Firewall Stealth Mode?

As I understand, when the external interface of a firewall is being
scanned by "nessus", "nmap", or/and other scanning tools, one should
not be able to "see" any opening services, EVEN though services, e.g.,
web, mail, ftp, are published their services using the IP address of
the external interface of the firewall.

Recently, a security consultant explained to me that the stealth mode
of a firewall is meant just that the firewall does not respond to ICMP
only, therefore when the firewall is scanned, the services published
using that IP address are still visible/reported.

Any comments are appreciated.

A Monk
Received on Mon May 1 00:55:57 2006