eEye Digital Security

I've refered to KB000549 and I'm still rather confused? What exactly does stealth mode do? Does it drop all incoming unsolicited packets TCP and UDP packets? What about ICMP?

"Stealth the System" is probably not well documented; however, its intentions are to minimize the information that the host sends out largely from the scanning of closed TCP and UDP ports. Specifically the option will:

1) Drop TCP RST packets sent as a result of scanning closed TCP ports
2) Drop ICMP port unreachable sent as a result of scanning closed UDP ports

Receiving such packets is a common method used by discovery scanners (nmap or even our own Retina Vulnerability Assessment scanner) to identify a host as live. Admins may make an effort to disable many of the ICMP types and even many of the ports at least inbound; however, the simple fact of knowing that a port is closed implies that a host exists. By dropping these packets that are part of the protocol we effectively prevent this method of host discovery. Of course, open ports are unaffected and finding an open port also suggests a host exists. It is simply a means to limit the amount of "discriminating" traffic originating from a Blink protected asset.

Hope this helps.

You can make a test to see if you need to change something on your System.

http://www.grc.com

And then select one by one

ShieldsUP! (Textlink)

Proceed (Buttom)

and then select wich Ports shall be tested (Buttom)

Example: "Common Ports" or "All Service Ports"