Ruleset.

Discussion in 'LnS English Forum' started by Konata Izumi, Apr 19, 2010.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I can't buy Phant0m's ruleset, I'm poor, I'm only using trial version of LnS.
    can anyone share a few rules to improve the default enhanced ruleset in LnS?

    What's this Anti-IP Spoofing? can somebody share me ruleset for this?

    Another question... If Anti-Flood setting in LnS is checked does it increase protection?
     
  2. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    Something like Phant0m's ruleset should come with the program.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    It is to help prevent another PC on the LAN from pretending to be your gateway. In most cases such a rule is not really needed.

    The rule can be found here http://looknstop.soft4ever.com/Rules/En/ARP-AntiSpoof.rie

    Copy the text and save it as an .rie file so you can import it into L`n`S. You will need to edit the rule to enter your gateway MAC and gateway IP (info as to where that info is added can be found within the rule when you edit)

    This is the rule edit window after import, read the instructions shown in the description window.

    Arp antispoof.png


    - Stem
     
  4. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    that looks so complicated. :argh:
     
  5. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    That's another great example to see the power of L'n'S, it's very configurable and powerful software firewall, you can do with them almost everything in terms of networking/firewalling of course only if your knowledge allows you to this :thumb:
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Does that mean you are not adding the rule, or does that mean you would like a step by step guide on how to add/edit the rule?


    - Stem
     
  7. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I want a step by step guide. :-*
    like how I get Gateway IP/Gateway MAC

    and if possible a manual configuration to achieve the same level of security from Phant0m's ruleset
     
    Last edited: Apr 21, 2010
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    We will assume that your gateway info as not been compromised.

    Gateway IP can be found by using the command(dos) window.
    (In XP) Go to Start-> Run-> (type in the popup window) CMD. That will bring up the command(dos) window. (In vista/win7 I believe you go to the start menu and you will find a shortcut to the cmd window).

    In the command(dos) window type IPCONFIG /ALL you will be shown a list of your current interfaces. Find the one that shows your current IP, there you will find an entry for the current gateway IP.

    Once you have the gateway IP, in the command window type ARP -A that will show a list of the current ARP cache and the gateway IP should be there with its MAC address (if there are no entries, then connect out with your browser)

    I do not know what it in that ruleset. You can add pre-config raw rules for such as DNS/DHCP which will add security as they also check the ID numbers of the replies.

    Direct download link for those rules:- Edit: See this post. https://www.wilderssecurity.com/showpost.php?p=1838024&postcount=13

    Also in those rules are raw rules for ARP/ICMP

    EDIT. here is the ARP antispoof raw rule: Edit: See this post. https://www.wilderssecurity.com/showpost.php?p=1838024&postcount=13


    Add the DNS and DHCP rules and just disable the current rules for DNS/DHCP (The DNS/DHCP raw rules need no editing). I say just disable the current rules for DNS/DHCP, just in case there is a problem, if there is, then you can just re-enable them.

    - Stem
     
    Last edited by a moderator: Mar 5, 2011
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    To edit the ARP antispoof rule:-

    First you will probably need to download the raw rule plugin:- http://www.looknstop.com/En/plugin.htm

    Place the plugin into the L`n`S folder, then open L`n`S -> options tab-> Advanced options-> select "Plugins" and enable the raw rule plugin.

    Load/import the ARP antispoof rule into the Internet filtering rules. Once imported double click the rule which will bring up the edit window.


    pic01 shows entry of mac address

    1:- select field 2
    2:- change to "Hexa Byte-split"
    3:- enter the mac address (when entering, use a "."(full stop) in between the hex numbers)
    01.png

    pic02 shows entry of gateway IP

    1:- select field 3
    2:- change to "Decimal Byte-split"
    3:- enter gateway IP
    02.png


    If you find yourself being locked out of internet access, disable the rule and re-check it.(and dont shout at me if you mess up :D )


    - Stem
     
  10. ruinebabine

    ruinebabine Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1,097
    Location:
    QC
    [!Stargazing=]
    Mhh, wouln't be too nice to have at hand a kinda LnS tweaking tread opened by this skillful guy up there...
    [/Stargazing!]
    ;)
     
Thread Status:
Not open for further replies.