From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carl-Daniel Hailfinger Subject: Re: Adaptive stealthing/unstealthing of port 113 Date: Mon, 24 Apr 2006 02:54:18 +0200 Message-ID: <444C21BA.90800@gmx.net> References: <79328ea80604230451w61a266f3w59da83ef8dce2540@mail.gmail.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <79328ea80604230451w61a266f3w59da83ef8dce2540@mail.gmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: Asfand Yar Qazi Cc: netfilter@lists.netfilter.org Hi, Asfand Yar Qazi schrieb: > > "Adaptive Stealthing" means that when a TCP SYN packet arrives to > request a connection to your machine's port 113, ZoneAlarm checks, on > the fly, to see whether your machine currently has any sort of > "relationship" with the remote machine (such as a pending outgoing > connection attempt). > > I wanna do it on my ADSL firewall! Why? Just don't drop connects to port 113 but reject them with RST instead. "Adaptive stealthing" is just crap. If your machine is active on the net, it can be detected (there are exceptions, but they do NOT apply to ADSL connections and for sophisticated attackers these exceptions almost always don't apply). If your machine is switched off, you do not care. So "adaptive stealthing" gives you two chances in bullshit bingo, but not anything useful. Regards, Carl-Daniel -- http://www.hailfinger.org/