From: Chris Brenton <cbrenton@chrisbrenton.org>
To: netfilter <netfilter@lists.netfilter.org>
Subject: Re: How to make a computer invisible
Date: Tue, 02 Dec 2003 13:19:14 -0500 [thread overview]
Message-ID: <1070389153.2057.34.camel@grendel> (raw)
In-Reply-To: <20031202162628.GW26447@zeus.tpfm.de>
Greetings!
On Tue, 2003-12-02 at 11:26, Thomas Preissler wrote:
>
> I mean, that it looks like that the computer with the ip x is not
> reachable as the same as it is, when you address an ip that
> addresses no computer, i.e. is an unused ip.
Then using a "drop" is not quite the same. Let's say you have no
firewall and someone sends a packet to an unused IP:
packet is received by your edge router
router realizes the target IP is local off of one interface
router sends 3 ARP requests for the IP
When no ARP reply is received, router gives up and returns a host
unreachable to the source IP
Again, nmap expects the above which is why it reports "filtered" when it
hits your drop rule. This is why you can mess up its results by
returning host unreachables.
> Background: I am just experimenting and this was an interesting
> issue for me. I want to setup a whole net with UML boxes and hide
> the physical computer.
UML does this quite nicely. I was part of the crew that started
Dartmouth's security institute, as well as one of the original members
of the honeynet. In both groups we used UML extensively in the setup you
mention above. check:
http://www.ists.dartmouth.edu
They probably still have some papers up there written by Bill Stearns
and myself on the subject.
HTH,
C
next prev parent reply other threads:[~2003-12-02 18:19 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-02 4:40 How to make a computer invisible Babar Kazmi
2003-12-02 15:14 ` Michael Gale
2003-12-02 15:48 ` Chris Brenton
2003-12-02 16:01 ` Michael Gale
2003-12-02 18:09 ` Chris Brenton
2003-12-02 16:26 ` Thomas Preissler
2003-12-02 18:19 ` Chris Brenton [this message]
2003-12-02 19:48 ` Arnt Karlsen
-- strict thread matches above, loose matches on Subject: below --
2003-12-01 9:59 ph4ke
2003-11-30 18:12 Thomas Preissler
2003-11-30 18:31 ` Chris Brenton
2003-11-30 19:32 ` Leonardo Rodrigues Magalhães
2003-11-30 18:53 ` Chris Brenton
2003-11-30 19:49 ` Leonardo Rodrigues Magalhães
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1070389153.2057.34.camel@grendel \
--to=cbrenton@chrisbrenton.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.