 skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South
Charter Internet/TV
Earthlink DSL
CenturyLink
ISP b2b etc
Cisco
| reply to SYNACK
Re: BEFSX41 Stealth & Closed Ports and AFP said by SYNACK:
said by CrazyM:
At the time of that linked post the results seemed consistent. Under intense scan from from a single source, when the number of inbound ports scanned reached 1000, the router/firewall would start providing a closed response instead of stealth (no response).
This is actually not a bad stance and can avoid other problems.
For example, if your computer crashes while gaming, or you get an IP that was just used by a file share client, you'll get tons of probes and they won't end because the other side is never notified that the service no longer exists. A closed response will provide that notification (This is especially important for stateless protocols such as UDP).
Overall, closed vs. stealth is not really a security issue, both are equally secure. Even a closed port is completely safe.
Sometimes "stealth at any cost" indirectly causes too many other problems. Stealth is mostly hype.
Thanks for the explanation. Maybe that is why Linksys has not "fixed" this issue.
I was also looking to verify the 1000 port scan "limit" with another scanner. I found PCFlank but scanning that many ports results in the connection to the site being lost. Anybody know of any other scanner out there that can test that many ports at once?
Edit: Got PcFlank to work and was able to duplicate the same result with a 1000+ port scan.
[text was edited by author 2003-08-28 21:16:47] |
