 CrazyMPremium
join:2001-05-16
BC Canada | reply to skj
Re: BEFSX41 Stealth & Closed Ports and AFP said by skj:
So are we to assume when subjected to over 1000 port scans it removes the port stealthing?
At the time of that linked post the results seemed consistent. Under intense scan from from a single source, when the number of inbound ports scanned reached 1000, the router/firewall would start providing a closed response instead of stealth (no response).
I do not believe this issue has been resolved yet.
Regards,
CrazyM |
|
 skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South | I know it has been raised as an issue for some time. I have not heard if the newest firmware version addresses this issue. |
|
| linksys engineers should know for a fact that ignoring this concern will just create an enormous problem and not a single individual is looking for a way to resolve it. try to forward this to linksys SKJ and see what workaround they can provide you with... |
|
 SYNACKJust Firewall ItPremium,Mod
join:2001-03-05
Venice, CA
Networking
Virtual Private Ne..
Netgear
ZyXEL
| reply to CrazyM
said by CrazyM:
At the time of that linked post the results seemed consistent. Under intense scan from from a single source, when the number of inbound ports scanned reached 1000, the router/firewall would start providing a closed response instead of stealth (no response).
This is actually not a bad stance and can avoid other problems.
For example, if your computer crashes while gaming, or you get an IP that was just used by a file share client, you'll get tons of probes and they won't end because the other side is never notified that the service no longer exists. A closed response will provide that notification (This is especially important for stateless protocols such as UDP).
Overall, closed vs. stealth is not really a security issue, both are equally secure. Even a closed port is completely safe.
Sometimes "stealth at any cost" indirectly causes too many other problems. Stealth is mostly hype.
[text was edited by author 2003-08-28 20:42:53] |
|
|
|
skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South Host:
Charter Internet/TV
Earthlink DSL
CenturyLink
ISP b2b etc
Cisco
| said by SYNACK:
said by CrazyM:
At the time of that linked post the results seemed consistent. Under intense scan from from a single source, when the number of inbound ports scanned reached 1000, the router/firewall would start providing a closed response instead of stealth (no response).
This is actually not a bad stance and can avoid other problems.
For example, if your computer crashes while gaming, or you get an IP that was just used by a file share client, you'll get tons of probes and they won't end because the other side is never notified that the service no longer exists. A closed response will provide that notification (This is especially important for stateless protocols such as UDP).
Overall, closed vs. stealth is not really a security issue, both are equally secure. Even a closed port is completely safe.
Sometimes "stealth at any cost" indirectly causes too many other problems. Stealth is mostly hype.
Thanks for the explanation. Maybe that is why Linksys has not "fixed" this issue.
I was also looking to verify the 1000 port scan "limit" with another scanner. I found PCFlank but scanning that many ports results in the connection to the site being lost. Anybody know of any other scanner out there that can test that many ports at once?
Edit: Got PcFlank to work and was able to duplicate the same result with a 1000+ port scan.
[text was edited by author 2003-08-28 21:16:47] |
|
