-
November 24th, 2003, 09:17 PM
#1
Junior Member
Manually stealthing a port
I am running Mandrake 9.2.
On the grc.com ports probe I get all my ports as stealth except the IDENT.
How do I go about stealthing that one manually?
Thanks in advance for the help.
-
November 24th, 2003, 09:37 PM
#2
Junior Member
I don't know about linux but on my XP box I've found out that the ident port is used by instant messaging programs like icq and msn. Close those and try again, that worked for me.
-
November 24th, 2003, 09:41 PM
#3
are you using a firewall? If you use firestarter you can define what ports you want to filter, hide, and block http://firestarter.sourceforge.net/.
Other than that you will probobly have to use iptables which I wouldn't know how to do.
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
-Walt Whitman-
-
November 24th, 2003, 10:29 PM
#4
Junior Member
That firestarter looks good. I'll try ot when I get home. I thought it would have been a lot easier to have access to one's own ports...
Thanks for the help...
-
November 25th, 2003, 02:47 AM
#5
Someone correct me if I am wrong, but I thought that "cloaked" or "stealth" ports were just the result of packets being dropped instead of rejected. The three main options for iptables with one interface are accept, drop, and reject, so what you have is all of your ports set to drop unsolicited packets.
As far as your ident port, I don't know off-hand what port it is, but it is probably the port that has identd running on it. You can quickly google for a good explanation of what identd is and what it does.
-
November 25th, 2003, 06:12 AM
#6
i had to insal ident once for kvirc to work so i dono might be that if not i am wrong sorry just trying to help
Un Seen But Well Heard Of
-
November 25th, 2003, 06:07 PM
#7
Junior Member
How does one get into "iptables"?
-
November 25th, 2003, 06:40 PM
#8
Iptables is the program that creates, manages, etc, your built-in firewall, netfilter. Netfilter is built right into the kernel, and it is the actual firewall. Iptables sets the rules, etc. Problem is, for most new users, using iptables directly is a daunting task, so many other programs have arisen that manipulate iptables (and thus netfilter) for you.
Mandrake 9.1 came with shorewall. I use it on my linux boxes because it is simple, well documented, and it's what I used first. It just consists of a few text files, of which you will only have to modify a couple. Basically, you just type in some text and the program reads it on start up and passes the rules to iptables, which passes it to netfilter.
The other program mentioned above (firestarter) is another iptables manipulator. I have heard many good things about it and it has a gui, if that is what you want.
-
December 2nd, 2003, 07:38 AM
#9
I gave Firestarter a try, but I wasn't much pleased with the result... although I got ports 0 and 1 stealthed, 67 and 68 [out of the 1056 that 'the Gibson' -- GRC.com's "ShieldsUP!" -- scans] were now 'CLOSED', but not 'STEALTH'.
So I tried to work around with iptables, but the result is that, although everything else is hidden, 0 and 1 continue to show up as closed. The command I used is:
iptables -I user 1 -p tcp --syn -m state --state NEW --destination-port 1 -j DROP
{user is a custom-defined chained in the 'filter' table... I doubt that could cause a problem but...]
and I tried variations on this too [w/o the -m state... or the --syn]. I could probably do it only for the Gibson, but there isn't much use to that is it?
So, anybody that's experienced in iptables, I'm looking forward... I did research a bit [tonight is the first time I play with this command] but it seems it wasn't enough. Thanx in advance!
/ \\
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|