Re: NetGear RP614 won't stealth port 12345, 54321
From: Michael Andresen (michaelhorst.andresen@telia.com)Date: 07/12/02
- Next message: mhicaoidh: "Re: ZAP 3.0133 Update Error-Can't Upgrade?"
- Previous message: Spunky Spider: "WinRoute on ADSL"
- In reply to: hitshou: "Re: NetGear RP614 won't stealth port 12345, 54321"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Michael Andresen <michaelhorst.andresen@telia.com> Date: Fri, 12 Jul 2002 19:18:34 GMT
hitshou wrote:
> Yes, I believe I do know the difference. When a port is reported as
> 'closed' then the probing host gets an indication that there is at
> least a device/host active at the other end. The probing host may then
> decide to launch a DOS attack against that device/host.
Well, that's how one can say it; technically: if a port is called
closed, the tcp/ip-stack of the computer sends back a tcp-packet with
the reset-flag set, if it was a tcp-packet with syn set coming in; a
icmp-port-unreachable if it was a udp-packet.
RFC also allows a icmp-port-unreachable to be sent back in response to
a tcp-SYN.
You may see this as a sign of activity, though it is an equivalent to:
"I don't want to talk to you."
However, your Computer can just throw away the incoming packet without
answering; the equivalent is, that someone asks you and you just don't
react.
You believe, as I understand, that you are invisible by just not
answering; well that is as less true in internet as in common live.
Let me explain, why.
This may be our situation (a) with a packet sent to an existing, but
not reacting host:
sender---NET---router---drophost
the packet comes via NET to router, who knows, whom to send the packet
to; so he does his job and sends the packet to drophost. The sender
gets no answer at all - right? So he retransmitts untill timeout occurs
(packets may have gone lost).
our situation (b) without receiving host
sender---NET---router
the router gets the packet, does _not_ know what to do with it and
sends an icmp-host-unreachable or icmp-network-unreachable back to the
sender (in such cases some browsers show you the message "no route to
host" - you may have seen it before)
You get the difference? You are not invisible, because if you weren't
there, the last router would say: "There is nobody". To be invisible,
you had to send back packets with the spoofed IP of your ISP's router
(which he probably wouldn't route), saying: "There is noone here"
(icmp-host-unreachable assuming you don't have an official network)
> For this reason, I desire the port to be reported as 'stealth'. Is
Your preferences are up to you; just your assumptions are wrong, as I
tried to show you.
> there something wrong in expecting what is likely the "upgrade" to the
> RP114 to perform at least as well as the product it is upgrading?
Well, ask the one who sold you this product; you did pay for it, so you
should have support. If you didn't pay for it: the one who gives
decides, what he gives away...
> So I turn the question back to you - do YOU know the difference?
Read the above, compare with the rfc's and decide youself ;-)
//M
-- Goodbye Douglas! Whereever you are now, keep your towel and: don't panic.
- Next message: mhicaoidh: "Re: ZAP 3.0133 Update Error-Can't Upgrade?"
- Previous message: Spunky Spider: "WinRoute on ADSL"
- In reply to: hitshou: "Re: NetGear RP614 won't stealth port 12345, 54321"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
