Re: port 80 is open

From: JC (jhoppyc_at_westnet.com.invalid)
Date: 06/17/04 

Date: Thu, 17 Jun 2004 11:01:56 +1000

On Wed, 16 Jun 2004 19:05:33 +0200, Wolfgang Kueter <wolfgang@shconnect.de> wrote:

> Irrelevant, they have to implement the standards. Besides that you can bet
> that any upstream router which is controlled by any ISP is functioning
> properly and according to the standards defined in RfC's, which means that
> the particular router *will* definitely send an ICMP host unreachable
> message, if a host/network behind it is unreachable. And plaese have in
> mind that I'm talking about routers used by ISP's, which usually means
> devices that might cost several times more than your yearly income.
>
> Wolfgang

Please help me understand the process. I am new to this business but I am trying to understand the processes involved.

Suppose I have a firewall installed that has been told to drop any traffic not initiated from the LAN side. The firewall drops all packets initiated
from the WAN side and this is confirmed by the firewall log. For all packets dropped by my firewall you say that my ISP's router will send back to
the packet sender an ICMP host unreachable message.

If I contact the ISP host from which the port scans are coming about the port scans and that ISP puts a temporary/permanent block on my IP address
does that ISP send back to the port scanner ICMP host unreachable messages?

I was under the impression that "stealthing" rendered my IP address invisible to the WAN. From what you said above it would seem that all
"stealthing" does is stop the packets reaching the PC on the LAN side of the firewall, which is part of what I want to achieve, but doesn't render my
IP address invisible.

Why are these ICMP host unreachable packets sent back when it would seem that they are counter-productive to good security?

Cheers, John

Use au instead of invalid for emails to me. 

---

Relevant Pages

  • Re: port 80 is open
    ... The firewall drops all packets initiated ... > internet the ISP router does not send the unreachable message. ... and then close the connection as your IP is seen as not connected. ...
    (comp.security.firewalls)
  • Re: DMZ (De-militarized Zone)
    ... > Cisco 800 series router which gets configured by our ISP! ... > firewall software and 3 NIC) to used instead of a Router/Firewall? ...
    (comp.security.firewalls)
  • RE: Packets from 255.255.255.255(80) (was: Packet from port 80 wi th spoofed microsoft.com ip)
    ... I wouldn't expect the ISP to provide this service for nothing - some ISPs ... purchase and manage an additional filtering router. ... two-brain rule (where at least two people are involved in a firewall change ... use up precious customer bandwidth. ...
    (Incidents)
  • RE: [fw-wiz] Query regarding Cisco Router
    ... as well as router to firewall interface can use ... is dynamic_objects) with the new set of IPs from the second ISP. ... I have connected Firewall behind it. ... Both ISP are told to put DNS entries of others IP in their DNS Server. ...
    (Firewall-Wizards)
  • Re: Load-balancing across four T1s on 2 routers
    ... since you have everything redundant (2 routers from an ISP + ... switches + firewall with failover) why ONE ISP? ... switch will then see 2 UN-equal cost default routes in its routing ... lose a T1 - you lose the "whole" router because of OSPF. ...
    (comp.dcom.sys.cisco)