Re: Stealth vs. Blocked

From: Art Kopp (artnpeg@claymania.com)
Date: 04/10/03

  • Next message: Joseph V. Morris: "Re: Stealth vs. Blocked"
    From: Art Kopp <artnpeg@claymania.com>
    Date: Thu, 10 Apr 2003 21:58:26 GMT
    
    

    On Thu, 10 Apr 2003 18:57:44 GMT, "David" <davidwnh@adelphia.net>
    wrote:

    >Because stealthing is of some value. By preventing certain ICMP response
    >messages you can alleviate some of the potential of fingerprinting. There
    >are certain fields in the packet headers that can be used to distinctly
    >identify ones OS.

    >More importantly however is since stealthing simply drops
    >certain packets as opposed to allowing your system or router to respond to
    >them you will cut down the impact of many DOS attacks. For certain DOS
    >attacks your machine will simply drop the incoming packets as opposed to
    >responding, and with others this also prevents your system from joining in
    >and possibly amplifying the overall affects of these attacks.

    I'm most curious though about malware prevention aspects. Are the
    freeware firewalls of any benefit in this regard? Even if a highly
    hacker can be helped somewhat by fingerprinting, precisely how can he
    gain root access and drop a Trojan?

    Art
    http://www.epix.net/~artnpeg
    artnpeg@claymania.com


  • Next message: Joseph V. Morris: "Re: Stealth vs. Blocked"

    Relevant Pages

    • Re: Stealth vs. Blocked
      ... >certain packets as opposed to allowing your system or router to respond to ... >them you will cut down the impact of many DOS attacks. ... How many DOS attacks have you seen on your home computer (or in your ... And, don't you think that with that many packets coming in, ZoneAlarm ...
      (alt.computer.security)
    • RE: SYN Attacks - how i cant stop it
      ... # control how network packets are handled after IPFW or IPFILTER ... these MIB. ... # To defend against SYN attacks more commonly known as SYNFLOOD ...
      (freebsd-questions)
    • Re: IPS/IDS behavior with ISIC/UDPSIC/TCPSIC/ICMPSIC traffic
      ... considered as an attack that need to be protected by IPS devices? ... ISIC generates many packets with different IP protocols. ... If you still see 100% CPU problem, you may like to check you log settings. ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: Voice encryption (Stream vs CBC mode)
      ... >> And I still don't know of any forgery attacks that are of importance in a ... > matters to your VoIP application, ... Suppose 64 packets per second, ... Compression takes c ms, encryption ...
      (sci.crypt)
    • Re: IDSIPS that can handle one Gig
      ... >> fragmented traffic, an attack can spread itself across multiple packets, ... >> to address such attacks causes a 3rd party loss. ... a bit of a bun fight when you place two vendors side by side ... >> CORE IMPACT. ...
      (Focus-IDS)