I was reading a website about the difference between stealthed and closed ports.
http://www.grc.com/faq-shieldsup.htm
A closed port will echo a packet if closed. However, a stealthed port will not respond at all.
Is it recommended to stealth all the ports you don't use? If so, how do you go about doing so?
Answer
Depends on what you're trying to do. Basically, if you don't reply with a packet saying the port is closed, you'll make life more difficult for legitimate users, but possibly also make life difficult for any attackers trying to break into the box. It won't prevent somebody scanning the box to find out what ports are open, but it might slow them down. And it might make it less likely somebody finds out your system exists in the first place.
Is it a system providing services on a well-known port to the world? (such as a web server) Then trying to "stealth" your ports won't do much. good.
Is it a system doing nothing anybody needs to know about? go for it.
You didn't say what OS, etc. you're running, so the answer to how varies. On Linux with iptables you do "-j DROP" instead of "-j REJECT", basically.
No comments:
Post a Comment