Who have better rules than phantom rules 5 ??

Discussion in 'LnS English Forum' started by kamui, May 29, 2004.

Thread Status:
Not open for further replies.
  1. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    Hi All ,

    I use lns 2.05 with ph rules 5 , I passed almost scan test except this one: sygate udp scan ,all ports are closed :eek: .
    http://scan.sygatetech.com/udpscan.html
    :'(

    I'm running on Xp Pro Sp1 with a DSL Router Cisco C827 :cool:
    I want to know if phantom rule's users passed this udp scan test

    thx Kamui ^^

    ++
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi kamui,

    Just tested it, with the basic enhanced ruleset, and it reported the following:


    ______________________________________________________________________
    We have determined that you have a firewall blocking UDP ports!
    We are unable to scan any more UDP ports on IP: xx.yy.zz.23 . . .

    You have blocked all of our probes! We still recommend running this test both with
    and without Sygate Personal Firewall enabled... so turn it off and try the test again.

    ______________________________________________________________________

    So, I don't know if the problem is really coming from the ruleset.

    Do you have some alerts in the Look 'n' Stop log page when you perform this test ?

    Perhaps your router is answering directly to the scanner ? and the packets are not even seen by the PC ?

    Frederic
     
  3. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    Thx Fred , I think you are right because I try Lns 2.05+Ph rules 5 with my old Alcatel Speedtouch Usb Modem , and I passed this test :cool: . and have block log in Lns :).

    But with my Cisco C827 , no log in Lns2.05 and test failed , the problem come to my router ,I need to most secure my ACL .

    In this case , am I protected with cisco c827 and lns 2.05 o_O? .
    Regards ,
    Kamui
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Yes you are, ports reported as being closed are those from your routers, not your computer.

    Same if you go throught a proxy, with many scanner, it won't be your computer which will be scanned but the proxy, displaying "wrong" results.

    regards,

    gkweb.
     
  5. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    oki guys , that reassure me .

    in french ,

    Merci les gars sa me rassure ;)

    ++
    Kamui
     
  6. kamui

    kamui Registered Member

    Joined:
    Aug 19, 2003
    Posts:
    218
    Location:
    France
    I retry the test with my new ACL and it's passed :cool:

    Cisco powaaaaaaaaaaa *puppy*
     
Thread Status:
Not open for further replies.