Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Place your bets - Closed vs Stealthed
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
IE7.0 Released! »
« wssc.exe  

gkweb

join:2003-06-09
76800

Re: Place your bets - Closed vs Stealthed

Hello,

As I said in the other topic, I think that close will attract less attention than stealth (because stealth means you do not have an answer, so you retry again instead of moving away).

Anyway, I think that at the end you will just prove one advantage of "close", the same way that "stealth" has it's own advantages too. I'm not sure how could this test trash one or the other, no matter the result.

Regards,
gkweb.
--
Firewall tester : »www.firewallleaktester.com

*member of ASAP : Alliance of Security Analysis Professionals*
permalink · 2006-10-13 05:24:44 · Print · Reply to this
rotty97

join:2005-06-30
Australia

Re: Place your bets - Closed vs Stealthed

Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist. So stealthing a port is just as good as having it closed. The hacker knows your their but can't do much with you unless you have unsecure apps listening on the internet.

cheers, rotty
permalink · 2006-10-13 07:31:26 · Reply to this

MxxCon

join:1999-11-19
Brooklyn, NY
clubs:

Re: Place your bets - Closed vs Stealthed

said by rotty97 See Profile :

Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist.
if all of your ports are FILTERED(i hate 'stealthed' term), it will appear exactly the same as non-existing ip, so 'a hacker' will not get a different response because he will not get a response at all.
--
[Sig removed by Administrator: Signature can not exceed 20GB]
permalink · 2006-10-13 10:23:14 · Print · Reply to this

jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
·AT&T Southwest

Re: Place your bets - Closed vs Stealthed

said by MxxCon See Profile :

said by rotty97 See Profile :

Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist.
if all of your ports are FILTERED(i hate 'stealthed' term), it will appear exactly the same as non-existing ip, so 'a hacker' will not get a different response because he will not get a response at all.
Not true. A response from a non-existant IP should be "Destination unreacheable" whereas there is NO response from a "Filtered" IP port. Or something like that! If one is paying attention that of course means something is there, it's just not answering. In that sense "Filtered" makes more sense than "Stealthed!"
permalink · 2006-10-13 10:47:14 · Print · Reply to this

MxxCon

join:1999-11-19
Brooklyn, NY
clubs:

Re: Place your bets - Closed vs Stealthed

said by jbob See Profile :

Not true. A response from a non-existant IP should be "Destination unreacheable" whereas there is NO response from a "Filtered" IP port.
that is incorrect because "Destination Unreachable" is an ICMP error message, where as port scans are either TCP or UDP.
--
[Sig removed by Administrator: Signature can not exceed 20GB]
permalink · 2006-10-13 11:24:29 · Print · Reply to this

gkweb

join:2003-06-09
76800

1 edit

Re: Place your bets - Closed vs Stealthed

That you send TCP/UDP or ICMP packets makes no difference, if you don't exist, the last router should send back an "host unreachable" ICMP message.

That's why indeed "FILTERED" is probably more right than "stealth", because that's what you do, filtering (drop).
The absence of any message clearly shows you are there, dropping packets. "Stealth" is misleading in the way it could mean invisible.

The advantages of stealth are not to make you invisible, but rather to allow you to mitigate reflective attacks and in few cases to save upstream bandwidth. Also, security scanners such as nmap need at least one open port and one closed port to guess your OS. If you are running a server (some IM software or P2P are acting like servers) and you are not sending back responses from closed ports, it may help to prevent giving away too much information about your OS.

Regards,
gkweb.
--
Firewall tester : »www.firewallleaktester.com

*member of ASAP : Alliance of Security Analysis Professionals*
permalink · 2006-10-13 12:10:57 · Print · Reply to this
Forums » Up and Running » Security » SecurityIE7.0 Released! »
« wssc.exe  

Friday, 04-Dec 20:29:44 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [145] Avast Antivirus Has Gone Mad
· [126] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [82] FCC Ponders Moving From PSTN To IP Voice
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [74] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [64] Broadband Killed The Game Console
Most people now reading
· False positive in Avast! or is it real? [Security]
· Farewell [Bell Canada]
· Windows 7 boot manager editing questions [Microsoft Help]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· DNS options, what are YOU using? [TekSavvy]
· Evading throttling with uTP / uTorrent 1.9a [TekSavvy]
· Dr. Tim Ball On the Significance of the CRU Hacked Documents [Canadian Chat]
· Microsoft actively urges IE 6 users to upgrade [Security]
· Corrupted downloads on new system [Microsoft Help]
· An Excellent Guide About Google Voice And Sip Sorcery [VOIP Tech Chat]