is closed bad?

Discussion in 'LnS English Forum' started by aerox, Aug 17, 2003.

Thread Status:
Not open for further replies.
  1. aerox

    aerox Registered Member

    Joined:
    Jun 16, 2003
    Posts:
    5
    im sorry if already someone made this question, but when it says that a port is closed and not stealthed is that bad? what are the differences?

    thanx, and sorry for the dummy question..

    :cool:
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey aerox

    There are a lot of false reports with a lot of Online Scanning Systems recently; there’s been some discussions few topics below about it… Try getting secondary opinion, use along with other Online Scanning Systems.

    Whether a closed port is bad it’ll depend if it’ll stay closed and not become open by some means in the future. Closed ports those indicates a Machine exists and normally means the port not being Firewalled and people sees this they could possibly attack you with flood packets which could easily take you out especially with Closed port responses, also could make them investigate you further with probes.
     
  3. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    Hi aerox

    "Closed" is not bad.

    Open:
    In order for a port to be open on your system, a service or application has to be actively listening on it. Once an application or service is listening, holding open a port for connections, it is vulnerable to exploitation.

    Closed:
    Without any service or application listening on a specific port, any connection attempts to it will result in a closed response. Closed is the normal response your operating system would provide without a firewall. A closed port is secure from unwanted connection attempts and cannot be opened from the outside. Some firewalls can also be configured to provide this normal closed response to connection attempts (sometimes referred to as “reject”).

    Stealth:
    Stealth refers to firewalls “dropping” the packets from unwanted connection attempts and providing no response at all. This lack of response would make it appear there is no system there.

    Both “Closed” and “Stealth” are secure.

    Regards,

    weeNym
     
  4. aerox

    aerox Registered Member

    Joined:
    Jun 16, 2003
    Posts:
    5
    thank you both 4 the help
     
  5. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    That is NOT a dummy question.
    Here is some interesting reading:

    http://w.hansenonline.net/Networking/stealth.html
     
  6. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    I agree fully with the article mentioned above. If i'm running software (OS&Applications) i trust, then that means i trust it to keep closed ports closed and not to be attackable on closed ports. If i don't have that confidence, i can hardly console myself with a firewall.

    However, that's probably a matter of personal attitude and there's one (pro-"stealth") thing that the author of the above-mentioned articel doesn't mention and that could play a role in your considerations:
    The upstream router sending "host unreachable" messages back to the scanner if there really was no host presupposes that this router behaves fully protocol-compliant. This may not always be the case. While i don't know any router that drops these by default or can be configured to drop them - in fact i don't know any router at all close enough. But as i understand it protocol-compliance is something that is handled let's say rather flexibly, so it may well be that you have a router upstream which eouldn't spoil your stealth attempt. You'd have to try it out from a remote computer...

    HTHH,
    Andreas
     
Thread Status:
Not open for further replies.