[oclug] stealth
Mark Harrison
Mark at ascentium.co.uk
Thu Apr 15 14:20:08 EDT 2004
----- Original Message -----
From: "Bob Lockie" <bjlockie at lockie.ca>
To: "OCLUG Mailing List" <oclug at lists.oclug.on.ca>
Sent: Thursday, April 15, 2004 7:07 PM
Subject: [oclug] stealth
> If a port scanner (ShieldsUp) reports "Stealth" then my port is being
> blocked by the ISP?
Probably...
It means it's being blocked by some security system... whether it's at your
ISP or elsewhere is a question we'd need more information to answer.
If a port isn't in use, then the spec says that an IP stack should
immediately respond with a packet saying so...
... however, the very presence of such a packet immediately confirms to the
would-be hacker that a machine actually exists on that address.
Hence some Firewalls simply drop the request packet and keep silent... thus
simulating the behaviour of "not even a machine there to answer". This is,
as noted, a violation of the IP spec, but useful nonetheless.
Regards,
Mark
More information about the OCLUG
mailing list