Re: Sleath ports with Sygate PF
From: John Gray (nospam_at_invalid.com)
Date: 01/13/04
- Next message: NeoSadist: "Re: Why is Win Explorer accessing the Net?"
- Previous message: David W. Hodgins: "Re: Trojan Horse is More Damaging then a Virus"
- In reply to: Thomas Hertel: "Re: Sleath ports with Sygate PF"
- Next in thread: Thomas Hertel: "Re: Sleath ports with Sygate PF"
- Reply:(deleted message) Thomas Hertel: "Re: Sleath ports with Sygate PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 13 Jan 2004 01:37:17 GMT
In article <omr50052u0sdrafduupiuci7o4s1083h04@4ax.com>, Thomas Hertel
Thomas.Hertel@gmx.netsays...
> John Gray <nospam@invalid.com> schrieb:
>
> >> Well, yes and no. Theoretically, a closed port cannot be accessed but as we
> >> all know, a theory is not something set in stone (not yet anyway). A
> >> stealthed port does not exist as far as a scan or hacker is concerned
> >> because it can't be seen. While I don't use Sygate so I can't comment on
> >> how to go about it, all ports (including 113) are completely stealthed
> >> (using router) on my machine thus making it completely invisible to the
> >> outside world and thus averting any would be hacker who wants to make a
> >> project out of getting into it. I use Outpost Pro 2.0 to monitor the
> >> outbound stuff to keep the trojans at bay and to check what programs are
> >> trying to get out and why. A closed but unstealthed port will let a hacker
> >> know that there is indeed a machine at the address he/she is scanning and
> >> they can do what they want from there.
> >>
> >> Zach
> >
> >I was of this opinion also. However, others have pointed out that a proper
> >response from the router directly before yours on the internet would itself
> >return a different response than stealth if your computer wasn't actually
> >connected.
>
> Absolutely correct. And that?s why stealth does not make any sense. It
> simply does not hide your system, whatever the marketing people tell
> you. Further, whenever you access any service in the internet, your IP
> will be part of any packet of data that you send. Without this, no
> server would be able to send you what you asked for. You simply cannot
> hide if you want to use the internet.
My IP is in these headers as well as my email headers. I realize that without
my IP, no host could reply. Firewalls and NAT routers handle this by including
the IP in the outbound requests, as well as holding the correct port open
temporarily for the reply for the responding IP, per it's internal tables. I
guess I could spoof my outbound IP for one way communication, but that would be
lonely.<G> I'm not at all sure how to spoof IP from behind a NAT router.
Wouldn't the computer have to be in the DMZ, direct to the internet?
> >Even with that in mind, I remain stealth as it slows some scanners
> >looking for open ports until the scanner times out from a lack of response.
>
> In theory, this is correct as well....
>
> >Other scanners scan a large number of ports at once with the timeout value set
> >to a much shorter period, so the slowdown has much less impact on them.
>
> ....however, in practice _every_ scanner will behave like this. So it
> does not matter at all.
I've used some rather lame ones with my Windows box. Linux has some great
tools, as well as greater security if the installer is wise.
> Regards
> Thomas
>
--
John Gray
If you don't have a reason, at least have an excuse.
Just in case there's any doubt, my email address is useless. Please reply to
this newsgroup.
- Next message: NeoSadist: "Re: Why is Win Explorer accessing the Net?"
- Previous message: David W. Hodgins: "Re: Trojan Horse is More Damaging then a Virus"
- In reply to: Thomas Hertel: "Re: Sleath ports with Sygate PF"
- Next in thread: Thomas Hertel: "Re: Sleath ports with Sygate PF"
- Reply:(deleted message) Thomas Hertel: "Re: Sleath ports with Sygate PF"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
