Re: How to Stealth POP3 Port 110 using NIS2000?

From: Nameless (nameless@noname.com)
Date: 02/13/02 

From: "Nameless" <nameless@noname.com>
Date: Wed, 13 Feb 2002 12:57:59 GMT

"Eirik Seim" <eirik@peter.mi.uib.no> wrote in message
news:slrna6kj9u.i6m.eirik@peter.mi.uib.no...
> What do you want to protect by 'stealth-ports' ?
>
> Your privacy? If so, would you (or anyone?) please explain in detail
how a
> stealthed port protects your privacy, 'cause I really don't get it.
And
> I've been building firewalls for a while.

I can't answer that as I am no expert on firewalls. I am a novice
trying to become more familiar with their function, capabilities,
limitations, and use. I probably wouldn't be having the kind of
problems I am currently having with NIS2000 if I knew more about them.
Learning more about firewalls (and in particular NIS2000, which I have)
is what I'm trying to do by asking the experts on this newsgroup.

> >> You are constantly beeing fooled by stupid and technically
incorrect
> >> marketing talk.
> >
> > Maybe so. Yet who is to say that your talk isn’t “stupid and
> > technically incorrect”? Am I to take your word for it against all
that
> > I’ve read from arguably far more reliable and knowledgeable sources?
>
> What sources? grc.com? Did you try reading some real papers on real
> firewalls, from sites like CERT or COAST?

Much of my albeit limited knowledge of firewalls has been gleaned from
grc.com plus the help files associated with my firewall program. I've
read numerous newsgroup postings (current and archived) on firewalls,
"stealthing", etc. and various other articles on the net. I am
unfamiliar with CERT or COAST, but I will seek these sites out on the
net and read what they have to say. Perhaps they offer a different
perspective on the subject. I take it you (and "Wolfgang") share some
degree of contempt for viewpoints expressed on grc.com?

> >> > How do I go about stealthing port 110?
>
> There is no magic about port 110. If your packet filtering software
can
> 'stealth' port 80, then it can 'stealth' port 110 in exactly the same
manner.
>
> >> > Why can't I see evidence of probes? [?]
>
> What kind of probes?

I've created a firewall rule (top of the list) that records a log of
every inbound TCP connection to port 110. Each time I check my e-mail,
for instance, this rule makes a note of it in the log. When I scan my
ports using "Shields Up" at grc.com, it supposedly scans port 110 but it
doesn't trigger this new rule and so no log entry is created. If I
modify this new rule to actually block port 110 (thinking this should
"stealth" the port), it nevertheless shows up as only "closed" according
to "Shields Up". Port 80 is always "stealthed". Perhaps I'm
overlooking something?

> >> What about asking those questions the vendor of that software?
> >
> > Thanks for the tip. I may just do that.
>
> You know, there probably is a reason why your software vendor supplies
a
> manual, an online FAQ, a security alert mailing list, and such. It's
> because your vendor knows the ins and outs of their own products.
Well,
> at least if they don't, you should try other vendors.

Yes, I've had a look through the manuals, online help, etc, but they
leave much to be desired. I wasn't able to answer my own questions
after looking through those, otherwise I wouldn't have posted to the
newsgroup. Another product may be a good idea and that's where I'm
considering the free ZoneAlarm. One of my questions was whether I might
expect it and NIS2000 to work okay together, since I don't want to give
up NIS2000 until I'm comfortable with an alternative and satisfied that
the alternative is at least as good as what I've currently got.

Relevant Pages

  • Re: How to Stealth POP3 Port 110 using NIS2000?
    ... >> how a stealthed port protects your privacy, 'cause I really don't get it. ... > I can't answer that as I am no expert on firewalls. ... The only thing you risk when not stealthing port 110 is for people to find ...
    (comp.security.firewalls)
  • Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
    ... There are firewalls that can detect this sort of thing, ... We've tried just regular VNC, with no luck, then tried it on port 80, ... were easily broken out of because, well, they're shell scripts! ...
    (comp.security.ssh)
  • Re: firewall question
    ... > I posted this to the security basics list but nobody answered the ... > answer since they are the ones who have to get around firewalls. ... > connection to me via netcat with a destination port of 80, ... > SecurityFocus' SIA service which automatically alerts you to the ...
    (Pen-Test)
  • Re: What does a firewall do?
    ... Forward packets not for H, ... > to node Y (from port P to port Q?) and a reject comes back to H, ... >> Firewalls also provide very good logging capabilities these days, ... >> firewalling appliances inside the network stack. ...
    (comp.security.firewalls)
  • Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
    ... behind restrictive firewalls so VNC can be tunneled through it. ... tried just regular VNC, with no luck, then tried it on port 80, with no ... or to use a sort-of-restrictive shell for the users. ...
    (comp.security.ssh)