Re: Stealth TCP

From: D.C. van Moolenbroek (dcvmoole@cs.vu.nl)
Date: 12/17/02

Next message: Tim Haynes: "Re: Stealth TCP"
Previous message: Alessandro Selli: "Re: Stealth TCP"
In reply to: Kasper Dupont: "Re: Stealth TCP"
Next in thread: Alessandro Selli: "Re: Stealth TCP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "D.C. van Moolenbroek" <dcvmoole@cs.vu.nl>
Date: Tue, 17 Dec 2002 16:43:31 +0100

"Kasper Dupont" wrote:
> Ken wrote:
> >
> > Dear all,
> > who know the meaning of this sentence...
> > " Stealth mode listens to the ports at socket level instead of binding
the
> > ports" ?
> > What is the meaning?
>
> I don't think there is any meaning.

(sorry, can't see the original post for some reason)

The sentence might have intended to say that in stealth mode, no listening
ports are created for every port a program expects connection requests or
UDP data on, but that that program processes raw traffic to look for those
connection requests or UDP data instead - which could mean that the text
comes from some kind of portscan reporter, or a program that listens on many
UDP ports. In that case, "at socket level" should have been "below socket
level" or "at packet level" or something similar; after all, binding to
ports usually happens at socket level :)

That's just a guess though - hard to tell without knowledge of what the text
is about. Google returns nothing at least.

In general, a program that does something like that will have the same
functionality, but won't have its listening ports listed in netstat. On the
other hand, it'll need root priviledges for that kind of "stealth mode".

Regards,

David

--
class sig{static void main(String[]s){for// D.C. van Moolenbroek
(int _=0;19>_;System.out.print((char)(52^// (CS student, VU, NL)
"Y`KbddaZ}`P#KJ#caBG".charAt(_++)-9)));}}// -Java sigs look bad-

Next message: Tim Haynes: "Re: Stealth TCP"
Previous message: Alessandro Selli: "Re: Stealth TCP"
In reply to: Kasper Dupont: "Re: Stealth TCP"
Next in thread: Alessandro Selli: "Re: Stealth TCP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Port protection
... Here's the list of ports and the level of protection. ... Please note that there is very very little advantage to stealth mode versus the normal blocking. ... But if the request is REJECTed then they will know that there is no way to connect to that port. ... In many circumstances, using REJECT is more network friendly toward legitimate other machines, while doing little the thwart attacks from the malicious ones. ...
(comp.sys.mac.system)
Re: ports close & open
... is for LAN, but I think email server has to serve both LAN and WAN. ... eth0 is to the Internet, ... How can I specify which service listens to which eth. ... >> How can I close these ports for security purpose. ...
(linux.redhat)
Re: Kerio users.
... >> stealth mode, the other 1044 being just closed. ... >> the Kerio F/W or have I done something very wrong? ... But with that I seem to have all but two of the first 1056 ports in stealth ...
(uk.people.silversurfers)
Re: Radius with 2 network interface
... Go to IAS properties dialog. ... Select the ports tab. ... By default IAS listens on the ports listed on ALL ... running RRAS on the same box your route cmd-line tool to add routes using ...
(microsoft.public.internet.radius)
OpenLdap question - solved
... >>I am trying to setup OpenLdap 2.0.25 from ports, ... The result is that slapd only listens for tcp6 ... arguments to get it to listen to tcp4. ...
(freebsd-questions)