Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.raspberry-pi > #9230

Re: Changing network ports from closed to stealthed

From The Natural Philosopher <tnp@invalid.invalid>
Newsgroups comp.sys.raspberry-pi
Subject Re: Changing network ports from closed to stealthed
Date 2015-07-31 11:23 +0100
Organization albasani.net
Message-ID <mpfiaq$f5k$1@news.albasani.net> (permalink)
References (3 earlier) <slrnmrl8s8.pdn.nomail@xs9.xs4all.nl> <1427606894459994389.731455mjmahon-aol.com@news.giganews.com> <slrnmrma1a.8e0.nomail@xs9.xs4all.nl> <mpfejg$8gc$1@news.albasani.net> <slrnmrmg7p.u8.nomail@xs9.xs4all.nl>

Show all headers | View raw


On 31/07/15 10:33, Rob wrote:
> The Natural Philosopher <tnp@invalid.invalid> wrote:
>> But *no reply at all* does not even reveal that a service exists on that
>> port, nor does it waste any CPU or network bandwidth.
>
> Again, there is no "revealing" here.  Either you provide a service
> or you don't, and it does not matter if you tell that you don't or if
> you don't reply at all.
>

well in theory yes, in practice no one hangs a service on a port that 
simply says 'no' for no good reason

> Those responses do not require noticable resources, especially when
> compared to normal operation of the system.
>

We are not talking about normal operation: we are talking about DOS attacks.

>> No one is talking about a connection, we are talking about denial of
>> service attacks.
>>
>> Repeated hits on a port that sends a NACK have in some cases resulted in
>> vulnerabilities being exposed.
>>
>> All this was discussed in length back in the 90's. The consensus was
>> that dropping packets ra5her than nacking them was ultimately the safest
>> approach in a hostile world.
>
> I know that it has been discussed, but my opinion is that the result
> is baloney.  There is no reason to panic when that website finds something
> and marks it "not stealth".  Really.
>

No, there is no reason to panic, but there is a reason to pause and 
consider.

> When you are going to provide a service, it can be detected.  That is
> the purpose of providing a service.  The OP wanted to open a VPN service,
> so of course it is detected as not stealth.  Nothing to see here,
> move along.
>
*shrug* its possible to restrict a ports response to a range of sender 
addresses and firewall the rest out by silently dropping a packet.

I personally prefer to silently shut everything out except for ports you 
actually need, from ip addresses you actually need.




-- 
New Socialism consists essentially in being seen to have your heart in 
the right place whilst your head is in the clouds and your hand is in 
someone else's pocket.

Back to comp.sys.raspberry-pi | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-30 19:27 +0000
  Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-07-30 20:53 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:52 +0000
      Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-08-02 16:20 +0000
        Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 18:42 +0000
          Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-08-02 19:23 +0000
          Re: Changing network ports from closed to stealthed mm0fmf <none@mailinator.com> - 2015-08-02 20:26 +0100
            Re: Changing network ports from closed to stealthed Martin Gregorie <martin@address-in-sig.invalid> - 2015-08-02 20:08 +0000
            Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-08-03 08:34 +0100
          Re: Changing network ports from closed to stealthed Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2015-08-02 19:45 -0400
  Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 21:13 +0000
    Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 17:12 -0500
      Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-30 22:22 +0000
        Re: Changing network ports from closed to stealthed Michael J. Mahon <mjmahon@aol.com> - 2015-07-30 19:15 -0500
          Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:19 +0100
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 09:33 +0000
              Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 11:23 +0100
              Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:57 +0000
          Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 11:07 +0000
            Re: Changing network ports from closed to stealthed Rob <nomail@example.com> - 2015-07-31 11:15 +0000
            Re: Changing network ports from closed to stealthed Roger Bell_West <roger+csrp201507@nospam.firedrake.org> - 2015-07-31 11:22 +0000
            Re: Changing network ports from closed to stealthed Graham. <me@privicy.net> - 2015-08-01 17:03 +0100
            Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-08-01 23:30 +0100
  Re: Changing network ports from closed to stealthed druck <news@druck.org.uk> - 2015-07-31 09:46 +0100
    Re: Changing network ports from closed to stealthed The Natural Philosopher <tnp@invalid.invalid> - 2015-07-31 10:13 +0100
      Re: Changing network ports from closed to stealthed I R A Darth Aggie <n0b0dy@invalid.invalid> - 2015-08-02 16:24 +0000
    Re: Changing network ports from closed to stealthed David <wibble@btintenet.com> - 2015-07-31 10:51 +0000

csiph-web