Jump to content


Photo
- - - - -

Stealth Mode


  • Please log in to reply
3 replies to this topic

#1 Huangker

Huangker

    Security Hobbyist

  • Members
  • 22 posts

Posted June 06, 2007 - 11:31 AM

I've refered to KB000549 and I'm still rather confused? What exactly does stealth mode do? Does it drop all incoming unsolicited packets TCP and UDP packets? What about ICMP?


 



#2 cimes

cimes

    Security Mastermind

  • Members
  • 87 posts

Posted June 06, 2007 - 02:09 PM

"Stealth the System" is probably not well documented; however, its intentions are to minimize the information that the host sends out largely from the scanning of closed TCP and UDP ports. Specifically the option will:

1) Drop TCP RST packets sent as a result of scanning closed TCP ports
2) Drop ICMP port unreachable sent as a result of scanning closed UDP ports

Receiving such packets is a common method used by discovery scanners (nmap or even our own Retina Vulnerability Assessment scanner) to identify a host as live. Admins may make an effort to disable many of the ICMP types and even many of the ports at least inbound; however, the simple fact of knowing that a port is closed implies that a host exists. By dropping these packets that are part of the protocol we effectively prevent this method of host discovery. Of course, open ports are unaffected and finding an open port also suggests a host exists. It is simply a means to limit the amount of "discriminating" traffic originating from a Blink protected asset.


Hope this helps.



#3 Huangker

Huangker

    Security Hobbyist

  • Members
  • 22 posts

Posted June 07, 2007 - 12:05 AM

Is it possible to configure the system firewall to drop all incoming unsolicited TCP UDP and ICMP packets by adding such a rule with the lowest priority? How will this interact with the stateful application firewall?

#4 serv

serv

    Security Advocate

  • Members
  • 41 posts

Posted June 15, 2007 - 10:58 PM

You can make a test to see if you need to change something on your System.

http://www.grc.com

And then select one by one

ShieldsUP! (Textlink)

Proceed (Buttom)

and then select wich Ports shall be tested (Buttom)

Example: "Common Ports" or "All Service Ports"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users