Re: Q: How do stealth ports manage to accept a connection?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Q: How do stealth ports manage to accept a connection?

From: Ansgar -59cobalt- Wiechers <usenet-2006@planetcobalt.net>
Date: Tue Jan 31 2006 - 15:44:04 CET



Entropy1024 wrote:


> Can you explain your "Stealth port" is just advertizing nonsense


> comment more please.


> 


> Is my explenation of the three way handshake incorrect?



No. It's just that there is no such thing like "stealth" The port is


there, regardless of its state (open/closed/filtered). Even if


connection attempts are dropped, the port isn't hidden ("stealthed").



As to your question why the port shows up as filtered though connections


seem to be possible: that depends on what is done there. It may be that


only ICMP packets are dropped, but not TCP/UDP. It may be some sort of


port-knocking. You didn't provide enough information to make an educated


guess here.



You'll probably want to use a protocol analyzer (e.g. Ethereal) and take


a look at what actually happens when a connection is established. And


what exactly did you do to determine that the port is filtered?



cu


59cobalt



-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq


Received on Tue Feb  7 20:58:30 2006