Broadband Tech > Security > Security > Place your bets - Closed vs Stealthed

Place your bets - Closed vs Stealthed

Scan from GRC

Results (Bar Chart) Results (Bar Chart)

Results (Pie Chart) Results (Pie Chart)

Hmm... I say no, because a closed port is no good to a potential hacker.
--
huh?

reply to Link Logger

reply to Link Logger
From your screenie you have Ports 135/139/445 open, so naturally i expect those to be probed and/or entered, with whatever consequences if nasties do get in !

I think that closed versus stealthed ports automatically create more attention by default, as they can be seen, whereas stealthed ports cannot. Whether this leads to any or continued scanning etc is another matter though.

Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks

reply to Link Logger

reply to SpannerITWks

reply to Snowy

said by Snowy:

Is there any more danger to running closed vs stealth?
That would depend on what's running & who's running it.

reply to Link Logger
Hello,

As I said in the other topic, I think that close will attract less attention than stealth (because stealth means you do not have an answer, so you retry again instead of moving away).

Anyway, I think that at the end you will just prove one advantage of "close", the same way that "stealth" has it's own advantages too. I'm not sure how could this test trash one or the other, no matter the result.

Regards,
gkweb.
--
Firewall tester : »www.firewallleaktester.com

*member of ASAP : Alliance of Security Analysis Professionals*

Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist. So stealthing a port is just as good as having it closed. The hacker knows your their but can't do much with you unless you have unsecure apps listening on the internet.

cheers, rotty

reply to Link Logger
A "closed" port will attract more interest than "stealthed" in my opinion...

Simply put, if the port is stealthed (provided some jackhole isn't using some "George Jetson," Mystery Science Theater 3000 type device) then the port shouldn't even register to a scan/probe.

If the port is just simply closed, thise means it will respond (to an extent) to the probe, but still won't let you in. Now, a persistent hacker will take this as a challenge because now he knows the port is there; the goal would then would be to get in "even though" the port is closed. Think about, there are a lot of stealthed ports on a router by default if configured out of the box properly. If I were a hacker, why would I spend my time looking for ports that are stealthed when I can try and find a closed one to hack and then work my way through the infrastructure that way?

Jay

reply to Link Logger
Do you have DSL or Cable?

reply to DocLarge

reply to rotty97

reply to Link Logger
actually i think if anything, having a closed port will make portscan go much faster(don't wait for timeout) so they'll be faster done with your ip and move on..

on the other hand, filtered ports is a 'zero effort' measure to slowdown their portscans.

and yet, if somebody is scanning large range of (fast)ips it's only sensible for them to configure a timeout value to a pretty aggressive value so not to waste time...at least that's what i would do.
wasting 30sec on an ip with filtered ports vs scanning 100 other ips.
--
[Sig removed by Administrator: Signature can not exceed 20GB]

reply to TheWiseGuy

reply to MxxCon

reply to Link Logger
If you had DSL with an IP that changed, I would have said on average you would see more traffic with dropping packets since you would likely get hit with the previous residents P2P at some point.

NMap in the default mode will skip your IP if there is no reply, but if you set it to ignore host discovery it would still scan. Some worms also check to see if an IP responds.

My guess is that the difference in Downstream traffic will be negligible compared to your connection Bandwidth but Upstream traffic will be a lot less with dropped packets but probably still negligible compared to your bandwidth.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.

reply to Link Logger
* With sarcasm *

Where can I place my bet? Also how much has everyone else bet? Hey wait a minute, I thought betting illegal.

* Back to serious *

For more info please see Security Now! with Steve Gibson, Episode 43 for June 8, 2006: Ports.

And also see, To stealth or not to stealth (aka:The Myth of Stealth)
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.

reply to Link Logger

... I voted 'not significantly' ... unless someone is specifically hunting your IP I just don't think they'll waste a lot of time on either type target when there's so much 'low-hanging fruit' available elsewhere ...

... I know this discussion rages from time to time, I just don't know if it ever changes anyone's mind, or if I should care ...

--
... " how can we miss you if you won't GO AWAY ! " ...

reply to jbob