Re: d-link DI-604
From: Arthur Hagen (art_at_broomstick.com)
Date: 11/29/04
- Next message: Duane Arnold: "Re: d-link DI-604"
- Previous message: <©¿©>: "Re: Extending range of wireless network"
- In reply to: Duane Arnold: "Re: d-link DI-604"
- Next in thread: Duane Arnold: "Re: d-link DI-604"
- Reply: Duane Arnold: "Re: d-link DI-604"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 08:57:32 -0500
Duane Arnold <notme@notme.com> wrote:
>
> Well, for one thing the machine is sitting behind a router although a
> NAT router is not 100% un-hackable. Secondly, hackers scan blocks of
> IP(s) looking for openings and a *closed* port is not on the list. So
> what that a response of *closed* and not available is being retuned.
> One running some Gibson test calling something stealth and the real
> world are two different things. If the port is *closed* it is
> *closed* and nothing is coming past it.
The problem is that if a port is *closed*, it *will* send a signal back to a
port scanner telling that there *is* a port there. That nothing is coming
past it doesn't matter, because it discloses the *precense* of something on
that IP address.
If all ports and protocols are "stealth" (just dropping the packets), the
black hats won't see the difference between that IP and one that's not in
use, and will direct their attention elsewhere.
That said, the main good reason for making port 113 appear closed instead of
dropping packets is to speed up outgoing email, which often is delayed from
5-30 seconds while the remote host waits for an ident reply.
Even better is to add a rule to the NAT firewall that when encountering an
outgoing 25/tcp from X to Y, will create a short-lived rule routing incoming
113/tcp from Y to X. That way, the port will NOT answer to any hackers, but
ident will work for email (if running identd), and not delay the mail
sending. Similar for other fixed port protocols triggering reverse auth --
remote 6667/tcp is another good candidate.
Setting up rules like the above can be done on most NAT routers. How to do
it differs for different NAT routers, so I can't say how it's done on a
Linksys. I've seen it being called "Special Applications" and "Triggered
Rules", but again, the nomenclature might differ.
-- *Art
- Next message: Duane Arnold: "Re: d-link DI-604"
- Previous message: <©¿©>: "Re: Extending range of wireless network"
- In reply to: Duane Arnold: "Re: d-link DI-604"
- Next in thread: Duane Arnold: "Re: d-link DI-604"
- Reply: Duane Arnold: "Re: d-link DI-604"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
