Strange problem with LnS 2.05p3

Discussion in 'LnS English Forum' started by Praet0r, Nov 2, 2005.

Thread Status:
Not open for further replies.
  1. Praet0r

    Praet0r Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    8
    Hello!

    I encountered a strange problem while using LnS 2.05p3 (with phant0ms ruleset and my modifications for my personal usage habits). If I use LnS with BitComet (maximum Connections 150 per Torrent, 500 global TCP maximum, but I'm usually only on one torrent at a time, with Peer Guardian 2 and ProcessGuard running), my Internet Connection comes to a halt after several hours of usage. I am not able to open any site, connect to any IM service, nor does BitComet download a single byte. The strange thing however is that my network connection status still indicates that packets are coming in and are being transferred out, probably at the speed that BitComet would do (a little bit slower).

    And the Log Window of LnS shows several connections established, sometimes only one (this night it was one ip on ports 2030-2035). Strange, isn't it?

    But it doesn't stop there...now if I do a reconnect and get a new ip from my ISP, the problem still persits! Still cannot connect to any internet service. Cannot do a ping or whatever. So I restarted LnS but nothing changed. Only a reboot of my sys (WinXP Prof SP1, all Updates) will do the magic. What could that be? Btw. I am using Kaspersky AV Prof., Spybot S&D and, as I mentioned, ProcessGuard (which doesn't show any alert at all in that case).

    To clarify things i am adding a screenshot of my ruleset. Feel free to notify me of any mistakes or optimisation possibilities ;)

    http://img454.imageshack.us/img454/6683/ruleset4li.th.jpg

    ^
    |
    Click me!


    Did I mention that TCP SPI is turned on? No? Well, it is. :)
     
    Last edited: Nov 2, 2005
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    This is probably related to the TCP SPI.
    Could you disable it and verify this problem disappears ?

    Thanks,

    Frederic
     
  3. Praet0r

    Praet0r Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    8
    Hi Frederic.

    Yes, if I turn off TCP SPI the problem won't appear. I only wonder because the global maximum of simultanous TCP connections in BitComet is now set to 150. I thought that LnS 205p3 could handle this. Anyway...I will turn it off then. Are you sure it is not a problem of my ruleset?

    Kind regards,


    Praet0r
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    If the problem doesn't appear when the TCP SPI is disabled, then the ruleset is Ok, and the problem comes from TCP SPI.
    Yes normally the 2.05p3 is supposed to handle 256 simultaneous connections. Did you verify bitcomet was not using more than 150 connections ? You can have the list of connections by clicking the Connections button from the log page (TCP SPI needs to be disabled). Also when the problem occurs, you could open the Console, click the drivers logs button and send me the result (to lnssupport@soft4ever.com) it may help understanding what is happening.

    Regards,

    Frederic
     
  5. Praet0r

    Praet0r Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    8
    Hi Frederic,

    I can confirm that the problem is related to the TCP SPI and too many simultaneous connections, because if I use eMule, which is set to a far greater number of simultaneous connections, the problem appears a lot earlier.

    While using BitComet, the problem appears too, but only after a long amount of time, let's say about 15 hours (still using 150 max. Conns in BitComet). Another problem I encountered using BitComet and LnS2.05p3 with TCP SPI turned on was the BSOD. I traced the problem back to the afd.sys, which required me to add some settings in the registry. I don't know if this is of any importance to you, I just thought you might want to hear about that.
     
  6. Passer-By

    Passer-By Guest

    Looking at your ruleset, the open port rules should be placed below invalid flag checking, anti-mac & etc rules of Phantom to protect your open ports from nmap scanning & others...

    Just my 2 cents
     
Thread Status:
Not open for further replies.