adaptive stealth in ipfw?
Louis LeBlanc
freebsd at keyslapper.org
Sun Nov 30 13:00:24 PST 2003
On 11/30/03 04:49 PM, Roman Neuhauser sat at the `puter and typed:
> > <SNIP>
> > Still, if anyone *does* know the facts, I'd like to know what the
> > case really is with the IDENT port and adaptive stealth.
>
> don't get carried away by the nonsense at grc.com. the
> marketroid-speak term "adaptive stealth" can be normally
> described as stateful filtering (and dropping the packets
> instead of rejecting them), and it means that (in case of TCP),
> the target machine throws away packets that:
>
> * don't have the SYN bit set (and the ACK bit unset)
> * are not part of an established "conversation"
I think that clears things up a little.
> you can completely "stealth" a machine if it runs no publically
> available servers. the problem with ident is similar to FTP: the
> first connection goes from you out, the other party then tries
> to connect to you (as far as the stack is concerned, this is a
> completely unrelated connection).
>
> but, the question is: what is your problem? why do you need to
> have identd(8) running? will anything you need break without it?
> if not, the correct solution to your problem is IMO to *reject*
> connection attempts to your port 113.
I don't need identd. I'm actually doing a simple reject on port 113
already, but I figured that if I could keep the system as 'invisible'
as possible, that would be best. I AM running various services, but
only for my own personal/family use. And I am the only one that
should be accessing all of these services from outside the firewall.
I had wondered if there was enough benefit to this process to make it
worth the overhead.
I'm beginning to think it isn't.
I've not been a security overreactor for some time, and I didn't
intend this to be a return to that mindset, so I'm just going to drop
this and leave the default reject on port 113. The other ports I had
rejected are now simply being dropped. Other than that, I check my
security mailings every day, and have had no problems for a very long
time.
Thanks for the feedback everyone.
Lou
--
Louis LeBlanc leblanc at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org Ô¿Ô¬
"If value corrupts then absolute value corrupts absolutely."
More information about the freebsd-questions
mailing list