Re: opening ports

[Mike McCarty <Mike.McCarty@sbcglobal.net>]

Jochen Schulz wrote:
> Mike McCarty:
>
> > Andrei Popescu wrote:
> >
> >
> > > firewall are sometimes called "filtered" (by nmap) or "stealth" (by
> > > some Windows firewalls).
> >
> > A stealthed port appears not to exist to the external world,
> > but that does not mean that there is no service "listening"
> > on it.
>
>
> "Stealthed" almost always means that there is a service listening on
> that port, but traffic to it is being filtered somehow. However,
> "pretending not to exist" is not possible for a computer with a public
> IP address anyway. Even if you drop *every* incoming packet, an attacker

Certainly what you say here is true. However, *my* machine pretends
not to exist. I get (well, my router gets) a leased IP address.

> still knows that you are there from the absence of an ICMP message from
> your ISP's router that there is no computer with your IP address.

Hmm. Yes, you are probably right. I hadn't thought of that. But I don't
run "completely stealth". I have the "e-mail query" port non-stealth,
but closed. Otherwise, I get long delays on mail delivery sometimes :-)

> > Also, the term "stealth" has been around longer than Windows
> > firewalls, I do believe.
>
>
> Don't know. It is a marketing term, that's for sure.

Prolly.

As I said, I'm not an expert on these matters.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!