[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I change my firewall ports to stealth mode?



Thankyou somuch Luke, Gragnak, Clinton Ben, Peter, Volker, Greg,
interval , for all the responses and advice!
I changed the block-policy from return to drop. Now my ports except
113 are showing up as stealthed while twsting from
http://www.grc.com/x/ne.dll?rh1dkyd2
The Port 113 was opened because the PF FAQ asked to open it for SMTP
"Auth/Ident (TCP port 113): used by some services such as SMTP and IRC. 
ICMP Echo Requests: the ICMP packet type used by ping(8). "
                                                                      
              -----from PF FAQ
I was using Zone Alarm before on a Windows200 Firewall. All its ports
were shown as Stealthed but still SMTP server access was possible!
So further digging I got this explanation from the website that
conducted the test.
""Adaptive Stealthing" means that when a TCP SYN packet arrives to
request a connection to your machine's port 113, ZoneAlarm checks, on
the fly, to see whether your machine currently has any sort of
"relationship" with the remote machine (such as a pending outgoing
connection attempt). If so, the remote machine is considered to be
"friendly" and its IDENT request packet is allowed to pass through
ZoneAlarm's firewall. But if the IDENT originating machine is not
known to ZoneAlarm as a "friendly" machine, the connection requesting
packet is dropped and discarded, rendering port 113 stealth to all
unknown port scanners. It's very slick. "
Is there any way to do this in OpenBSD?
Thanks a lot for all your replies!
God bless you all
regards
Siju