[oclug] Stealth
Robert Brockway
robert at timetraveller.org
Fri Oct 11 10:54:27 EDT 2002
On 11 Oct 2002, GR Gaudreau wrote:
> Hi all,
> Someone on alt.os.linux.mandrake sent a post in claiming you can make
> your computer invisible (stealth) to the Internet by issuing this simple
> command as root:
Invisible is a strong word :)
> /sbin/iptables -A INPUT -p tcp --syn -j DROP
Ok, lets decode it. Append a rule to the INPUT chain (any packet destined
for the box goes through this chain) that any tcp packet with the SYN bit
set & ACK & FIN cleared gets dropped. Net result -> No one can establish
a tcp connection to you but existing connections will be unaffected.
Outgoing connections (those initiated on your box) will also be
unaffected.
Interesting idea if no one _ever_ had to establish a tcp connection to
you.
If your box was stand alone (it did not route at all) and you never, ever
wanted to get an inbound tcp connection, then this seems sound. You would
probably want to limit it to only certain interfaces or you'll have
problems with localhost.
Also worth noting that this does nothing to imcp & udp connections. I can
give some suggestions as to how to tie down icmp if you & others are
interested. udp - well, there you go :)
Cheers,
-Rob
-- Robert Brockway B.Sc. email: robert at timetraveller.org ICQ: 104781119
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah
More information about the OCLUG
mailing list