Re: port 80 is open
From: JC (jhoppyc_at_westnet.com.invalid)
Date: Thu, 17 Jun 2004 11:01:56 +1000
On Wed, 16 Jun 2004 19:05:33 +0200, Wolfgang Kueter <firstname.lastname@example.org> wrote:
> Irrelevant, they have to implement the standards. Besides that you can bet
> that any upstream router which is controlled by any ISP is functioning
> properly and according to the standards defined in RfC's, which means that
> the particular router *will* definitely send an ICMP host unreachable
> message, if a host/network behind it is unreachable. And plaese have in
> mind that I'm talking about routers used by ISP's, which usually means
> devices that might cost several times more than your yearly income.
Please help me understand the process. I am new to this business but I am trying to understand the processes involved.
Suppose I have a firewall installed that has been told to drop any traffic not initiated from the LAN side. The firewall drops all packets initiated
from the WAN side and this is confirmed by the firewall log. For all packets dropped by my firewall you say that my ISP's router will send back to
the packet sender an ICMP host unreachable message.
If I contact the ISP host from which the port scans are coming about the port scans and that ISP puts a temporary/permanent block on my IP address
does that ISP send back to the port scanner ICMP host unreachable messages?
I was under the impression that "stealthing" rendered my IP address invisible to the WAN. From what you said above it would seem that all
"stealthing" does is stop the packets reaching the PC on the LAN side of the firewall, which is part of what I want to achieve, but doesn't render my
IP address invisible.
Why are these ICMP host unreachable packets sent back when it would seem that they are counter-productive to good security?
Use au instead of invalid for emails to me.