帮忙推荐一款墙与NOD32配合用。

显示全部楼层 · 发表于 2007-8-18 18:55:59

那儿杀软就是nod
防火墙就是LNS
真是个好地方
和我用的完全一样

显示全部楼层 · 发表于 2007-8-18 19:01:30

光Sp2 fw的icmp协议设置我都看不懂..郁闷..

[ 本帖最后由 hj5abc 于 2007-8-18 19:02 编辑 ]

显示全部楼层 · 发表于 2007-8-18 19:05:33

Climenole的回答

Hi nos_grunt

All these entries are normal.

Here's the way to managed it:

1) ICMP

You must allow this:

type 8 code 0 echo request: Outgoing only
type 0 code 0 echo reply: Incoming only
type 11 code 0 timeout: Incoming only (used by TraceRoute...)

All the other ICMP codes must be blocked in and out

BUT

It's possible to use it wisely to have interesting informations...

After the 3 previous allowd ICMP type/code you may add these specific ICMP
blocking rules to have a more explicit information in the log (to have it add an ! or to not log it remove the ! ... see ?)

type 3 code 0 Network Unreacheable: block in and out and log it (or not)
type 3 code 1 Host Unreachable: block in and out and log it (or not)
type 3 code 3 Port Unreachable: block in and out and log it (or not)
type 3 code 10 Host Forbidden: block in and out and log it (or not)
type 3 code 13 Forbidden (Filtering): block in and out and log it (or not)

and dont worry about all these signals... This is normal.

Don't forget to block all remaining ICMP types/codes (mandatory...)

B) Post-connections incomming packets

What you can do is to create rules to block with no log entries all these annoying packets entries in the log...

Here's an "experimental" rules set:

http://www.wilderssecurity.com/showthread.php?t=178698

Check the rule {Y. 99996}; [UDP] << Bt pqts post-connex. ! > to understand how to do...

一句话
type 8 code 0 echo request: Outgoing only
type 0 code 0 echo reply: Incoming only
type 11 code 0 timeout: Incoming only (used by TraceRoute...)
这三个平时就要允许

type 3 code 0 Network Unreacheable: block in and out and log it (or not)
type 3 code 1 Host Unreachable: block in and out and log it (or not)
type 3 code 3 Port Unreachable: block in and out and log it (or not)
type 3 code 10 Host Forbidden: block in and out and log it (or not)
type 3 code 13 Forbidden (Filtering): block in and out and log it (or not)
这几个在用bt的时候允许
平时阻止

其他的都阻止

用LNS等于是在学网络协议
还在慢慢研究ing
头已经疼了

显示全部楼层 · 发表于 2007-8-18 19:09:35

look'n'stop的设计初衷更偏向gateway吧..

显示全部楼层 · 发表于 2007-8-18 19:28:43

也不是这么说
防内其实也不差的
8signs和CHX才算是服务器的墙吧
而且包过滤的墙貌似防arp都不错的说

显示全部楼层 · 发表于 2007-8-19 00:28:14

原帖由 风野胤 于 2007-8-17 20:30 发表
LNS
最近对这个墙很有爱
反正我用是没有冲突过
以前用风云 jetico和MDF都蓝屏过
什么叫网页监控
那不是应该是杀软做的事么
资源占用不到500K
至于功能如何可以去LNS区去看
或者h ...

太难用了，本身一电脑菜菜。
希望能有一款适合菜鸟用，占资源少点的。（虽然上网多，但上网习惯还算不错。只希望运行电脑里面的软件流畅，上网别动不动就中招就OK了。）

显示全部楼层 · 发表于 2007-8-19 06:23:57

原帖由 gaige 于 2007-8-19 00:28 发表

太难用了，本身一电脑菜菜。
希望能有一款适合菜鸟用，占资源少点的。（虽然上网多，但上网习惯还算不错。只希望运行电脑里面的软件流畅，上网别动不动就中招就OK了。）

那就用系统自带墙，那玩意防外还是不错的。不去XX，中鸽子之类的几率也不高，内部应该没什么问题

显示全部楼层 · 发表于 2007-8-19 11:29:19

现在的毒网是免费挂随时挂包自动下载,流水线..

显示全部楼层 · 发表于 2007-8-19 12:39:27

原帖由 hj5abc 于 2007-8-19 11:29 发表
现在的毒网是免费挂随时挂包自动下载,流水线..

放心吧，就算大站挂马了也会很快撤下来，小站LZ不怎么去。再说不还有杀软么

显示全部楼层 · 发表于 2007-8-19 17:12:22

要这么小心翼翼,不如换个浏览器 ..

[讨论] 帮忙推荐一款墙与NOD32配合用。

回复 #29 hj5abc 的帖子

本帖子中包含更多资源

回复 #32 hj5abc 的帖子

回复 #33 风野胤的帖子

回复 #34 hj5abc 的帖子

回复 #37 xffsfy 的帖子

回复 #39 xffsfy 的帖子