Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.raspberry-pi > #9228

Re: Changing network ports from closed to stealthed

From The Natural Philosopher <tnp@invalid.invalid>
Newsgroups comp.sys.raspberry-pi
Subject Re: Changing network ports from closed to stealthed
Date 2015-07-31 10:19 +0100
Organization albasani.net
Message-ID <mpfejg$8gc$1@news.albasani.net> (permalink)
References (1 earlier) <slrnmrl4s2.j2t.nomail@xs9.xs4all.nl> <797262953459987062.522882mjmahon-aol.com@news.giganews.com> <slrnmrl8s8.pdn.nomail@xs9.xs4all.nl> <1427606894459994389.731455mjmahon-aol.com@news.giganews.com> <slrnmrma1a.8e0.nomail@xs9.xs4all.nl>

Show all headers | View raw


On 31/07/15 08:47, Rob wrote:
> Michael J  Mahon <mjmahon@aol.com> wrote:
>> Rob <nomail@example.com> wrote:
>>> Michael J  Mahon <mjmahon@aol.com> wrote:
>>>> Rob <nomail@example.com> wrote:
>>>>> David <wibble@btintenet.com> wrote:
>>>>>> I've been using Shields Up to check which ports are visible from the
>>>>>> Internet.
>>>>>>
>>>>>> With my NAT router set up as normal, all ports show as "stealthed" in
>>>>>> Shields Up i.e. a probe to the port gives no response. This is viewed as a
>>>>>> good thing.
>>>>>
>>>>> Only by the creator of that site.  Most other experts view that
>>>>> as baloney.
>>>>
>>>> Interesting. And how is it a good idea to reveal unnecessarily the
>>>> existence of a port?
>>>
>>> There is no "revealing the existence of a port".
>>
>> Enlighten me. If I probe a port and get a NAK, doesn't that reveal that
>> something is there?  And doesn't that invite further probes?
>
> It is not important.
>
> ALL ports with a valid port number "exist".
> But you can only connect to them when sending a TCP SYN results in
> receiving a TCP SYN ACK.  You then send a TCP ACK and from there you
> have an open connection over which you can exchange data.
>
> All other replies, no matter if it is TCP RST, ICMP Destination Unreachable
> (with a subtype of "protocol not reachable", "port not reachable",
> "host not reachable", "network not reachable", "communication
> administratively prohibited" or whatever other subtype) mean that you
> do not get the connection.
>

But *no reply at all* does not even reveal that a service exists on that 
port, nor does it waste any CPU or network bandwidth.

Better still it wastes attacker's time listening for a response that 
never comes.

Like trolls, denial of service attackers are best ignored, not given 
negative responses, because, like internet trolls, what they want is a 
response - any response.


> That does not bring the other side any nearer to a connection.  It just
> does not matter if there is a reply or not from the port.  There is
> no "further probe" that will yield anything useful (a connection) when
> there is one of those replies that would not be possible when there is
> no reply.
>
No one is talking about a connection, we are talking about denial of 
service attacks.

Repeated hits on a port that sends a NACK have in some cases resulted in 
vulnerabilities being exposed.

All this was discussed in length back in the 90's. The consensus was 
that dropping packets ra5her than nacking them was ultimately the safest 
approach in a hostile world.

It was rude to people who had made a genuine mistake, true, but thats 
life :-(

-- 
New Socialism consists essentially in being seen to have your heart in 
the right place whilst your head is in the clouds and your hand is in 
someone else's pocket.

Back to comp.sys.raspberry-pi | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-30 19:27 +0000
  Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-30 20:53 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:52 +0000
      Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-08-02 16:20 +0000
        Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 18:42 +0000
          Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-08-02 19:23 +0000
          Re: Changing network ports from closed to stealthed mm0fmf <none@mailinator.com> - 2015-08-02 20:26 +0100
            Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 20:08 +0000
            Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-08-03 08:34 +0100
          Re: Changing network ports from closed to stealthed Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2015-08-02 19:45 -0400
  Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 21:13 +0000
    Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 17:12 -0500
      Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 22:22 +0000
        Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 19:15 -0500
          Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:19 +0100
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 09:33 +0000
              Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 11:23 +0100
              Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:57 +0000
          Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 11:07 +0000
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 11:15 +0000
            Re: Changing network ports from closed to stealthed Roger Bell_West <roger+csrp201507@nospam.firedrake.org> - 2015-07-31 11:22 +0000
            Re: Changing network ports from closed to stealthed Graham. <me@privicy.net> - 2015-08-01 17:03 +0100
            Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-08-01 23:30 +0100
  Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-07-31 09:46 +0100
    Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:13 +0100
      Re: Changing network ports from closed to stealthed I R A Darth Aggie <n0b0dy@invalid.invalid> - 2015-08-02 16:24 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:51 +0000

csiph-web