stealth->open

Discussion in 'LnS English Forum' started by pp, Feb 2, 2004.

Thread Status:
Not open for further replies.
  1. pp

    pp Guest

    Hi,

    i'd like to ask if L'n'S allows to set firewalls reaction on unwanted packets to REJECT instead of DROP. It means I want ports to act like CLOSE and not like STEALTH. Is that possible?

    Some info about open/stealth here:
    http://www.wilderssecurity.com/showthread.php?t=12543

    thx for your help
    Pavel
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Apparently that feature has been wanted by number of people, as Alternative Option I say neat but not “instead of”.
     
  3. Pavel

    Pavel Guest

    OK, so i'll wait for new versions ;-)

    Pavel
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    I'm not sure the information mentioned here:
    http://w.hansenonline.net/Networking/stealth.html
    is valid for most of the cases.

    For me the "Destination Host Unreachable" ICMP message occurs only in some particular cases (for instance when a router is unable to route a packet). But perhaps I'm wrong.

    I tested it with two PC connected to my Internet Provider and when I disconnect one PC, I don't get these messages on the other PC.

    So, I think the stealth mode is still useful.

    Anyway, the requested feature (to be truly stealth) should be to send "Destination Host Unreachable" ICMP message and not to offer the possibility to have the PC closing the ports.
    The problem is that you will have to use your IP to send these kind of packets, and doing that you will not be stealth...
    Another way will be to spoof the IP address of the first gateway, but it is not very adequate to have a firewall doing address spoofing :)

    Frederic
     
  5. Pavel

    Pavel Guest

    Hi,

    I agree with your commnet, but I don't wanna be "truly stealth", because I run ftp and web servers.

    I would like to tell to the intruder without any hesitations: "this computer runs, all ports except 21 and 80 are closed, go away". I don't need to stealth anything.

    Pavel
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    This should be the standard behavior of Windows if you don't install a firewall.
    So you just need to deactivate the Internet Filtering, or you can create a specific rule that will let the TCP SYN packets allowed ( if you want to have anyway the other rules activated).

    Frederic
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    To have an selectable Feature in Rule Editing Dialog to send "Destination Host Unreachable" ICMP message upon matching packets would be kind-of neat for a few, however this Feature probably wont be getting used much if any by me though. Personally I don’t prefer to enhance smoother victory for the attacker when he/she wants to send flood packets knowing a response will be made which leads to bandwidth strain causing active connections to time-out and Internet Connection loss. ;)
     
Thread Status:
Not open for further replies.