Topic 'Re: Port 0 and 1 Shows Closed not stealth Please helo' in forum 'Wireless Security'

Topic 'Re: Port 0 and 1 Shows Closed not stealth Please helo' in forum 'Wireless Security' - dslreports.com http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22929749 en Sat, 11 Feb 2012 14:09:03 EDT Sat, 11 Feb 2012 14:09:03 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22945661 said by chascent:

Can you run this thru the router??
Run what? DenyHosts? No. Linux/UNIX thing.]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22945661 Sat, 29 Aug 2009 23:27:54 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22945481 http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22945481 Sat, 29 Aug 2009 22:31:34 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22944073 said by SYNACK:

said by antdude:

Interesting. So would having one or a few ports be any differences? I only have one port opened for SSH.

As long as you forward to a real server you're fine.
Yeah, I do. I also use DenyHosts to block brute force attacks.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22944073 Sat, 29 Aug 2009 15:33:39 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943961 said by SYNACK:

A very misguided effort for stealth (as suggested elsewhere) is the idea of forwarding a port to a nonexistent or stealthed machine or on the LAN. Since each probe will create a temporary entry in the NAT table of the router while the router tries to ARP or contact the nonexistent machine, it can lead to resource starvation on the router. This creates a vulnerability, because flooding that port can overload the router, knocking the entire LAN offline. Whether or not a person should use the technique depends on how important "stealth" is to the individual, and the probability of a particular port being scanned or flooded during normal operation. In the case of port 0 and port 1, I cannot remember if I have every seen a log entry showing a scan of these ports. It seems to me that the probability of the ports being scanned is essentially zero. Therefore, the probability of exceeding the limit of the NAT is very, very small.

Personally, I don't believe that having port 0 and port 1 show closed during a scan test is important -- the device is secure.]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943961 Sat, 29 Aug 2009 15:02:22 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943600 said by antdude:

Interesting. So would having one or a few ports be any differences? I only have one port opened for SSH.
As long as you forward to a real server you're fine.]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943600 Sat, 29 Aug 2009 13:34:08 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943349 said by SYNACK:

Stealth has exactly one advantage:

It allows relatively clueless users to easily verify with online tools that the firewall software is actually enabled and running. ;)

Here's an old discussion that might shed some light on your questions.

A very misguided effort for stealth (as suggested elsewhere) is the idea of forwarding a port to a nonexistent or stealthed machine or on the LAN. Since each probe will create a temporary entry in the NAT table of the router while the router tries to ARP or contact the nonexistent machine, it can lead to resource starvation on the router. This creates a vulnerability, because flooding that port can overload the router, knocking the entire LAN offline. What do you think is a more graceful handling of a stray packet arriving on the WAN side: (1) Having the router return a RST for a "closed" response, then going back to regular work? (2) triggering a flurry of local LAN and router activity, but resulting in a stealth response to the outside viewer? Though so! :D
Interesting. So would having one or a few ports be any differences? I only have one port opened for SSH.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943349 Sat, 29 Aug 2009 12:20:49 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943331
It allows relatively clueless users to easily verify with online tools that the firewall software is actually enabled and running. ;)

Here's an old discussion that might shed some light on your questions.

A very misguided effort for stealth (as suggested elsewhere) is the idea of forwarding a port to a nonexistent or stealthed machine or on the LAN. Since each probe will create a temporary entry in the NAT table of the router while the router tries to ARP or contact the nonexistent machine, it can lead to resource starvation on the router. This creates a vulnerability, because flooding that port can overload the router, knocking the entire LAN offline. What do you think is a more graceful handling of a stray packet arriving on the WAN side: (1) Having the router return a RST for a "closed" response, then going back to regular work? (2) triggering a flurry of local LAN and router activity, but resulting in a stealth response to the outside viewer? Though so! :D]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943331 Sat, 29 Aug 2009 12:16:41 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943104 said by SYNACK:

said by Dude111:

...(Which is safer)

That's an old myth. ;)
It is? How so? :(]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22943104 Sat, 29 Aug 2009 11:17:02 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22942402 said by Dude111:

...(Which is safer)That's an old myth. ;)]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22942402 Sat, 29 Aug 2009 03:18:32 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22941921 quote:

As stated by SYNACK, closed is as secure as "stealth".

I think a CLOSED port can be detected by a port probe AS A CLOSED PORT... A "Stealthed" port is not detected AT ALL.. (Which is safer)]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22941921 Fri, 28 Aug 2009 23:42:37 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22939929 Any idea why on DIR-825 it will not work?

Charlie C]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22939929 Fri, 28 Aug 2009 16:25:07 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22939677
As stated by SYNACK, closed is as secure as "stealth".

If showing closed is still a problem for you, try forwarding the two ports to the IP address on your LAN that is not being used by an existing computer.]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22939677 Fri, 28 Aug 2009 15:40:08 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22938977
What dlink router model do you have?

Why did you post this in the wireless security forum? What router interface (WAN, LAN, Wireless) did you test and how?]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22938977 Fri, 28 Aug 2009 13:46:33 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22937750
I even have port 113 stealthed!!

Good luck bud!]]> http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22937750 Fri, 28 Aug 2009 10:12:05 EDT Re: Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22929757 http://www.dslreports.com/forum/Re-Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22929757 Wed, 26 Aug 2009 21:08:53 EDT Port 0 and 1 Shows Closed not stealth Please helo http://www.dslreports.com/forum/Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22929749
Chrlie C]]> http://www.dslreports.com/forum/Port-0-and-1-Shows-Closed-not-stealth-Please-helo-22929749 Wed, 26 Aug 2009 21:07:12 EDT