RuleSet opinion.....please

Discussion in 'LnS English Forum' started by siosla, Jul 13, 2008.

Thread Status:
Not open for further replies.
  1. siosla

    siosla Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    6
    After the window update fiasco, I decided to migrate to LnS from ZA after reading favaorable reviews. I installed it and I am liking it so far.
    I downloaded latest PhantOm ruleset(from http://www.mntolympus.org) and my AV alert to an infection of installer "virus obfustat.tcp".

    My question is this: Is phantom ruleset a must have enhancement to LnS or the is supplied LnS enhanced ruleset more than adequate??

    Thanks
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    If you want an high protection, and you would like to tune exactly which packets are sent/received (and you are able to that), then Phant0m ruleset is for you.
    If you want a standard protection, and you are not so familiar with packet filter rules, then the enhanced ruleset is for you.

    Note that Look 'n' Stop is also concerned by the Microsoft issue, and the DNS rule has to be updated to use local port range 49152-65535 instead of 1024-5000 according to this post.

    Regards,

    Frederic
     
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Yesterday's update addresses the WU KB951748 issue...
     
  4. siosla

    siosla Registered Member

    Joined:
    Jul 10, 2008
    Posts:
    6
    thanks for the reply.....I'll stick with enhanced ruleset for now.
     
  5. l2006

    l2006 Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    9
    Location:
    Seattle, WA
    Where is the enhanced rules set for getting around yesterday's Microsoft Security Update, KB951748?

    Where is the link for this enhanced rules set?

    I do have the thread on how to possibly fix this 'manually', but I rather just install the new rules set. Also please a short refresher on how to install a rules set would be nice.

    I'll check later today for an answer... meanwhile I'm surfing the new without a firewall...
     
  6. l2006

    l2006 Registered Member

    Joined:
    Oct 27, 2006
    Posts:
    9
    Location:
    Seattle, WA
    OK, I did follow the thread where you change the "UDP: Authorize name resolution (DNS)" rule, and it worked. So no need for a new rules file, however, I am using version 2.06 and if there's a newer rules file do let me know, though for now I'm happy.

    :)
     
Thread Status:
Not open for further replies.