Re: Stealth vs. Blocked
From: Joseph V. Morris (jvmorris@erols.com)
Date: 04/13/03
- Next message: ReK: "Re: My computer is being accessed (via remote port 80)"
- Previous message: David: "Re: Stealth vs. Blocked"
- In reply to: David: "Re: Stealth vs. Blocked"
- Next in thread: David: "Re: Stealth vs. Blocked"
- Reply: David: "Re: Stealth vs. Blocked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joseph V. Morris" <jvmorris@erols.com> Date: Sat, 12 Apr 2003 19:37:41 -0400
David,
"David" <davidwnh@adelphia.net> wrote in message
news:5T%la.26219$D31.2938492@news1.news.adelphia.net...
> > . . . . I've never even heard of a service that would use it
> > today and listen on it (at least not on a Win box).
> It is simply the way certain software and device vendors label something.
> Stealth mode for some devices/software firewalls keeps both RST packet
> responses to connection attempts and certain ICMP responses from being
> returned while others just deal with the RST packets and have other
settings
> for specific ICMP traffic. Some don't deal with either or only deal with
> ICMP.
Agreed, that's becoming more abundantly obvious as time passes.
. . . .
> Everything is relative to many factors including the speed and efficiency
of
> the machine, the amount of available bandwith, and the efficiency of any
> specific firewall, and whatever other uses someone is using their machine
> for.
Agreed, and as you are about to point out <g>, we actually have at least two
different 'audiences' in this newsgroup.
> The big thing I look at is that in many cases blocking responses
> (stealthing) in cases of DOS attacks will often cut the processor cycles
> used by a firewall by more than half so your machine can handle a much
more
> severe attack before you get to the point where your machine can no longer
> use the internet or is slow to respond to whatever else you may be doing,
or
> even bring the machine to the point of crashing.
Oops! Audience #3 is about to rear its head, I see!
> This is most apparent if
> you are playing some of the newer games that take every spare bit of CPU
> time your machine has available. Not to mention some of the other
processor
> intensive software various people use.
>. . . .Good reason for some to put at least
> some of their firewall protection on a seperate device or dedicated
> firewall/gateway machine. For many if not most DOS attacks are very
> infrequent or even non existent for some, but it seems some people in here
> don't realize that the situation is different for users other than
> themselves. They haven't hit my subnet very frequently, but I simply don't
> want to be bothered when they do.
Yes, I'm becoming more and more inclined to put a hardware appliance inline
and get off this exclusive on a software router (ICS) and software
firewalls. However, my interest is more primarily driven by the desire to
get a centralized focal point for protecting the small LAN here from
external attack rather than depending exclusively on software applications
subject to the whims of the users on the various machines. Sure, I'll still
keep the software firewalls, the AV and AT software, and the file
authentication utilities on the various boxes but that should then be
primarily handling intra-LAN issues. I don't think I've ever been 'blessed'
with a real DoS or DDoS attack (not much point in doing it, quite frankly);
Dave "Crash" Dummy actually had to do the old "I double-dare ya!" routine to
get what I think was his one and only.
Thanks, very interesting discussion. Look forward to seeing you around.
. . . .
--
Regards,
Joseph V. Morris
jvmorris@erols.com
- Next message: ReK: "Re: My computer is being accessed (via remote port 80)"
- Previous message: David: "Re: Stealth vs. Blocked"
- In reply to: David: "Re: Stealth vs. Blocked"
- Next in thread: David: "Re: Stealth vs. Blocked"
- Reply: David: "Re: Stealth vs. Blocked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
