Re: Beginner's Question

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 09/23/05


Date: Thu, 22 Sep 2005 19:43:43 -0500

In the Usenet newsgroup alt.computer.security, in article
<433311d3$0$49013$14726298@news.sunsite.dk>, Management wrote:
>Moe Trin wrote:

>> I suspect that is all that Gibson the marketeer is testing.
>
>Sour Grapes Mr M? At least Steve does not go around making empty
>snide remarks about other people.

No, he makes totally clueless network statements such as:

-------
But, of course, this "affirmative denial" also lets the sending system
know that a system actually exists on the receiving end . . . which is
what we want to avoid in the case of malicious hackers attempting to
probe our systems.

I coined the term 'Stealth' when I developed this site's port probing
technology to describe a closed port that chooses to remain completely
hidden by sending nothing back to its attempted opener, preferring
instead to appear not to exist at all.
-------

which just shows he doesn't understand how networking works - particularly
those darned routers that do announce that a non-existent IP address
really doesn't exist - rather than just ignoring those packets. Or
haven't you tried using the original 'traceroute' to investigate things.

This is a trace to a stealthed host (I've deleted the hostname normally
seen in the first column for space and privacy reasons, and masked the
first octet of the address to avoid having fools attack this particular
set of hosts):

14 (XXX.117.52.49) 329.807 ms 309.331 ms 309.864 ms
15 (XXX.181.218.10) 329.744 ms 329.413 ms 299.859 ms
16 * * *
17 * * *

I have another (similar) tool that tells me that hop 16 is some kind of
firewall that is NAT/Port-Forwarding to a host - hop 17 comes back with
an indication from a server, but with the address of hop 16.

Similar trace - host exists, and is reachable:

14 (XXX.117.52.49) 348.127 ms 327.441 ms 339.921 ms
15 (XXX.181.218.10) 350.116 ms 331.256 ms 333.981 ms
16 (XXX.87.184.55) 339.793 ms 529.427 ms 469.787 ms

Similar trace - host does not exist, or is turned off or disconnected

14 (XXX.117.52.49) 409.373 ms 329.452 ms 331.011 ms
15 (XXX.181.218.10) 419.833 ms !H

Here - the router at hop 15 tells me that it knows how to get "there" (or
I'd see a !N = Network Unreachable), but the host (!H) isn't there. For
some strange reason, Steve doesn't want to admit to this concept. Wonder
why.

        Old guy



Relevant Pages

  • Re: Personal Invitation To Steve Kombat Kramer/Howard
    ... with you regarding a host of issues that have "come up" over the past ... there is no objection on your part I will be tape recording our dinner ... **That very neatly sums YOU up Steve! ... Dance, Steve, Dance. ...
    (rec.knives)
  • RE: Merge Replication Error 29045
    ... Try using the IP address instead of the host name in the connection string, ... | From: "steve" ... | Pocket PC. ... | not be designated as a valid Publisher'. ...
    (microsoft.public.sqlserver.ce)
  • Re: DNS ? web and mail hosts in different domains.
    ... Cowles, Steve wrote: ... Yes, please imagine, real, public addresses here. ... at my DNS host, am I not announcing "authoritive" responses for this ...
    (RedHat)
  • RE: Form Field in an Include
    ... this is what I got from my host --- ... "I'm sorry Steve, the server's event log has no reference to any errors on ...
    (microsoft.public.frontpage.client)
  • Re: Problem with resolving own host name
    ... By "host name" I indeed meant the system name; ... Given that the resolver trace is as expected, it looks like a problem at ... name from a config member and resolves it via an external DNS server by ...
    (bit.listserv.ibm-main)