Online Armor failed TCP Null Packet on my comp

Discussion in 'other firewalls' started by nightingale, Apr 24, 2008.

Thread Status:
Not open for further replies.
  1. nightingale

    nightingale Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    14
    AS I am not very clever how do I stealth this ?Below is what Flank said after my testing.Please in language I can understand lol.So many smart people here me head hurts .Thanks to whoever can help .:)

    We have sent following packets to TCP:1 port of your machine:

    * TCP ping packet
    * TCP NULL packet
    * TCP FIN packet
    * TCP XMAS packet
    * UDP packet

    Here is the description of possible results on each sent packet:
    "Stealthed" - Means that your system (firewall) has successfuly passed the test by not responding to the packet we have sent to it.
    "Non-stealthed" - Means that your system (firewall) responded to the packet we have sent to it. What is more important, is that it also means that your computer is visible to others on the Internet that can be potentially dangerous.

    Packet' type Status
    TCP "ping" stealthed
    TCP NULL non-stealthed
    TCP FIN stealthed
    TCP XMAS stealthed
    UDP stealthed

    Recommendation:
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,

    I don't know what flank you're talking about - pcflank? But if so, their tests are not very reliable.

    Besides, if I gather it correctly, because I don't really know what they intended, the test involves sending a packet supposedly coming from port 0. And the firewall is supposed to drop these or forward to a virtual address.

    You could create an advanced rule telling OA to forward all packets coming from port 0 to some virtual address like 192.168.22.123. Then repeat the test.

    Either way, it's meaningless.

    Mrk
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi nightingale,

    Personally, I have never worried about a "non-stealthed" setup.

    The firewalls that advertise such are usually just giving ref to TCP-SYN scans anyway. Most will fail on the numerous scans available.

    What you need to watch for, is for any "Open" ports. Beyond that, you should have no problem with unsolicited inbound.

    As a note:
    There are many more scan types than shown in the above post. So even if a "stealth" (waste of time) was shown, then other scans can show activity (as I have mentioned before)


    nightingale, ignore those results and move on. Just watch for any "open" ports.

    - Stem
     
  4. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Stem, please, could you explain what is this "TCP-null" about ? :)
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi alex_s,

    It is just a TCP packet with no flags set.
    Have a search for "null scan"

    one example:-
    http://www.networkuptime.com/nmap/page3-6.shtml
     
Thread Status:
Not open for further replies.