Re: iptables firewall
Mike McClain <firstname.lastname@example.org> wrote:
> On Wed, Jul 30, 2014 at 01:09:24AM +0200, Pascal Hambourg wrote:
>> You can safely ignore that "stealth" FUD.
> Why do you say it can be ignored?
If I try to connect to a system on (for example) IP 192.168.40.60 and
port 80 and there is no system with that IP, the router for the network
will tell me via an "ICMP host unreachable" package.
When my request just "vanishes" and I get no response back, I will
suspect that there is indeed a device at that IP which tries to be in
The only way to be really stealthy and hide ones network existance is to
configure the router _before_ your device to reject the packages with
the correct ICMP.
Doing on the device you want to stealth is futile.
And it will increase the traffic you receive, because normal TCP stacks
will assume a lost package and retry sending it multiple times.
If your device justs RSTs the connection or sends an "ICMP admin
prohibited" then the sending device will know what to do and stop trying
Summary: DROP does not do what you think it does.
Sigmentation fault. Core dumped.