From owner-freebsd-questions@FreeBSD.ORG Sun Nov 30 07:49:56 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 696D016A4CE for ; Sun, 30 Nov 2003 07:49:56 -0800 (PST) Received: from lilith.bellavista.cz (bellavista.worldonline.cz [212.90.245.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9936843F93 for ; Sun, 30 Nov 2003 07:49:54 -0800 (PST) (envelope-from neuhauser@bellavista.cz) Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10]) by lilith.bellavista.cz (Postfix) with ESMTP id EB6A528 for ; Sun, 30 Nov 2003 16:49:52 +0100 (CET) Received: by freepuppy.bellavista.cz (Postfix, from userid 1001) id B594C2FDA01; Sun, 30 Nov 2003 16:49:52 +0100 (CET) Date: Sun, 30 Nov 2003 16:49:52 +0100 From: Roman Neuhauser To: freebsd-questions@freebsd.org Message-ID: <20031130154952.GE3867@freepuppy.bellavista.cz> Mail-Followup-To: freebsd-questions@freebsd.org References: <20031128165951.GA44168@keyslapper.org> <86brqws9jn.fsf@borg.borderworlds.dk> <20031128175832.GB44168@keyslapper.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031128175832.GB44168@keyslapper.org> User-Agent: Mutt/1.5.4i Subject: Re: adaptive stealth in ipfw? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Nov 2003 15:49:56 -0000 # freebsd@keyslapper.org / 2003-11-28 12:58:33 -0500: > On 11/28/03 06:11 PM, Christian Laursen sat at the `puter and typed: > > Louis LeBlanc writes: > > > > > I was introduced to a fantastic web site, http://www.grc.com/ which > > > has some impressive information about security and a number of other > > > things. Steve Gibsons 'Shields Up' web service will scan your system > > > and tell you where your vulnerabilities lie, and explain the ports in > > > pretty good detail. > > > > http://www.grcsucks.com/ > > Hmm. Interesting site. I'm sure I'll find some interesting stuff > there too, but it looks like the person running the site has no > greater pupose in life than character assassination. Not that he's > altogether wrong. I'd have to read more and decide myself what I > really think. I'm no security expert - I'm only going on what I *do* > know (or think I know), so I'd just as soon not get into a flame war > over who the idiot really is - I haven't much defense for myself in > the security arena :). > > Still, if anyone *does* know the facts, I'd like to know what the case > really is with the IDENT port and adaptive stealth. don't get carried away by the nonsense at grc.com. the marketroid-speak term "adaptive stealth" can be normally described as stateful filtering (and dropping the packets instead of rejecting them), and it means that (in case of TCP), the target machine throws away packets that: * don't have the SYN bit set (and the ACK bit unset) * are not part of an established "conversation" you can completely "stealth" a machine if it runs no publically available servers. the problem with ident is similar to FTP: the first connection goes from you out, the other party then tries to connect to you (as far as the stack is concerned, this is a completely unrelated connection). but, the question is: what is your problem? why do you need to have identd(8) running? will anything you need break without it? if not, the correct solution to your problem is IMO to *reject* connection attempts to your port 113. -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html