Stealthed? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Stealthed?

  1. #11
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    OK... Let me try to explain without being rude...

    If there is a response from _any_ port on a computer then I don't rat's thingummyjig what you want to call any other port, STEALTH, is a stupid term... It actually gives me information you don't want me to know...

    "Stealth" is a BS term to make you feel warm and fuzzy about the fact that I can't reach that port on your computer.... But, guess what???? The fact that it is "stealth" tells me you are dropping my packets, because the _proper_ response to a SYN packet to a closed port is an RST... Don't send me the RST and I know what your firewalls rules are - well... I know some of them... So you are giving me information... If the firewall responded with an RST to every port you don't want open through it then I could tell nothing other than there is a computer there and it has some ports open... I wouldn't know about your firewall... which I could possibly fingerprint and find an exploit for...

    There's a huge difference... and it's dumb to compare BS hype and actual technical issues...

    [not saying you are dumb]
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #12
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Thanks for carrying the load there Tiger Shark!

    cheers


    (edited to remove errors about open ports)
    Connection refused, try again later.

  3. #13
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Relyt:

    You're a tad off there... Your "open" ports aren't "open". They were allowed connections that started from the inside that the firewall rules allowed... They started _from_ the inside with a SYN... so the firewall allowed it... even while you have an active connection to a remote machine on port xxxx, the firewall will, (if the rules say so), block an incoming SYN to the same port - despite the fact that an outbound connected port isn't supplying a service and would still send an RST even if the firewall weren't there... Connections aren't "open" ports... Open ports are those that supply a service such as HTTP, SMTP, FTP etc...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #14
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    True, mine was an incomplete/incorrect response. I was thinking more of fooling the firewall, thanks for cleaning it up.

    cheers
    Connection refused, try again later.

  5. #15
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well.... Yes...

    ...and no...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #16
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    JonnyFrond,

    But where ever you go, doesn't your ISP log your IP address and keep logs by Law.
    Mantaining the logs and the continued logging of every download, page visited, time spent there, email in & out on all the clients that the ISP has, could result in an unreasonable burden. Should they be expected to retain it all for any serious length of time and of course where would they stow it? That gets expensive. They may backup email because of the potential future need, but the rest? I would guess, if the local cop shop has a specific interest, they may approach the ISP and have him retain those logs for review.

    We have several folks here in that occupation so hopefully they’ll jump in and address any legal requirements.

    cheers
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides