The Age Old Debate - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: The Age Old Debate

  1. #11
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    Unused ports can be stealthed, but ports can't be open and stealthed. :/ A stealth port simply has the firewall not respond to any probes and so the source of a scan doesn't receive any TCP or ICMP messages. Effectively this causes the attack to get a time out exception. So the attacker has to wonder whether or not the host really exists. If they know it exists, and a lot of the time if you are scanning a host you know it exists, then the attack receives information from open ports, since it is clearly impossible to stealth open ports. At this point, stealth ports seem somewhat meaningless if you are running a server of some sort, because all you have effectively done was cover up your closed ports which is useless to an attacker. However, if you incorporate port knocking strategies, you have a very good bet that you and whoever else you tell the secret knock to will be the only ones using your server(unless the attacker hijacks your TCP session etc. etc.). Now I know you can use port knocking with closed ports as well, but the great thing about stealth ports with port knocking is that the attacker doesn't know if his packets went in the order he sent them since he is not getting any response so even a brute force isn't guaranteed to open up your ports due to the congestion/packet loss/latency issues that exist in all packet switched networks. This makes stealth ports much more tactful then closed ports in my opinion.
    Last edited by SnugglesTheBear; July 8th, 2010 at 07:45 PM.

  2. #12
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    Hence the age old debate.

    kinda like horsepower vs torque
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #13
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    But I am not saying stealth ports stop an attacking from trying, I am saying they make it more difficult and thus are more secure when used properly. Bah. >.< I thought horse power is a by product of achieving peak torque levels in your engine >.< But I am not a mechanic. blech blech blech, ima grab me a beer

  4. #14
    Banned
    Join Date
    Jan 2008
    Posts
    605
    If you are discussing ports, because you just left grc... That's another discussion
    If you can read this...

    then your overqualified as a network and systems engineer.

  5. #15
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    I was having one of those pita nights last night.

    I installed WSS on an Amazon platform. Yesterday I started configuring ssl - and it went into the night. Mother.. God... Damn... Certs.. Fuc... Arggggg - Stupid Windows...

    Anyway, once all was installed and working I went over my firewall config.
    Connections to the SharePoint site are only allowed from my home and work IP
    Ports 80, 443, and 12345 (not really) are the only open ports.

    port 12345 on the firewall points to port 3398 on the server. I didn't do this for security reasons as such, but I don't like using default ports for remote access.

    Here again, the only ports that are open are the ones I or the server need to get the job done.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  6. #16
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    I mean I agree with that fully dino. Only open ports that you use, yes yes yes. I will also agree that white listing is one of the most secure practices out there, though I tend to white list MAC addresses than IPs for ultra paranoid security
    Still if you want a semi-public server a white list is impractical. But then again, that is the major trade off with security, functionality >.< Why are you setting up a WSS if you don't mind me asking dino?

  7. #17
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    The reason for WSS... Just checking out 2010. Mostly because there is an android app for monitoring my hardware http://www.androidguys.com/2010/02/1...2-cloud-decaf/

    Now that I think about it, how ****ed up is that? Install WSS on EC2 because I want to play with the Droid app?
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  8. #18
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    hahaha not f-ed at all dino >.< I have done many a ridiculous thing just to play with some little bit of software

Similar Threads

  1. Replies: 27
    Last Post: August 6th, 2005, 03:06 AM
  2. The debate
    By Negative in forum Cosmos
    Replies: 1
    Last Post: October 14th, 2004, 09:04 PM
  3. Tonights Debate and Afterthought
    By er0k in forum Cosmos
    Replies: 11
    Last Post: October 13th, 2004, 03:58 PM
  4. A heated Debate: Time Travel
    By High2Risk in forum Cosmos
    Replies: 77
    Last Post: December 24th, 2003, 07:54 AM
  5. The Great Hacker Debate...
    By Ennis in forum AntiOnline's General Chit Chat
    Replies: 11
    Last Post: September 2nd, 2002, 10:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides