[oclug] Stealth
Brad Barnett
bb at L8R.net
Fri Oct 11 11:00:16 EDT 2002
On 11 Oct 2002 10:43:18 -0400
GR Gaudreau <transop at sympatico.ca> wrote:
> Hi all,
> Someone on alt.os.linux.mandrake sent a post in claiming you can make
> your computer invisible (stealth) to the Internet by issuing this simple
> command as root:
>
> /sbin/iptables -A INPUT -p tcp --syn -j DROP
>
This will basically prevent connections to any open TCP ports you may
have. Do this, and you can't telnet to your box, ssh, or anything of the
sort.
However, you will still respond to ICMP(pings) and UDP. Certainly not
invisible.
If you aren't running any servers on your box, and you have no intention
of ever opening a port, this can't hurt. Then again, if you plan to offer
someone a file on IRC or with an instant messager.. the person won't be
able to connect to you.
The same sort of thing goes if you plan to host an online game of FreeCIV
or something of the like.
> Is this true and would it be a good thing for me to do, even though I'm
> connected through a router with a built-in firewall?
If your firewall is correctly configured, then it really won't help to do
this. That's because the firewall will only have open ports passed
through that you request or your machine specifically asks for (via NAT..
and NAT recognising an IRC connect or something similar).
Then again, if someone _did_ manage to put a user space trogan onto your
box, the above would prevent the trogan from listening on a port for
connects (again, if your firewall let those connects through).
>
> What does that input line mean, other than the obvious calling of
> iptables?
>
Type 'man iptables', then /--syn :P More info there.
More information about the OCLUG
mailing list