PDA

View Full Version : stealth->open

pp
February 2nd, 2004, 06:57 AM
Hi,

i'd like to ask if L'n'S allows to set firewalls reaction on unwanted packets to REJECT instead of DROP. It means I want ports to act like CLOSE and not like STEALTH. Is that possible?

Some info about open/stealth here:
http://www.wilderssecurity.com/showthread.php?t=12543

thx for your help
Pavel
Phant0m
February 4th, 2004, 12:05 PM
Apparently that feature has been wanted by number of people, as Alternative Option I say neat but not “instead of”.
Pavel
February 5th, 2004, 02:48 AM
OK, so i'll wait for new versions ;-)

Pavel
Frederic
February 6th, 2004, 02:27 PM
Hi,

I'm not sure the information mentioned here:
http://w.hansenonline.net/Networking/stealth.html
is valid for most of the cases.

For me the "Destination Host Unreachable" ICMP message occurs only in some particular cases (for instance when a router is unable to route a packet). But perhaps I'm wrong.

I tested it with two PC connected to my Internet Provider and when I disconnect one PC, I don't get these messages on the other PC.

So, I think the stealth mode is still useful.

Anyway, the requested feature (to be truly stealth) should be to send "Destination Host Unreachable" ICMP message and not to offer the possibility to have the PC closing the ports.
The problem is that you will have to use your IP to send these kind of packets, and doing that you will not be stealth...
Another way will be to spoof the IP address of the first gateway, but it is not very adequate to have a firewall doing address spoofing :)

Frederic
Pavel
February 7th, 2004, 05:03 AM
Hi,

I agree with your commnet, but I don't wanna be "truly stealth", because I run ftp and web servers.

I would like to tell to the intruder without any hesitations: "this computer runs, all ports except 21 and 80 are closed, go away". I don't need to stealth anything.

Pavel
Frederic
February 7th, 2004, 06:16 AM
Hi,

This should be the standard behavior of Windows if you don't install a firewall.
So you just need to deactivate the Internet Filtering, or you can create a specific rule that will let the TCP SYN packets allowed ( if you want to have anyway the other rules activated).

Frederic
Phant0m
February 7th, 2004, 06:49 AM
To have an selectable Feature in Rule Editing Dialog to send "Destination Host Unreachable" ICMP message upon matching packets would be kind-of neat for a few, however this Feature probably wont be getting used much if any by me though. Personally I don’t prefer to enhance smoother victory for the attacker when he/she wants to send flood packets knowing a response will be made which leads to bandwidth strain causing active connections to time-out and Internet Connection loss. ;)