Re: d-link DI-604
From: Duane Arnold (Notme_at_Notme.com)
Date: 11/29/04
- Next message: DH: "follow-up to firewall survey"
- Previous message: Arthur Hagen: "Re: d-link DI-604"
- In reply to: Arthur Hagen: "Re: d-link DI-604"
- Next in thread: Arthur Hagen: "Re: d-link DI-604"
- Reply: Arthur Hagen: "Re: d-link DI-604"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 14:29:40 GMT
Arthur Hagen wrote:
> Duane Arnold <notme@notme.com> wrote:
>>
>> Well, for one thing the machine is sitting behind a router although a
>> NAT router is not 100% un-hackable. Secondly, hackers scan blocks of
>> IP(s) looking for openings and a *closed* port is not on the list. So
>> what that a response of *closed* and not available is being retuned.
>> One running some Gibson test calling something stealth and the real
>> world are two different things. If the port is *closed* it is
>> *closed* and nothing is coming past it.
>
> The problem is that if a port is *closed*, it *will* send a signal back to
> a
> port scanner telling that there *is* a port there. That nothing is coming
> past it doesn't matter, because it discloses the *precense* of something
> on that IP address.
> If all ports and protocols are "stealth" (just dropping the packets), the
> black hats won't see the difference between that IP and one that's not in
> use, and will direct their attention elsewhere.
>
So what if there is a presence there? If one cannot come past the NAT router
or FW that's protecting the port so what? The port is protected.
> That said, the main good reason for making port 113 appear closed instead
> of dropping packets is to speed up outgoing email, which often is delayed
> from 5-30 seconds while the remote host waits for an ident reply.
I could see this making some kind of sense if the home user's job with the
machine was to send out a trillion emails.
>
> Even better is to add a rule to the NAT firewall that when encountering an
> outgoing 25/tcp from X to Y, will create a short-lived rule routing
> incoming
> 113/tcp from Y to X. That way, the port will NOT answer to any hackers,
> but ident will work for email (if running identd), and not delay the mail
> sending. Similar for other fixed port protocols triggering reverse auth
> -- remote 6667/tcp is another good candidate.
> Setting up rules like the above can be done on most NAT routers. How to
> do it differs for different NAT routers, so I can't say how it's done on a
> Linksys. I've seen it being called "Special Applications" and "Triggered
> Rules", but again, the nomenclature might differ.
>
All one has to do is port forward 113 to a dummy ip in the DMZ of the router
and 113 is so called stealth. But I stopped doing it with the Linksys and
don't do with the Watchguard either.
Duane :)
- Next message: DH: "follow-up to firewall survey"
- Previous message: Arthur Hagen: "Re: d-link DI-604"
- In reply to: Arthur Hagen: "Re: d-link DI-604"
- Next in thread: Arthur Hagen: "Re: d-link DI-604"
- Reply: Arthur Hagen: "Re: d-link DI-604"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
