Re: how deep do i need to dive ?
From: Ari Rankum (Ari_Rankum_at_invalid.invalid)
Date: 03/28/04
- Next message: John: "Re: how deep do i need to dive ?"
- Previous message: Ari Rankum: "Re: how deep do i need to dive ?"
- In reply to: Beowulf: "Re: how deep do i need to dive ?"
- Next in thread: John: "Re: how deep do i need to dive ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 28 Mar 2004 15:32:46 GMT
Beowulf wrote:
> On Sun, 28 Mar 2004 06:07:03 +0000, Ari Rankum wrote:
> ..
>
>>done that, you might avail yourself of the "ShieldsUp" test at
>>www.grc.com, or some similar over-the-net scanner. In the end, you'll
>>have learned a lot and probably made yourself safe against all but the
>>mob and government organizations.
>
>
>
> The ShieldsUp scan at grc.com showed no open ports, but many ports were in
> what it called "stealth" mode. Can anybody explain what that means, and
> more importantly its significance as regards computer security?
Ah. You are obviously paying attention. That's good! *One* of the
reasons Steve Gibson's site is "controversial". He invents his own
terminology - a lot. His "stealth" designation merely means no ICMP
unreachable messages are being returned. "Closed" means you machine is
responding with "Uh, no!". Obviously, from your perspective, being
"stealth" is preferred, because most scans of your IP will return
results that make your IP indistinguishable from an unassigned IP
address in a DHCP block. However, this "stealth" behavior is actually
in violation of some RFCs.
If you're still reading at this point, Steve Gibson's own explanation of
"stealth" and "closed" follows from his FAQ:
ShieldsUP! shows my ports as 'Closed' and not 'Stealth', but I want
Stealth! How do I get 'Stealth'?
'Stealthed' ports are a, strictly speaking, a violation of proper
TCP/IP rules of conduct. Proper conduct requires a closed port to
respond with a message indicating that the open request was received,
but has been denied. This lets the sending system know that its open
request was received so that it doesn't need to keep retrying. But, of
course, this "affirmative denial" also lets the sending system know that
a system actually exists on the receiving end . . . which is what we
want to avoid in the case of malicious hackers attempting to probe our
systems.
I coined the term 'Stealth' when I developed this site's port probing
technology to describe a closed port that chooses to remain completely
hidden by sending nothing back to its attempted opener, preferring
instead to appear not to exist at all.
Since 'Stealthing' is non-standard behavior for Internet systems, it is
behavior which must be created and enforced by means of a firewall
security system of some sort. The native TCP/IP interface software used
by personal computers will ALWAYS reply that a port is closed.
Therefore, some additional software or hardware, in the form of a
'stealth capable firewall' must be added to the computer system in order
to squelch its "closed port" replies.
To get full stealth-mode status from your system, I highly recommend
using the completely FREE ZoneAlarm 2 firewall from ZoneLabs, Inc. Visit
their website at www.ZoneLabs.com to learn more about this excellent and
free firewall, then download the latest version.
- Next message: John: "Re: how deep do i need to dive ?"
- Previous message: Ari Rankum: "Re: how deep do i need to dive ?"
- In reply to: Beowulf: "Re: how deep do i need to dive ?"
- Next in thread: John: "Re: how deep do i need to dive ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
