 gkweb
join:2003-06-09
76800
1 edit | That you send TCP/UDP or ICMP packets makes no difference, if you don't exist, the last router should send back an "host unreachable" ICMP message.
That's why indeed "FILTERED" is probably more right than "stealth", because that's what you do, filtering (drop).
The absence of any message clearly shows you are there, dropping packets. "Stealth" is misleading in the way it could mean invisible.
The advantages of stealth are not to make you invisible, but rather to allow you to mitigate reflective attacks and in few cases to save upstream bandwidth. Also, security scanners such as nmap need at least one open port and one closed port to guess your OS. If you are running a server (some IM software or P2P are acting like servers) and you are not sending back responses from closed ports, it may help to prevent giving away too much information about your OS.
Regards,
gkweb.
--
Firewall tester : »www.firewallleaktester.com
*member of ASAP : Alliance of Security Analysis Professionals* |
