Re: Port questionJun 25 2009 12:08AM Marco Shaw (marco shaw gmail com)
RE: Port questionJun 24 2009 10:57PM David Gillett (gillettdavid fhda edu) (1 replies)
Re: Port questionJun 25 2009 03:33PM Patrick J Kobly (patrick kobly com)
Re: Port questionJun 24 2009 10:33PM Charlie Clark (charlie funkymunkey co uk) (1 replies)
RE: Port questionJun 25 2009 04:16PM Ian Bradshaw (ian ianbradshaw net)
I think 'stealth' means it wont respond with anything to packets sent.
'closed' means it will positively respond saying your not allowed to use this port.
Generally, either is fine, as they will both result in the same action .. i.e. nothing getting though.
Some people prefer to have them all as 'stealth' as there is no way of knowing if a pc / firewall / router etc exists at the other end of the ip address - whereas if you get a response, even a closed one, then you know there is something at the other end. If an attacker gets a response, even closed, they may start port scanning more severely etc and slow down your net connection, but realistically, it doesn't particularly matter wether its closed or stealth imho.
Ian.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Charlie Clark
Sent: 24 June 2009 23:33
To: Ken Pryor
Cc: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Port question
Hi Ken,
As far as I am aware, if a port is showing up as 'closed' instead of
'filtered', which i assume you mean when you say 'stealth', it means that it is
sending a tcp reset packet to the tcp packet it received as apposed to just
dropping the packet. I am not a networking guru but I would not class that as a
bad thing as it is sticking to the RFC.
Most firewalls by default drop packets that are not explicilty allowed, unless
told to send a tcp reset, but most OS's will send a tcp reset if the port is
closed.
I hope this helps.
Regards,
Charlie
On 24 June 2009 at 15:39 Ken Pryor <kdpryor (at) gmail (dot) com [email concealed]> wrote:
> Hello all, I just joined the list and this is my first post to it. I
> am a networking noob and am not sure if this is something I should
> worry about or not. I just set up a Smoothwall Express firewall and
> later ran a Shields Up scan at grc. com It showed all ports as
> stealth except one, port 113, which it showed as closed. Shields Up
> gave my system a "failed" score based on that one port showing as
> closed. My question is, is this anything I need to worry about and,
> if so, how might I fix it?
> Thanks to all who offer their knowledge and help to those of us just
> getting started.
> Ken Pryor
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
'closed' means it will positively respond saying your not allowed to use this port.
Generally, either is fine, as they will both result in the same action .. i.e. nothing getting though.
Some people prefer to have them all as 'stealth' as there is no way of knowing if a pc / firewall / router etc exists at the other end of the ip address - whereas if you get a response, even a closed one, then you know there is something at the other end. If an attacker gets a response, even closed, they may start port scanning more severely etc and slow down your net connection, but realistically, it doesn't particularly matter wether its closed or stealth imho.
Ian.
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Charlie Clark
Sent: 24 June 2009 23:33
To: Ken Pryor
Cc: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Port question
Hi Ken,
As far as I am aware, if a port is showing up as 'closed' instead of
'filtered', which i assume you mean when you say 'stealth', it means that it is
sending a tcp reset packet to the tcp packet it received as apposed to just
dropping the packet. I am not a networking guru but I would not class that as a
bad thing as it is sticking to the RFC.
Most firewalls by default drop packets that are not explicilty allowed, unless
told to send a tcp reset, but most OS's will send a tcp reset if the port is
closed.
I hope this helps.
Regards,
Charlie
On 24 June 2009 at 15:39 Ken Pryor <kdpryor (at) gmail (dot) com [email concealed]> wrote:
> Hello all, I just joined the list and this is my first post to it. I
> am a networking noob and am not sure if this is something I should
> worry about or not. I just set up a Smoothwall Express firewall and
> later ran a Shields Up scan at grc. com It showed all ports as
> stealth except one, port 113, which it showed as closed. Shields Up
> gave my system a "failed" score based on that one port showing as
> closed. My question is, is this anything I need to worry about and,
> if so, how might I fix it?
> Thanks to all who offer their knowledge and help to those of us just
> getting started.
> Ken Pryor
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]