Re: Stealth Port 113?

From: Larry(LJL269) (NO_at_EMAIL.COM)
Date: 07/29/05

Date: Fri, 29 Jul 2005 18:19:38 GMT

On Thu, 28 Jul 2005 13:16:34 +0100, "Daniel Crichton"
<> wrote:

|If you nothing running on port 113, then you are no more at risk with it
|showing closed than if it was dropping packets instead of responding to them
|(which is all stealthing is).
Greetings & thank you for your response.

If you have somehting running on port 113, then are you
at more risk with it |showing closed than if it was

Also I know very little about Internet communications
but my conjecture is that the only advantages of NO
response verses a CLOSED would be to discourage an
attacker from:
  1-trying to open port 113
  2-trying to open one of the Stealthed ports

Either of these may have a slim probability of success
with a software firewall such as Zone Alarm which is
subject to not only its own vulnerabilities but to the
vulnerabilities of the platform its running on.

A hardware firewall with its dedicated software I guess
would be immune from both attacks & so stealthing would
have no advantage.

| This whole stealth thing doesn't actually make
|your machine any more secure - it can cause problems as above, and if a
|hacker is really looking for your IP then you can tell if it's online by
|looking at responses from the upstream router (if your PC/router really
|isn't connected to the internet then with most ISPs the upstream router
|would return a "Destination host unreachable" response in a ping or
|traceroute as opposed to the normal response you see when it's connected).

Comments/suggestions/corrections appreciated.
Thanks- bye- Larry
Any advise is my attempt to contribute more than I have received but I can only assure you that it works on my PC. GOOD LUCK.

Relevant Pages

  • Re: How to Stealth POP3 Port 110 using NIS2000?
    ... |> to a port where you have no listening service, ... get across is that 'stealthing' is actually a lost cause -- especially ... response) effectively tells a bad guy that there IS someone at that IP ... no response (to a TCP probe) is going to generate _another_ TCP ...
  • Re: D-Link DI-804, how to block ping? JPG Screen Shot How-To
    ... Stealthing port 113 or any other port is no problem. ... blocking ping ICMP type 8 response. ... "Solicited TCP Packets: PASSED — No TCP packets were received from your ...
  • Re: Best Plan of action for 2 forest.......
    ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ...
  • RE: MBSA and MSs attempts at "security"
    ... >the port status of TCP and UDP ports on a computer you choose. ... you can also query an LDAP service. ... LDAP query and interpret an LDAP server's response to ...
  • Re: How to Stealth POP3 Port 110 using NIS2000?
    ... >> how a stealthed port protects your privacy, 'cause I really don't get it. ... > I can't answer that as I am no expert on firewalls. ... The only thing you risk when not stealthing port 110 is for people to find ...