Re: adaptive stealth in ipfw?
# [EMAIL PROTECTED] / 2003-11-28 12:58:33 -0500: On 11/28/03 06:11 PM, Christian Laursen sat at the `puter and typed: Louis LeBlanc [EMAIL PROTECTED] writes: I was introduced to a fantastic web site, http://www.grc.com/ which has some impressive information about security and a number of other things. Steve Gibsons 'Shields Up' web service will scan your system and tell you where your vulnerabilities lie, and explain the ports in pretty good detail. http://www.grcsucks.com/ Hmm. Interesting site. I'm sure I'll find some interesting stuff there too, but it looks like the person running the site has no greater pupose in life than character assassination. Not that he's altogether wrong. I'd have to read more and decide myself what I really think. I'm no security expert - I'm only going on what I *do* know (or think I know), so I'd just as soon not get into a flame war over who the idiot really is - I haven't much defense for myself in the security arena :). Still, if anyone *does* know the facts, I'd like to know what the case really is with the IDENT port and adaptive stealth. don't get carried away by the nonsense at grc.com. the marketroid-speak term adaptive stealth can be normally described as stateful filtering (and dropping the packets instead of rejecting them), and it means that (in case of TCP), the target machine throws away packets that: * don't have the SYN bit set (and the ACK bit unset) * are not part of an established conversation you can completely stealth a machine if it runs no publically available servers. the problem with ident is similar to FTP: the first connection goes from you out, the other party then tries to connect to you (as far as the stack is concerned, this is a completely unrelated connection). but, the question is: what is your problem? why do you need to have identd(8) running? will anything you need break without it? if not, the correct solution to your problem is IMO to *reject* connection attempts to your port 113. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adaptive stealth in ipfw?
# [EMAIL PROTECTED] / 2003-11-28 12:18:57 -0600: At 11:11 11/28/2003, Christian Laursen, wrote: Louis LeBlanc [EMAIL PROTECTED] writes: I was introduced to a fantastic web site, http://www.grc.com/ which has some impressive information about security and a number of other things. Steve Gibsons 'Shields Up' web service will scan your system and tell you where your vulnerabilities lie, and explain the ports in pretty good detail. http://www.grcsucks.com/ Hi Christian, I'd be very interested in seeing some fair criticism of what Steve Gibson is doing. However, www.GRCsucks.com seems to have a number of broken links. Where the links work, the verbiage seems to be more confusing than clarifying. Are there other sources that give valid criticism of Steve Gibson and GRC.com? there's one, it's called knowledge. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adaptive stealth in ipfw?
On 11/30/03 04:49 PM, Roman Neuhauser sat at the `puter and typed: SNIP Still, if anyone *does* know the facts, I'd like to know what the case really is with the IDENT port and adaptive stealth. don't get carried away by the nonsense at grc.com. the marketroid-speak term adaptive stealth can be normally described as stateful filtering (and dropping the packets instead of rejecting them), and it means that (in case of TCP), the target machine throws away packets that: * don't have the SYN bit set (and the ACK bit unset) * are not part of an established conversation I think that clears things up a little. you can completely stealth a machine if it runs no publically available servers. the problem with ident is similar to FTP: the first connection goes from you out, the other party then tries to connect to you (as far as the stack is concerned, this is a completely unrelated connection). but, the question is: what is your problem? why do you need to have identd(8) running? will anything you need break without it? if not, the correct solution to your problem is IMO to *reject* connection attempts to your port 113. I don't need identd. I'm actually doing a simple reject on port 113 already, but I figured that if I could keep the system as 'invisible' as possible, that would be best. I AM running various services, but only for my own personal/family use. And I am the only one that should be accessing all of these services from outside the firewall. I had wondered if there was enough benefit to this process to make it worth the overhead. I'm beginning to think it isn't. I've not been a security overreactor for some time, and I didn't intend this to be a return to that mindset, so I'm just going to drop this and leave the default reject on port 113. The other ports I had rejected are now simply being dropped. Other than that, I check my security mailings every day, and have had no problems for a very long time. Thanks for the feedback everyone. Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ If value corrupts then absolute value corrupts absolutely. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adaptive stealth in ipfw?
Louis LeBlanc [EMAIL PROTECTED] writes: I was introduced to a fantastic web site, http://www.grc.com/ which has some impressive information about security and a number of other things. Steve Gibsons 'Shields Up' web service will scan your system and tell you where your vulnerabilities lie, and explain the ports in pretty good detail. http://www.grcsucks.com/ -- Best regards Christian Laursen ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adaptive stealth in ipfw?
Hmm. Interesting site. I'm sure I'll find some interesting stuff there too, but it looks like the person running the site has no greater pupose in life than character assassination. Not that he's altogether wrong. I'd have to read more and decide myself what I really think. I'm no security expert - I'm only going on what I *do* know (or think I know), so I'd just as soon not get into a flame war over who the idiot really is - I haven't much defense for myself in the security arena :). Still, if anyone *does* know the facts, I'd like to know what the case really is with the IDENT port and adaptive stealth. Lou On 11/28/03 06:11 PM, Christian Laursen sat at the `puter and typed: Louis LeBlanc [EMAIL PROTECTED] writes: I was introduced to a fantastic web site, http://www.grc.com/ which has some impressive information about security and a number of other things. Steve Gibsons 'Shields Up' web service will scan your system and tell you where your vulnerabilities lie, and explain the ports in pretty good detail. http://www.grcsucks.com/ -- Best regards Christian Laursen ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Imbesi's Law with Freeman's Extension: In order for something to become clean, something else must become dirty; but you can get everything dirty without getting anything clean. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adaptive stealth in ipfw?
At 11:11 11/28/2003, Christian Laursen, wrote: Louis LeBlanc [EMAIL PROTECTED] writes: I was introduced to a fantastic web site, http://www.grc.com/ which has some impressive information about security and a number of other things. Steve Gibsons 'Shields Up' web service will scan your system and tell you where your vulnerabilities lie, and explain the ports in pretty good detail. http://www.grcsucks.com/ Hi Christian, I'd be very interested in seeing some fair criticism of what Steve Gibson is doing. However, www.GRCsucks.com seems to have a number of broken links. Where the links work, the verbiage seems to be more confusing than clarifying. Are there other sources that give valid criticism of Steve Gibson and GRC.com? Start Here to Find It Fast! - http://www.US-Webmasters.com/best-start-page/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adaptive stealth in ipfw?
On Nov 28, 2003, at 10:18 AM, W. D. wrote: I'd be very interested in seeing some fair criticism of what Steve Gibson is doing. However, www.GRCsucks.com seems to have a number of broken links. Where the links work, the verbiage seems to be more confusing than clarifying. I found that to be the case as well. It looks like there is a kernel of truth to some of the allegations (ie, a false sense of security is worse than no security at all), but if anyone can recommend a reliable and accurate security scanner (other than a friend with netsaint), could they share it? Thanks. -- Paul Beard paulbeard.no-ip.org/movabletype/ paulbeard [at] mac.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: adaptive stealth in ipfw?
On Nov 28, 2003, at 2:05 PM, paul beard wrote: but if anyone can recommend a reliable and accurate security scanner (other than a friend with netsaint), could they share it? cd /usr/ports/security/nmap make install nmap -v -O -sT -p1-65535 hostname [ ...although nmap's default options are quite reasonable, too. ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]