inetd visible on internet

Phillip Susi psusi at cfl.rr.com
Tue Mar 28 03:18:30 UTC 2006 

So called 'port stealthing' is a useless waste of time.  If an attacker 
wants to see what ports you have open, stealthing the ones you don't 
isn't going to even slow them down.  An example of what it will slow 
down is given in this article: connecting to IRC where the servers will 
typically attempt to ident you, and if you stealth, it takes them quite 
some time to give up and allow you to log on to the network.  In other 
words, the only thing port stealthing accomplishes is to annoy 
legitimate users.


'Forum Post wrote:
> https://www.grc.com/port_113.htm theres information there. a quick and
> dirty way to stealth your port 113 is to forward it using your router
> to a nonexistent address. From the site: "The trick is to use the
> router's own "port forwarding" configuration options to forward just
> port 113 into the wild blue yonder. Just tell the router to forward
> port 113 packets to a completely non-existent IP address, one way up at
> the end of your router's internal address range. The router will then
> NOT return a port closed status. It will simply forward the port 113
> packet "nowhere" . . . and your network will be returned to full
> stealth status."
> 
> 
> 
> However, I would suggest reading the page because (although rare) you
> might need to make port 113 visible for some stuff.
> 
> 
> 
> On a similar note, does anyone know something which handles stealthing
> this port dynamically? For instance ZonAlarm in windows does this: 
> 
> "When Zone Alarm receives an inbound connection request for port 113,
> it checks to see whether the computer has recently initiated any
> outbound connections to the remote server sending the IDENT request. If
> not, the IDENT packet is simply dropped, stealthing the protected
> machine. But if the user does have an existing "relationship" with the
> sender of the IDENT request, the IDENT packet is allowed to pass
> through Zone Alarm's firewall protection so that the user's system can
> respond normally (which usually means immediately returning a closed
> status for the port). This means that Zone Alarm is a "stateful packet
> inspecting personal firewall", not just a simpler static packet
> filter."
> 
>

More information about the ubuntu-users mailing list