Re: Stealth Port 113?

From: Larry(LJL269) (NO_at_EMAIL.COM)
Date: 07/29/05 

Date: Fri, 29 Jul 2005 18:19:38 GMT

On Thu, 28 Jul 2005 13:16:34 +0100, "Daniel Crichton"
<msnews@worldofspack.co.uk> wrote:

|If you nothing running on port 113, then you are no more at risk with it
|showing closed than if it was dropping packets instead of responding to them
|(which is all stealthing is).
Greetings & thank you for your response.

If you have somehting running on port 113, then are you
at more risk with it |showing closed than if it was
stealthed?

Also I know very little about Internet communications
but my conjecture is that the only advantages of NO
response verses a CLOSED would be to discourage an
attacker from:
  1-trying to open port 113
  2-trying to open one of the Stealthed ports

Either of these may have a slim probability of success
with a software firewall such as Zone Alarm which is
subject to not only its own vulnerabilities but to the
vulnerabilities of the platform its running on.

A hardware firewall with its dedicated software I guess
would be immune from both attacks & so stealthing would
have no advantage.

 
| This whole stealth thing doesn't actually make
|your machine any more secure - it can cause problems as above, and if a
|hacker is really looking for your IP then you can tell if it's online by
|looking at responses from the upstream router (if your PC/router really
|isn't connected to the internet then with most ISPs the upstream router
|would return a "Destination host unreachable" response in a ping or
|traceroute as opposed to the normal response you see when it's connected).

Comments/suggestions/corrections appreciated.
Thanks- bye- Larry
Any advise is my attempt to contribute more than I have received but I can only assure you that it works on my PC. GOOD LUCK.

Relevant Pages

  • Re: How to Stealth POP3 Port 110 using NIS2000?
    ... |> to a port where you have no listening service, ... get across is that 'stealthing' is actually a lost cause -- especially ... response) effectively tells a bad guy that there IS someone at that IP ... no response (to a TCP probe) is going to generate _another_ TCP ...
    (comp.security.firewalls)
  • Re: D-Link DI-804, how to block ping? JPG Screen Shot How-To
    ... Stealthing port 113 or any other port is no problem. ... blocking ping ICMP type 8 response. ... "Solicited TCP Packets: PASSED — No TCP packets were received from your ...
    (comp.security.firewalls)
  • Re: Best Plan of action for 2 forest.......
    ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ...
    (microsoft.public.windows.server.active_directory)
  • RE: MBSA and MSs attempts at "security"
    ... >the port status of TCP and UDP ports on a computer you choose. ... you can also query an LDAP service. ... LDAP query and interpret an LDAP server's response to ...
    (Focus-Microsoft)
  • RE: Using a dynamic request - response port
    ... Saravana Kumar ... I don't have any direct experience working with WSS adapter, ... You need to make sure, you are getting some response back from Sharepoint ... May be its worth investigating using a static solict-response send port ...
    (microsoft.public.biztalk.general)