Re: Any (more) web test sites?

From: FB (nospam@nospam.com)
Date: 05/31/02 

From: FB <nospam@nospam.com>
Date: Fri, 31 May 2002 00:48:41 +0200

Zā¢ wrote:
> Thanxx FB, I've heard a lot of negative things about GRC, and his probing
> showed my port 139 as closed when it in fact was wide open, so I think that
> one would get more accurate reports elsewhere...
Oh, I've heard before that Gibson is not that serious.

> But the term "stealth" confuses me, I thought that it, in fact, made you
> invisible on the net? Is it easy to "spot" a "stealthed" computer? Does
> "stealth" add to your protection or does it just add more wait-state?
Those scanners use the term "closed" when a port is not open and get a
message indicating this. e.g. when packet filters "deny" packets.

They mean "stealth" if this message is missing (packet filter policy
"drop" instead of "deny"). If you scan someone without receiving those
messages sounds like stealth because of no answer. But if the scanned
computer really wasn't there, the next router would send back a ICMP
"destination unrechable message" saying he's not there. In fact you
can't say "I'm not here", the router next to you does this :)

Some people state dropping packets would delay the scanner. I don't
think so, because better scanners can send a few hundred requests,
scanning whole port ranges in very short time. It doesn't matter if you
say closed or don't say anything.

Stealth is a selling argument. Sounds cool at first glance. But didn't
you wonder why e.g. Sygate doesn't explain what Stealth really is? All
the magic would be gone if they'd say that they only drop packets
silently :)

And well /hehe/ a recent scan at sygate told me that I'm not fully
protected. They managed to send a ICMP Type 8 to me and received an
answer. I'm so scared now (... of this ping) ;D

If you really want to know what's running simply use netstat (or similar
tools) on your box.

Relevant Pages

  • Re: Any (more) web test sites?
    ... Those scanners use the term "closed" when a port is not open and get a ... They mean "stealth" if this message is missing (packet filter policy ... Some people state dropping packets would delay the scanner. ... think so, because better scanners can send a few hundred requests, ...
    (comp.security.firewalls)
  • Re: Sygatetech scans
    ... > However, when I go onto scan.sygetetech.com, its stealth scan shows port ... > firewall set up by firestarter, but have changed to the ... If you don't see the incoming packets, as Tim suggested, your isp may be ...
    (comp.os.linux.security)
  • Re: Any (more) web test sites?
    ... it seems like "stealth" is nothing but a big hype. ... >> showed my port 139 as closed when it in fact was wide open, ... > Some people state dropping packets would delay the scanner. ... > think so, because better scanners can send a few hundred requests, ...
    (comp.security.firewalls)
  • Re: Any (more) web test sites?
    ... it seems like "stealth" is nothing but a big hype. ... >> showed my port 139 as closed when it in fact was wide open, ... > Some people state dropping packets would delay the scanner. ... > think so, because better scanners can send a few hundred requests, ...
    (comp.security.firewalls)
  • Re: Outpost blocks everything
    ... What counts is that the port is closed. ... >> The stealth thing is a personal FW term that's hyped up. ... You could try some others scanners and what I would do is enable the XP ... You should look into IPsec with the AnalogX configuration file and enable ...
    (comp.security.firewalls)