Re: Place your bets - Closed vs Stealthed

Author	All Replies
jbob Reach Out and Touch Someone Premium join:2004-04-26 Little Rock, AR ·Comcast ·AT&T Southwest	reply to MxxCon Re: Place your bets - Closed vs Stealthed said by MxxCon : said by rotty97 : Apprarently the response a hacker gets from a "Stealthed" port is different then a response you get from an IP that doesn't exist. if all of your ports are FILTERED(i hate 'stealthed' term), it will appear exactly the same as non-existing ip, so 'a hacker' will not get a different response because he will not get a response at all. Not true. A response from a non-existant IP should be "Destination unreacheable" whereas there is NO response from a "Filtered" IP port. Or something like that! If one is paying attention that of course means something is there, it's just not answering. In that sense "Filtered" makes more sense than "Stealthed!"
	to forum · permalink · · 2006-10-13 10:47:14 ·
MxxCon join:1999-11-19 Brooklyn, NY clubs:	said by jbob : Not true. A response from a non-existant IP should be "Destination unreacheable" whereas there is NO response from a "Filtered" IP port. that is incorrect because "Destination Unreachable" is an ICMP error message, where as port scans are either TCP or UDP. -- [Sig removed by Administrator: Signature can not exceed 20GB]
MxxCon join:1999-11-19 Brooklyn, NY clubs:	to forum · permalink · · 2006-10-13 11:24:29 ·
gkweb join:2003-06-09 76800 1 edit	That you send TCP/UDP or ICMP packets makes no difference, if you don't exist, the last router should send back an "host unreachable" ICMP message. That's why indeed "FILTERED" is probably more right than "stealth", because that's what you do, filtering (drop). The absence of any message clearly shows you are there, dropping packets. "Stealth" is misleading in the way it could mean invisible. The advantages of stealth are not to make you invisible, but rather to allow you to mitigate reflective attacks and in few cases to save upstream bandwidth. Also, security scanners such as nmap need at least one open port and one closed port to guess your OS. If you are running a server (some IM software or P2P are acting like servers) and you are not sending back responses from closed ports, it may help to prevent giving away too much information about your OS. Regards, gkweb. -- Firewall tester : »www.firewallleaktester.com member of ASAP : Alliance of Security Analysis Professionals
gkweb join:2003-06-09 76800 1 edit	to forum · permalink · · 2006-10-13 12:10:57 ·


Thursday, 26-Nov 10:46:38	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF