Attached is a copy of that ruleset, the only additions being the messenger spam and worm blocking rules at the top.

    If I remember correctly I recall a previous post where Phantom said he would not mind the ruleset being posted.

    To upload the file I had to change the extension to "txt". You must change the extension to "rls" (without the " ") before it can be used. After you have changed the extension the file name should be "Phantoms-Sept-9-V5.rls" (without the " ").

    Cheers All, gotta go men in white coats coming :D
     

    Attached Files:

  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I am restricted to dial-up here. Can I use these rules straight out of the box as with the enhanced rules set?

    I vaguely remember some posts on Phant0m's original site where there was some kind of walk through in how to apply his ruleset!
     
  3. profhsg

    profhsg Registered Member

    Joined:
    May 18, 2004
    Posts:
    145
    This may be a really dumb question because I can't really understand how to create or even read the rules, but what are the differences between Phantom's ruleset and the LnS enhanced rule set?
     
  4. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    BlackCat : Have a look at the following two links (the one's you refer to) which should help with set-up. The English thread contains some info in English, and the French link contains screen-shots to help with the set-up:

    https://www.wilderssecurity.com/archive/index.php/t-33363 (English)

    https://www.wilderssecurity.com/showthread.php?t=18327&page=1&pp=25 (French)

    I haven't actually followed the instructions yet, but they seem straightforward enough. I will be trying it soon cos I also want to use Phant0m's rule set.

    profhsg: I'm not an expert, but from what I gather they are more strict over exactly what traffic is allowed and over what port it is allowed. Not exactly sure what nasties they protect you from that the EnhanceRuleSet doesn't stop though.

    Hope this helps

    Frederic: How about distributing Phant0m's Rule Set with LnS, if that is OK with Phant0m. ?
     
  5. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Defenestration,

    Actually this kind of ruleset is for advanced users only. Some configuration is required, and in case of problem (ie some application not working anymore) some knowledge about firewalls and protocols is required to refine this kind of ruleset.
    That's why we can't provide directly this ruleset with LnS.

    Experienced users will come to this forum and will use it from there.

    Frederic
     
  7. Looney

    Looney Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    7
    Hello All,

    Just to answer a few questions with my limited knowledge.

    1-Once Phantoms ruleset has been renamed (as per first post) save the file to the Looknstop directory. Then it can be loaded by using the options in the LNS program in exactly the same way as you would load the standard or enahanced ruleset.

    2-The posts pointed out in the French Forum (images) and English forum by Defenestration show the basic configuration, including dial up necessary. Also the SpyBlocker forum post is a good explanation.

    3-Version 5 of Phantoms ruleset issued on 9 Sept 2003 is the latest version to have been made available through these forums.

    4-I can provide a simple set of set up notes if required, however this would be my application of Phantoms and others advice through these forums. If needed I will help if I can.

    Cheers :D
     
  8. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I tried to set-up the Phant0m's Rule Set, but currently I cannot access the internet at all when using this RuleSet. This and the following posts shows what I have currently done (with images). I understand I have to enable the BOOTP / DHCP rule (because I have a dynamically allocated IP address), but as can be seen from the image, Dhcp is not enabled. How do I enable it ?

    1) connected to the internet using Enhanced Rule Set so I can run ipconfig /all to determine the DNS servers. I did this more than once because it only returned one DNS Server each time and I was sure there would be more than one. The info returned is shown in the image below.
     

    Attached Files:

  9. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    2) Loaded in Phant0m's Rule Set and double-clicked on the DNS-Allowed-1 rule to edit it. I set the Destination IP addresses to the address returned for the DNS Servers. This is shown in the second image.
     

    Attached Files:

  10. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    3) I then enabled this rule as can be seen in the third image.
     

    Attached Files:

  11. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    A couple of problems:

    1) I can get it to work if I connect using the Enhanced Rule Set, and then Load Phant0m's Rule Set. If I start with Phant0m's Rule Set I can't load any web pages). Anybody knows what's going on ?

    2) When I ran "ipconfig /all" today I was told the DNS Server address was 195.93.48.134, so it looks like AOL have a range of DNS Servers with addresses ranging from at least 195.93.33.134 to 195.93.48.134. I know I can use the "In range A:B" option to specify a range of DNS addresses instead of "Equal Or", but how do I find out exactly what range of addresses AOL are using for DNS Servers ? or is it just trial and error ?
     
  12. ErAsEr

    ErAsEr Registered Member

    Joined:
    Jul 30, 2004
    Posts:
    11
    Hey,
    When you finished edit the rule,have you "apply" it?
    If your "DHCP" is "Disabled",just let it "Disabled",that's not the problem.
    It should works well when you have edited the "DNS-Allowed-1" in the right way.
    Good luck!
     
  13. Looney

    Looney Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    7
    Defenestration,

    The four BOOT/DHCP rules in the image have not been allowed. ie the green tick on the left is not there indicating the rules are inactive. Tick the rules, apply them, save your changes and then try the ruleset.

    Hope that helps
     
  14. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Hey, thank's for the replies. I've got it working now. The problem was related to the DNS Server rule not being set with the correct range. When I first tried it, it wouldn't connect, but now I'm having no problems so I can only think the new address range hadn't actually been set.

    Just to let you know, the only thing I've changed from the default rules is the DNS-Allowed-1 rule which I've enabled (ie. green tick next to it) and changed the destination IP address from "Equal-Or" to "In range A:B" and set a range of IP addresses. Whenever I can't surf, I run "ipconfig /all" and so far the DNS Server address returned is outside the range I've set, so I just increase the range, click "Save" and "Apply". Then I have no problems (touch wood:eek:)!).

    Thanks go out to Phant0m for his rule set which is making my PC safer than ever when on-line!
     
  15. toto63

    toto63 Registered Member

    Joined:
    Aug 11, 2004
    Posts:
    3
    Hello all,
    I have setup the phant0m rules on my machine. But I would like to know if anyone know where to find the old phant0m website, or has a backup of it.
    I want to understand a bit more what each the rules does. I want to know why it is important to block certain sorts of packet.
    It would help me to customise the rules to my need. I have already make some change but I am sure I've create some whole in it :) .
    Thanks for your help.
     
  16. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Last edited: Aug 17, 2004
  17. toto63

    toto63 Registered Member

    Joined:
    Aug 11, 2004
    Posts:
    3
    Thanks Defenestration, it looks interesting. I know what is a land attack now. Only few more to understand ;) .
     
Thread Status:
Not open for further replies.