Port stealthed
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Port stealthed

  1. #1
    Member
    Join Date
    Jan 2006
    Posts
    31

    Port stealthed

    I tried doing a trace route on an IP address and it came back that this port was stealthed. What does that mean?

  2. #2
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    you need to give more info (context)
    also, try googling
    a stealthed port is a port that doesnt respont to a packet, it just drops it
    you tracerouting a UDP or TCP port? differance in the way they react
    what are you using to do the traceroute command line, website, program
    i wouldnt be surprised if you get negged for the post
    no offense, just the way it is, you dont give educated/researched info its a waste of a post and peoples time
    if God was willing to live all out for us, why aren't we willing to live all out for Him? God bless,
    Godsrock37
    my home my forum

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    It dropped the packets without responding or blocking.

    cheers
    Connection refused, try again later.

  4. #4
    Member
    Join Date
    Jan 2006
    Posts
    31
    Okay...sorry, more info here...

    I used Visual IP Trace software to trace an IP address: 169.254.189.184 and this is the report I received:

    There is no SMTP server running on this system (the port is closed).
    There is no HTTP server running on this system (the port is closed).
    There is no HTTPS server running on this system (the port is stealthed).
    There is no FTP server running on this system (the port is stealthed).

    They also added this:

    Computer 169.254.189.184 has been found. Systems closeby are located in Austin, TX, USA, so there is a good chance that 169.254.189.184 is also located around this area.

    Thanks for educating me

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    765
    I tried doing a trace route on an IP address and it came back that this port was stealthed. What does that mean?
    How did traceroute tell you the port was stealth?

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    ER... that's not a tracert program. It's a port scanner.....

    Oddly enough the target is "interestingly" configured. If I had to guess I would say it is firewalled on all ports except HTTP and SMTP because the owner intermittently opens those services for use. I'd guess it was a home computer that is owned by someone with some knowledge of computers.

    Remind me.... Why were you scanning this box?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    I'm going to show my ignorance on this one. How can a port scanner know if a port is "stealthed"? If the protecting firewall is dropping packets, nothing should come back to the scanning system.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well... You answered your own question really didn't you?

    The proper response to a SYN packet to a closed port per the "rules of the internet", (RFC's), is an RST. If the firewall simply drops the packets then no RST appears at the source. Thus the port is _Filtered_. Don't get me onto Gibson's catchphrase "Stealthed".... There's nothing stealth about a port on a computer that responds on any other port... You know damn well the port is there because you know the computer is there.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,

    I am confused (And I haven't even had a drink yet!)

    169.254.xxx.xxx

    Isn't that one of those "reserved addresses"................... APIPA?

    Seems odd that this software came back with anything at all?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Nihil:

    Tracert the IP.... See where your ISP blocks it... If it does....

    If it passes through any firewall you could get these results.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides