Re: Place your bets - Closed vs Stealthed

gkweb join:2003-06-09 76800 1 edit	reply to MxxCon Re: Place your bets - Closed vs Stealthed That you send TCP/UDP or ICMP packets makes no difference, if you don't exist, the last router should send back an "host unreachable" ICMP message. That's why indeed "FILTERED" is probably more right than "stealth", because that's what you do, filtering (drop). The absence of any message clearly shows you are there, dropping packets. "Stealth" is misleading in the way it could mean invisible. The advantages of stealth are not to make you invisible, but rather to allow you to mitigate reflective attacks and in few cases to save upstream bandwidth. Also, security scanners such as nmap need at least one open port and one closed port to guess your OS. If you are running a server (some IM software or P2P are acting like servers) and you are not sending back responses from closed ports, it may help to prevent giving away too much information about your OS. Regards, gkweb. -- Firewall tester : »www.firewallleaktester.com member of ASAP : Alliance of Security Analysis Professionals
	to forum · permalink · · 2006-10-13 12:10:57 ·
MxxCon join:1999-11-19 Brooklyn, NY clubs:	reply to jbob said by jbob : Not true. A response from a non-existant IP should be "Destination unreacheable" whereas there is NO response from a "Filtered" IP port. that is incorrect because "Destination Unreachable" is an ICMP error message, where as port scans are either TCP or UDP. -- [Sig removed by Administrator: Signature can not exceed 20GB]
	to forum · permalink · · 2006-10-13 11:24:29 ·
jbob Reach Out and Touch Someone Premium join:2004-04-26 Little Rock, AR ·Comcast ·AT&T Southwest	reply to MxxCon said by MxxCon : said by rotty97 : Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist. if all of your ports are FILTERED(i hate 'stealthed' term), it will appear exactly the same as non-existing ip, so 'a hacker' will not get a different response because he will not get a response at all. Not true. A response from a non-existant IP should be "Destination unreacheable" whereas there is NO response from a "Filtered" IP port. Or something like that! If one is paying attention that of course means something is there, it's just not answering. In that sense "Filtered" makes more sense than "Stealthed!"
	to forum · permalink · · 2006-10-13 10:47:14 ·
MxxCon join:1999-11-19 Brooklyn, NY clubs:	reply to rotty97 said by rotty97 : Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist. if all of your ports are FILTERED(i hate 'stealthed' term), it will appear exactly the same as non-existing ip, so 'a hacker' will not get a different response because he will not get a response at all. -- [Sig removed by Administrator: Signature can not exceed 20GB]
	to forum · permalink · · 2006-10-13 10:23:14 ·
rotty97 join:2005-06-30 Australia	reply to gkweb Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist. So stealthing a port is just as good as having it closed. The hacker knows your their but can't do much with you unless you have unsecure apps listening on the internet. cheers, rotty
	to forum · permalink · · 2006-10-13 07:31:26 ·


Wednesday, 02-Dec 05:51:53	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF