Firewall Stealth Mode?



As I understand, when the external interface of a firewall is being
scanned by "nessus", "nmap", or/and other scanning tools, one should
not be able to "see" any opening services, EVEN though services, e.g.,
web, mail, ftp, are published their services using the IP address of
the external interface of the firewall.

Recently, a security consultant explained to me that the stealth mode
of a firewall is meant just that the firewall does not respond to ICMP
only, therefore when the firewall is scanned, the services published
using that IP address are still visible/reported.

Any comments are appreciated.

A Monk

.



Relevant Pages

  • Re: Company Firewalls IP Address
    ... At the routing level packets will ALWAYS go to the next-hop which may ... The firewall translates this into and Externally ... routable IP address which lives on the external interface of the firewall. ... > The packets do not have to go directly to the source IP. ...
    (Security-Basics)
  • Re: External management on a netscreen-5
    ... firewall on the same IP address as the external interface. ... Manage-IP address to be 0.0.0.0 - (it defaults to the same IP as the ... encrypted equivalent. ...
    (comp.security.firewalls)
  • Re: Editing Windows firewall ruleset for 2003 Std ?
    ... > This works perfectly until I turn on the windows firewall. ... > configured both the loopback and external interface to accept ... > sending them out through the external interface. ...
    (microsoft.public.security)
  • ISA 2004 - Not processing rule?
    ... Edge Firewall template configuration. ... skeptical about letting DHCP Replies come from the External interface - ... The problem I am facing is that when I create a firewall policy with the ... My Custom Protocol is defined as TCP Outbound for port 5000 ...
    (microsoft.public.isaserver)
  • ISA 2004 - Not processing rule?
    ... Edge Firewall template configuration. ... skeptical about letting DHCP Replies come from the External interface - ... The problem I am facing is that when I create a firewall policy with the ... My Custom Protocol is defined as TCP Outbound for port 5000 ...
    (microsoft.public.isa)