I'm already wondering why BRad has blasted networking stealth protections in tha patch...
Btw... I've seen the Stealth iptables Match.
I've seen the iptables commands in the news section...
I've a question yet:
how to not reply to UDP with ICMP Unreachables??
Just put:
iptables -A OUTPUT -p icmp --icmp-type port-unreachable -j DROP ?
do you think is a pretty-cool thing ?
Thank.
Network Protection Yet...
4 posts
• Page 1 of 1
Network Protection Yet...
by Ego^pFe » Wed Mar 06, 2002 1:01 pm
- Ego^pFe
- Posts: 7
- Joined: Wed Mar 06, 2002 12:58 pm
re:
by spender » Wed Mar 06, 2002 3:07 pm
with the second rule i have on the news page:
iptables -A INPUT -p udp -m stealth -j DROP
it will drop packets coming to unserved udp ports, so the system won't have to process it and subsequently won't send anything back.
iptables -A INPUT -p udp -m stealth -j DROP
it will drop packets coming to unserved udp ports, so the system won't have to process it and subsequently won't send anything back.
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
by hytron » Tue May 21, 2002 3:10 pm
Hi guys,
Can I use stealth match if my firewall is running on a separate machine? Would that match just for local needs? or it "scans" the whole local network and knows which ports are served and which are not?
Example is...I have a local network that have 192.168.2.x addresses with 4 machines running linux. Some of those linux machines have internal and external IP. So let's say I use stealth match on my router. Someone sends a packet to one of my local hosts with valid internet address a.b.c.d. on port 9988/TCP Does the router know (with stealth module) that that particular port on that host a.b.c.d is not served, and drops the connection and does not forward it or this is only implemented for localhost destination ports?
Can I use stealth match if my firewall is running on a separate machine? Would that match just for local needs? or it "scans" the whole local network and knows which ports are served and which are not?
Example is...I have a local network that have 192.168.2.x addresses with 4 machines running linux. Some of those linux machines have internal and external IP. So let's say I use stealth match on my router. Someone sends a packet to one of my local hosts with valid internet address a.b.c.d. on port 9988/TCP Does the router know (with stealth module) that that particular port on that host a.b.c.d is not served, and drops the connection and does not forward it or this is only implemented for localhost destination ports?
- hytron
- Posts: 7
- Joined: Mon May 20, 2002 2:20 pm
by spender » Wed May 22, 2002 10:16 am
the easy rule is if the firewall on your machine does not affect just your machine (ie. you have NAT set up) The stealth module should be placed after any rules that would apply to other machines on your network. You want to be sure that it's operating only on packets that would arrive at your machine.
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
4 posts
• Page 1 of 1