Manually stealthing a port
Results 1 to 9 of 9

Thread: Manually stealthing a port

  1. #1
    Junior Member
    Join Date
    Nov 2003
    Posts
    4

    Manually stealthing a port

    I am running Mandrake 9.2.
    On the grc.com ports probe I get all my ports as stealth except the IDENT.
    How do I go about stealthing that one manually?

    Thanks in advance for the help.

  2. #2
    Junior Member
    Join Date
    Nov 2003
    Posts
    18
    I don't know about linux but on my XP box I've found out that the ident port is used by instant messaging programs like icq and msn. Close those and try again, that worked for me.

  3. #3
    Senior Member
    Join Date
    Sep 2003
    Posts
    500
    are you using a firewall? If you use firestarter you can define what ports you want to filter, hide, and block http://firestarter.sourceforge.net/.

    Other than that you will probobly have to use iptables which I wouldn't know how to do.
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  4. #4
    Junior Member
    Join Date
    Nov 2003
    Posts
    4
    That firestarter looks good. I'll try ot when I get home. I thought it would have been a lot easier to have access to one's own ports...

    Thanks for the help...

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Posts
    135
    Someone correct me if I am wrong, but I thought that "cloaked" or "stealth" ports were just the result of packets being dropped instead of rejected. The three main options for iptables with one interface are accept, drop, and reject, so what you have is all of your ports set to drop unsolicited packets.
    As far as your ident port, I don't know off-hand what port it is, but it is probably the port that has identd running on it. You can quickly google for a good explanation of what identd is and what it does.

  6. #6
    Senior Member st1mpy's Avatar
    Join Date
    Jun 2003
    Posts
    111
    i had to insal ident once for kvirc to work so i dono might be that if not i am wrong sorry just trying to help
    Un Seen But Well Heard Of

  7. #7
    Junior Member
    Join Date
    Nov 2003
    Posts
    4
    How does one get into "iptables"?

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Posts
    135
    Iptables is the program that creates, manages, etc, your built-in firewall, netfilter. Netfilter is built right into the kernel, and it is the actual firewall. Iptables sets the rules, etc. Problem is, for most new users, using iptables directly is a daunting task, so many other programs have arisen that manipulate iptables (and thus netfilter) for you.
    Mandrake 9.1 came with shorewall. I use it on my linux boxes because it is simple, well documented, and it's what I used first. It just consists of a few text files, of which you will only have to modify a couple. Basically, you just type in some text and the program reads it on start up and passes the rules to iptables, which passes it to netfilter.
    The other program mentioned above (firestarter) is another iptables manipulator. I have heard many good things about it and it has a gui, if that is what you want.

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    I gave Firestarter a try, but I wasn't much pleased with the result... although I got ports 0 and 1 stealthed, 67 and 68 [out of the 1056 that 'the Gibson' -- GRC.com's "ShieldsUP!" -- scans] were now 'CLOSED', but not 'STEALTH'.

    So I tried to work around with iptables, but the result is that, although everything else is hidden, 0 and 1 continue to show up as closed. The command I used is:

    iptables -I user 1 -p tcp --syn -m state --state NEW --destination-port 1 -j DROP

    {user is a custom-defined chained in the 'filter' table... I doubt that could cause a problem but...]

    and I tried variations on this too [w/o the -m state... or the --syn]. I could probably do it only for the Gibson, but there isn't much use to that is it?

    So, anybody that's experienced in iptables, I'm looking forward... I did research a bit [tonight is the first time I play with this command] but it seems it wasn't enough. Thanx in advance!
    /\\

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •