Re: Stealth vs. Blocked

From: Joseph V. Morris (
Date: 04/11/03

From: "Joseph V. Morris" <>
Date: Thu, 10 Apr 2003 18:29:47 -0400


I'm in agreement with Lars and Juergen on this issue. Any blackhat worth
his (or her) salt can esily determine the presence of a "stealthed" 'puter
using the strategy that they've both defined (multiple times, in fact).

All stealthing does is protect you from the skiddies, and simply being
'closed' does that equally well for these individuals.

As for the issue in general, you can find a thread with over 300 replies
regarding this subject at,3490473~root=security,1~mode=flat .

For the most part, 'stealth' is a marketing concept associated with
_software_ firewalls installed on the machine which they are intended to
protect. How does _your_ software firewall (presuming that's what you're
using) respond to non-standard TCP flag configurations? For that matter,
how does it respond to IP protocols other than TCP, UDP, and ICMP? (Yes,
there are _lots_ of other IP protocols.) . . . .

"Donut" <> wrote in message
. . . .

> 1. They have to know you're there, to begin with.

And, as noted here and elsewhere, this ain't rocket science.

> 2. They need a motive other than "let's have some fun with good ole what's
> his name."

Well, all I've got to do is go back to Lars' response on this one. If you
think being 'stealthed' with a software firewall is equivalent to being
invisible, you're wrong. It is, indeed, a false sense of security and
they'll start probing for other vulnerabilities simply because you _think_
you're invisible. In other words, you just became red meat.
> 3. There are tons of easy machines for them to get to, so then you have to
> go back to #2, motive to spend all that time and effort, which also goes
> back to #1 - they have to know you're there first.

Well, there's 'them' and then there's "THEM". Yeah, the skiddies will go
for the clueless with no firewall or even a NAT router. But "THEM" will go
for the guys who think they're secured simply because they've got a
"stealthed" software firewall. It's not what you see in the software
firewall logs; it's what you don't.

    Joseph V. Morris