RE: [TCLUG:9695] An interesting site for security

[^chewie <chewie@guinness.urw.org>]

On Tue, 2 Nov 1999, Ben Kochie wrote:

BK >wow, i guess linux must be based on stealth technology, i ran the
BK >portscanner thing on my box at work, which is behind a perfect linux
BK >ip_masq firewall (no ports open to the outside, OR inside)
BK >
BK >and it showed all my ports as closed (as it should)
BK >
BK >but it says that closed isn't good enough, SO i tried this..
BK >
BK >ipchains -A input -p TCP -d 0.0.0.0/0 23 -j REJECT
BK >
BK >and look, it now shows up as a STEATH port.. 

Oh, bad.  If you use a default policy of DENY, the querying server
won't know what's happening.  It simply won't know if a service is
being offered or not.  If you REJECT, you've given a potential hacker
a bit of knowledge.  You've told the hacker that there IS indeed a
server at that IP address and that someone has proactively REJECTED a
packet.  That means there's a firewall installed.  Time to start
looking for firewall exploits...  It gives someone a direction whereas
DENY will leave them guessing...

Later!

    ^chewie

+----------------------------------------------------+
| Chad Walstrom           mailto:chewie@wookimus.net | 
| ICQ: 9985127           http://wookimus.net/~chewie |
+----------------------------------------------------+
 Need a new truck?  Check out my '97 Explorer 2-door
   Sport at http://wookimus.net/~chewie/truck.html