adaptive stealth in ipfw?
freebsd at keyslapper.org
Fri Nov 28 08:59:52 PST 2003
I have a question about 'adaptive stealthing' for port 113.
First, adaptive stealth means that unless the remote system has a
previous relationship with the local system, any request on the
stealthed port results in a dropped packet, or an unreachable host. I
assume that means the unreach keyword is used in the ipfw command, but
please correct me if I'm wrong.
I was introduced to a fantastic web site, http://www.grc.com/ which
has some impressive information about security and a number of other
things. Steve Gibsons 'Shields Up' web service will scan your system
and tell you where your vulnerabilities lie, and explain the ports in
pretty good detail.
One thing I found is that port 113 is a tricky problem. Simply
stealthing the port altogether can cause potential problems with
connectivity. Leaving it closed avoids the problem, but may be an
invite to aggressive and unscrupulous individuals. Steve describes
the practice of adaptive stealthing, which is practiced by the 'Zone
Alarm' personal firewall (a Windows based Freeware product). So I got
curious about this and read up a little on ipfw(8). The real problem
is that I'm a bit slow with the finer points of intelligent firewalls
and can't seem to pick up the nontrivial technical details - short
span of attention when I get time to look at it, probably.
So I'd like to hear some thoughts on the subject from those that have
done it or are familiar with it. I'm fully aware that it may be an
unnecessary step, given that I still have other ports open, but I am
curious about it and would appreciate an explanation on how it can be
done through ipfw.
Louis LeBlanc leblanc at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
problem drinker, n.:
A man who never buys.
More information about the freebsd-questions