[oclug] Stealth

[Ross Jordan]

> 
> Hi all,
> Someone on alt.os.linux.mandrake sent a post in claiming you can make
> your computer invisible (stealth) to the Internet by issuing this simple
> command as root:
> 
> /sbin/iptables -A INPUT -p tcp --syn -j DROP
> 
> Is this true and would it be a good thing for me to do, even though I'm
> connected through a router with a built-in firewall?
> 
> What does that input line mean, other than the obvious calling of
> iptables?

It will block incoming tcp connections with the syn bith set.
This helps to make your computer less visible from the net, but
certainly not invisible.

None TCP protocols will still be allowed to attempt a connect.
TCP without SYN set will be allowed (i.e. nmap FIN scan)
Your outgoing connections will show your existence to the
other end, and any machines between (including sniffers).
Lower level protocols would still be able to see you -- i.e.
arpping and such on your LAN.

That said, you'd  certainly be better off.

-Ross