[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I change my firewall ports to stealth mode?

on 28/9/04 12:16 pm, Siju George at [email protected] wrote:
> Hi Jason!
> Thanks for the reply!
> But if I can get port 113 also in adaptive stealth mode like Zonealarm
> did then it would be better isn't it?
If you're just trying to hide, then no. Personally I send RSTs on blocked
ports, partly because I think it's more polite, but also because "filtered"
ports show there's a firewall in the way, whereas RSTs could come from a
firewall or a host.
As someone said, the only advantage to a "drop" policy is it slows down
portscans, but that's irrelevant if we're talking about just one port.
Although Zonealarm's explanation was a bit hazy, it sounds as if it simply
drops the packet if there's no state associated with the remote server,
which is easy to do with pf (just accept packets with "keep state flags
S/SAFR" and then block anything else on port 113). If Zonealarm's nmot using
states, how else can it know if there's an "existing relationship" with the
remote server...?
Oliver Humpage
ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444
E-mails received are assumed to be for my attention, to do with as I wish.
No responsibility is accepted if communications are sent to me in error.
This disclaimer has as much legal status as yours.