Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.raspberry-pi > #9234

Re: Changing network ports from closed to stealthed

From David <wibble@btintenet.com>
Newsgroups comp.sys.raspberry-pi
Subject Re: Changing network ports from closed to stealthed
Date 2015-07-31 11:07 +0000
Message-ID <d2138fFj3hiU11@mid.individual.net> (permalink)
References (1 earlier) <slrnmrl4s2.j2t.nomail@xs9.xs4all.nl> <797262953459987062.522882mjmahon-aol.com@news.giganews.com> <slrnmrl8s8.pdn.nomail@xs9.xs4all.nl> <1427606894459994389.731455mjmahon-aol.com@news.giganews.com> <slrnmrma1a.8e0.nomail@xs9.xs4all.nl>

Show all headers | View raw


On Fri, 31 Jul 2015 07:47:54 +0000, Rob wrote:

> Michael J  Mahon <mjmahon@aol.com> wrote:
>> Rob <nomail@example.com> wrote:
>>> Michael J  Mahon <mjmahon@aol.com> wrote:
>>>> Rob <nomail@example.com> wrote:
>>>>> David <wibble@btintenet.com> wrote:
>>>>>> I've been using Shields Up to check which ports are visible from
>>>>>> the Internet.
>>>>>> 
>>>>>> With my NAT router set up as normal, all ports show as "stealthed"
>>>>>> in Shields Up i.e. a probe to the port gives no response. This is
>>>>>> viewed as a good thing.
>>>>> 
>>>>> Only by the creator of that site.  Most other experts view that as
>>>>> baloney.
>>>> 
>>>> Interesting. And how is it a good idea to reveal unnecessarily the
>>>> existence of a port?
>>> 
>>> There is no "revealing the existence of a port".
>>
>> Enlighten me. If I probe a port and get a NAK, doesn't that reveal that
>> something is there?  And doesn't that invite further probes?
> 
> It is not important.
> 
> ALL ports with a valid port number "exist".
> But you can only connect to them when sending a TCP SYN results in
> receiving a TCP SYN ACK.  You then send a TCP ACK and from there you
> have an open connection over which you can exchange data.
> 
> All other replies, no matter if it is TCP RST, ICMP Destination
> Unreachable (with a subtype of "protocol not reachable", "port not
> reachable",
> "host not reachable", "network not reachable", "communication
> administratively prohibited" or whatever other subtype) mean that you do
> not get the connection.
> 
> That does not bring the other side any nearer to a connection.  It just
> does not matter if there is a reply or not from the port.  There is no
> "further probe" that will yield anything useful (a connection) when
> there is one of those replies that would not be possible when there is
> no reply.

Just to be sure, are you saying that the random probes running all the 
time to try and locate vulnerable hosts probe all possible ports on every 
IP address right up to the highest possible port number? That is, up to 
65535?

I was expecting that the probes would check the first 1056 ports at first 
pass and then proceed to look higher only if they got some kind of 
response to the initial range.

They might even check a few "common ports" initially to decide if they 
should expend further resource.

In which case being stealthed in the lower ranges might save you from 
being probed by aliens!

Cheers

Dave R



-- 
Windows 8.1 on PCSpecialist box

Back to comp.sys.raspberry-pi | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-30 19:27 +0000
  Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-30 20:53 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:52 +0000
      Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-08-02 16:20 +0000
        Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 18:42 +0000
          Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-08-02 19:23 +0000
          Re: Changing network ports from closed to stealthed mm0fmf <none@mailinator.com> - 2015-08-02 20:26 +0100
            Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 20:08 +0000
            Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-08-03 08:34 +0100
          Re: Changing network ports from closed to stealthed Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2015-08-02 19:45 -0400
  Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 21:13 +0000
    Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 17:12 -0500
      Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 22:22 +0000
        Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 19:15 -0500
          Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:19 +0100
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 09:33 +0000
              Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 11:23 +0100
              Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:57 +0000
          Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 11:07 +0000
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 11:15 +0000
            Re: Changing network ports from closed to stealthed Roger Bell_West <roger+csrp201507@nospam.firedrake.org> - 2015-07-31 11:22 +0000
            Re: Changing network ports from closed to stealthed Graham. <me@privicy.net> - 2015-08-01 17:03 +0100
            Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-08-01 23:30 +0100
  Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-07-31 09:46 +0100
    Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:13 +0100
      Re: Changing network ports from closed to stealthed I R A Darth Aggie <n0b0dy@invalid.invalid> - 2015-08-02 16:24 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:51 +0000

csiph-web