cms9000

I have been reading up a little on this topic. I use to think a computer's ports must be stealthed. But from the new information I am reading that is not necessarily the case?

I usually check my ports at GRC's Shields up. I have read that a few people think they guy that runs this website is just getting people paranoid for a profit.

When the ports are stealthed they do not respond at all to incoming requests. When they are closed they respond and say that the packet was rejected. If it is true stealth, according to the website above, then no one knows you computer is there. But if they come back as closed, can this be a security problem? For example can a hacker see a closed port and find a way to get into it?

I do understand that if someone scans my ports and they are closed then they may want to keep scanning to see if they can find an open one, (How likely could that be?) If it is true stealth then they won't know the computer is there, so that makes it safer?

I am currently using Suse 11.1 64 and PC-BSD 7.1.1 On Suse the ports are all stealthed but it does not come back as true stealth, the computer responds. On PC-BSD a few ports are stealthed but almost all of them show up as closed. None that I can tell are open on either OS.

(I mentioned in another post I was done duel booting. I should say that I am done duel booting with MS Windows. )

Lazydog

Here is my take on this. The only way you are going to be STEALTH is if you drop all incoming connection that you did not request. This is usually the setup of the Linksys router/switches along with NAT'ing. If you allow one open port you are no longer stealth and someone is going to find you and might find a hole you did not plug in your defenses.

Does being STEALTH protect you? That is a matter of opinion and I've heard both sides, but if they don't know you are there how are they going to attack you.

If you are looking for protection then lock down your system, scan your logs, be aware of what is going on with your system and patch regularly. A system is only as secure as the person operating it.

__________________

Regards
Robert

Linux
The adventure of a life time.

Linux User #296285
Get Counted

sarlacii

It depends on what you are trying to hide I suppose. If it is a work server for example, then you're going to have ports open... and usually common ones at that (ftp, ssh, apop etc.). Trying to stealth things is a waste.
For a home PC system it makes a bit more sense... but since most PC's sit behind some sort of router nowdays (on DSL etc.) stealthing your PC's ports isn't really worth much, since your router's firewall is doing all the work, not your PC. The thing to work on then is the router's firewall. And there you are limited to fiddling with only what the vendor gives you access to. Some of the more expensive routers do allow for stealthing, and even various adaptive stealthing techniques. Snake oil perhaps... .
The most secure option is to just close off (stealth if you can) all incoming port connections on your router.
As soon as you need to get into your system (via ssh or if you are running a torrent/donkey client and want to allow access to your PC) then you need to add a port forward... and that opens up a port. Then all the stealths are pretty much in vain.
(Also, stealthing PC's on a LAN makes managing them totally crap)