Re: Wanting to hide :113
From: Eirik Seim (eirik@mi.uib.no)
Date: 01/31/03
- Next message: matt: "Re: Pix newbie question"
- Previous message: Thomas: "Pix newbie question"
- In reply to: NewsDoug: "Re: Wanting to hide :113"
- Next in thread: Eye of the Storm: "Re: Wanting to hide :113"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Eirik Seim <eirik@mi.uib.no> Date: 31 Jan 2003 00:43:16 GMT
On Thu, 30 Jan 2003 16:32:20 GMT, NewsDoug wrote:
>
> "Eirik Seim" <eirik@mi.uib.no> wrote in message
> news:slrnb3ickq.t01.eirik@kain.mi.uib.no...
> On Thu, 30 Jan 2003 12:42:28 GMT, NewsDoug wrote:
> >
> > And how does this 'last router' know this?
> >
> >It knows, because it is your router. In order for that router to
> >communicate with your computer at all, it needs your computers
> >hardware address. If it does not have your computers hardware
> >address, it will broadcast ARP requests. If it gets no reply, it
> >will consider you non-existing and return a ICMP type 3 code 1
> >(commonly known as "No route to host") to whomever tried to reach
> >you across the Internet.
>
> While I agree 'my router' is aware that the PC is on or off, it seems the my
> stealthed router doesn't exist to requestors and therefore the 'last router'
> would be the one prior to mine (Router 0). I am using a scenario of a blind
> port scan by a requestor for this example.
>
> PC--Router 0 (stealthed)--Router 1--Router 2-- Router 3-- etc for # of hops
>
> Router 0 understands that the PC is not present or is present by ARP response.
> But the idea of stealth is that Router 0 will not respond to port requests SYN,
> ACK, or RST and does not respond to ICMP, IGMP, or any communication for that
> matter from the Internet. This would seem to make the definition of 'last
> router' actually being Router 1 which would then signal back that Router 0 does
> not exist to the requestor at the beginning of the hops. So, wouldn't Router 1
> report "no such system" as Eye was referring to when a PC is offline, not "no
> such port" ?
Uhm, if you are using the computer to access the Internet, then Router 0
will know you are there, and Router 1 will know where Router 0 is. It has
to know, otherwise you couldnt access the Internet at all.
However, Router 1 won't care if a packet reaches its target or not, as long
as it delivers it to the correct next-hop (Router 0). Correct me if I'm
wrong (been a long day), but I dont think this will generate any error
messages at all, only timeouts. This seems more useful than running
personal firewalls for 'stealth', but I still would not recommend anyone
without good networking knowledge (most of this group, unfortunately) to
do this.
I just can't wait 'till the ignorant hordes discovers and implements
tarpits on their home lan, for "security" :)
- Eirik
-- New and exciting signature!
- Next message: matt: "Re: Pix newbie question"
- Previous message: Thomas: "Pix newbie question"
- In reply to: NewsDoug: "Re: Wanting to hide :113"
- Next in thread: Eye of the Storm: "Re: Wanting to hide :113"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
