Quick question for Frederick

Discussion in 'LnS English Forum' started by AJohn, Oct 15, 2004.

Thread Status:
Not open for further replies.
  1. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I would like to say that I love your firewall and am very pleased with it. I have been wondering what type of features you might be considering adding to it in the future? Some things I think would spice it up some are:
    some sort of sandbox
    optional ids (even if it came with no rules by default)
    stronger password encryption
    self protection against termination

    Please give your thoughts on these.
     
    Last edited: Oct 15, 2004
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi AJohn,

    Adding pure SandBox features (I mean features not related to network activity) is not our intention at this time.
    However, features like "Watch DNS calls" and "Watch thread injection" could be considered as a kind of SandBox features and we will keep improving that when possible, in order to block the remaining (and future) threats still demonstrated by some leaktests.

    About IDS we don't think to implement a full IDS, some other applications (like snort) are already doing that correctly.
    However, having the possibility to interface Look 'n' Stop with an IDS through plugins, and let the possibility to this plugin to add dynamic rules to block a particular connection based on IDS alerts, why not.

    Password encryption is improved yet in 2.05p2.

    As for "self protection against termination", this goes with password protection. Under Windows XP SP2, you will anyway have a Windows alert if the firewall is no longer running. And the feature "Keep internet filtering active" still provides external protection when the application is stopped.
    Nevertheless, perhaps we will provide the same feature for Application Filtering (keep it active even if the application is stopped).

    Regards,

    Frederic
     
  3. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    OK, I would greatly appreciate it if you could creat a plug-in that allows people to use snort or other IDS rules. I would make one but I dont code.. yet.
     
  4. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Hi all!
    This would be a nice implementation, for persons having a server or DMZ! I look forward to a snort plug-in for auto-blocking/banning of intruders using snort rules... Maybe a better logging feature using XML to display blocked/banned ip's and IDS/IPS alerts!

    Cu
    Jazzie
     
  5. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I do like how you dont plan on packing LNS with stuff that makes it more than it should be. Some programs now days add tons of things that other programs should be left to do.
     
  6. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Also Frederick, I have been wondering your thoughts on implementing a tarpit (maybe as an addon)
     
  7. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Why would you want tarpit functionality? Just curious, since it doesn't increase your security, and it can tax your connection, and that of others (harmless, non-malicious internet background noise). Seems to me a gimmick that 8Signs is using, probably in hopes of getting people to overlook its lack of application filtering.
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Tarpit is no gimmick; you should make effort to understand something before making absurd remarks, maybe then you’d comprehend why requests are being made.

    In addition; yes it is true his firewall products don’t have Application Filtering, there are good reasons for this, obviously reasons people can’t seem to comprehend. His Firewall products however contains something much more critical (strong packet-filter), something that Look ‘n’ Stop is currently lacking. And while App-Filtering is something I prefer to have in my software firewall, I rather use something without as-long as I can be using something with very strong packet-filter, and James Grant firewalls offers this.

    Regards,
    Phant0m``
     
  9. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    If he did grant my request and if it was made as a plug-in then you could simply not use the plug-in nameless. I personally like the idea of a tarpit and don't beleive that it is a gimmick. My reason for wanting a tarpit is it is a passive way to fight back.
     
    Last edited: Oct 19, 2004
  10. Kaupp

    Kaupp Guest

    Hi Phant0m

    What is it that you think Look'n'Stop is lacking in it's packet filter?

    thx
     
  11. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Geez, thanks, Phantom, for the kind reply. You'd think I launched a personal attack on your kid brother. I love it though--if someone doesn't agree with you, they lack understanding.

    Feel free to explain why a tarpit is more than a gimmick, or how it would benefit a home user, or the user of a small network. I called it a "gimmick" because it does not increase the security of the computer it is operating on. The concept of the tarpit was introduced as a way to control large-scale worms, not as an add-in for a personal firewall product. It isn't intended to protect the machine it's running on, and it does not. It is supposed to protect machines other than the one it is running on.

    So, for a personal firewall, it's a damn gimmick. Deal with it.

    I also don't understand why you (apparently) think I can't comprehend the 8Signs product. I was just commenting that it lacked an application filter. You can't say a packet filter is more critical--that depends on how it is used. For me, the 8Signs firewall would be next to useless. I know it is good at what it does, but it doesn't do what I need it to do--at all.

    Hugs 'n' Kisses
     
    Last edited: Oct 19, 2004
  12. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    You are already fighting back by patching, using a firewall, and not being a target. Using a tarpit is just going to add grief to people (admittedly, mostly idiots) who are scanning without malicious intent.

    My feeling on the "you can choose not to use it" is that yeah that's true, but if he spends four days developing a tarpit plugin gimmick, that's four days he's not spending on stuff that actually matters. Look at 8Signs: They have this cute gimmick--which was not even conceived to run on and protect an individual machine--but still no application filtering.
     
  13. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Not if the tarpit was used as an anti-flood, or with programs of your choice.
     
  14. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    AJohn,
    Can you please help me and explain what exactely a "tarpit" is and what it is good for o_O

    Thanks,
    Thomas :)


     
  15. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
Thread Status:
Not open for further replies.