Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.raspberry-pi > #9233

Re: Changing network ports from closed to stealthed

From David <wibble@btintenet.com>
Newsgroups comp.sys.raspberry-pi
Subject Re: Changing network ports from closed to stealthed
Date 2015-07-31 10:57 +0000
Message-ID <d212kcFj3hiU10@mid.individual.net> (permalink)
References (3 earlier) <slrnmrl8s8.pdn.nomail@xs9.xs4all.nl> <1427606894459994389.731455mjmahon-aol.com@news.giganews.com> <slrnmrma1a.8e0.nomail@xs9.xs4all.nl> <mpfejg$8gc$1@news.albasani.net> <slrnmrmg7p.u8.nomail@xs9.xs4all.nl>

Show all headers | View raw


On Fri, 31 Jul 2015 09:33:45 +0000, Rob wrote:

> The Natural Philosopher <tnp@invalid.invalid> wrote:
>> But *no reply at all* does not even reveal that a service exists on
>> that port, nor does it waste any CPU or network bandwidth.
> 
> Again, there is no "revealing" here.  Either you provide a service or
> you don't, and it does not matter if you tell that you don't or if you
> don't reply at all.
> 
> Those responses do not require noticable resources, especially when
> compared to normal operation of the system.
> 
>> No one is talking about a connection, we are talking about denial of
>> service attacks.
>>
>> Repeated hits on a port that sends a NACK have in some cases resulted
>> in vulnerabilities being exposed.
>>
>> All this was discussed in length back in the 90's. The consensus was
>> that dropping packets ra5her than nacking them was ultimately the
>> safest approach in a hostile world.
> 
> I know that it has been discussed, but my opinion is that the result is
> baloney.  There is no reason to panic when that website finds something
> and marks it "not stealth".  Really.
> 
> When you are going to provide a service, it can be detected.  That is
> the purpose of providing a service.  The OP wanted to open a VPN
> service, so of course it is detected as not stealth.  Nothing to see
> here,
> move along.

So the way to go may be to configure a firewall to silently drop any 
incoming requests which are not from a chosen IP address (or address 
range)?

So that all generic probes will just get no response, as if there is no 
device connected to that IP address, and only the chosen few can go 
through the protocol to start a session.

That is, the whole port range is stealthed to virtually all the Internet 
and there is a single port visible to the select few.

Cheers

Dave R



-- 
Windows 8.1 on PCSpecialist box

Back to comp.sys.raspberry-pi | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-30 19:27 +0000
  Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-30 20:53 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:52 +0000
      Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-08-02 16:20 +0000
        Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 18:42 +0000
          Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-08-02 19:23 +0000
          Re: Changing network ports from closed to stealthed mm0fmf <none@mailinator.com> - 2015-08-02 20:26 +0100
            Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 20:08 +0000
            Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-08-03 08:34 +0100
          Re: Changing network ports from closed to stealthed Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2015-08-02 19:45 -0400
  Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 21:13 +0000
    Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 17:12 -0500
      Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 22:22 +0000
        Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 19:15 -0500
          Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:19 +0100
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 09:33 +0000
              Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 11:23 +0100
              Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:57 +0000
          Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 11:07 +0000
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 11:15 +0000
            Re: Changing network ports from closed to stealthed Roger Bell_West <roger+csrp201507@nospam.firedrake.org> - 2015-07-31 11:22 +0000
            Re: Changing network ports from closed to stealthed Graham. <me@privicy.net> - 2015-08-01 17:03 +0100
            Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-08-01 23:30 +0100
  Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-07-31 09:46 +0100
    Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:13 +0100
      Re: Changing network ports from closed to stealthed I R A Darth Aggie <n0b0dy@invalid.invalid> - 2015-08-02 16:24 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:51 +0000

csiph-web