From owner-freebsd-questions@FreeBSD.ORG Sun Nov 30 13:00:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E55B16A4CE for ; Sun, 30 Nov 2003 13:00:24 -0800 (PST) Received: from out012.verizon.net (out012pub.verizon.net [206.46.170.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E91343FAF for ; Sun, 30 Nov 2003 13:00:22 -0800 (PST) (envelope-from leblanc@keyslapper.org) Received: from keyslapper.org ([151.199.43.207]) by out012.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20031130210021.RRMD38.out012.verizon.net@keyslapper.org> for ; Sun, 30 Nov 2003 15:00:21 -0600 Received: from keyslapper.org (localhost [127.0.0.1]) by keyslapper.org (8.12.8p1/8.12.8) with ESMTP id hAUL0Ofa017962 for ; Sun, 30 Nov 2003 16:00:24 -0500 (EST) (envelope-from leblanc@keyslapper.org) Received: (from leblanc@localhost) by keyslapper.org (8.12.8p1/8.12.8/Submit) id hAUL0Ot2017961 for freebsd-questions@freebsd.org; Sun, 30 Nov 2003 16:00:24 -0500 (EST) Date: Sun, 30 Nov 2003 16:00:24 -0500 From: Louis LeBlanc To: freebsd-questions@freebsd.org Message-ID: <20031130210023.GA17776@keyslapper.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <20031128165951.GA44168@keyslapper.org> <86brqws9jn.fsf@borg.borderworlds.dk> <20031128175832.GB44168@keyslapper.org> <20031130154952.GE3867@freepuppy.bellavista.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20031130154952.GE3867@freepuppy.bellavista.cz> User-Agent: Mutt/1.5.5.1i X-Authentication-Info: Submitted using SMTP AUTH at out012.verizon.net from [151.199.43.207] at Sun, 30 Nov 2003 15:00:21 -0600 Subject: Re: adaptive stealth in ipfw? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Nov 2003 21:00:24 -0000 On 11/30/03 04:49 PM, Roman Neuhauser sat at the `puter and typed: > > > > Still, if anyone *does* know the facts, I'd like to know what the > > case really is with the IDENT port and adaptive stealth. > > don't get carried away by the nonsense at grc.com. the > marketroid-speak term "adaptive stealth" can be normally > described as stateful filtering (and dropping the packets > instead of rejecting them), and it means that (in case of TCP), > the target machine throws away packets that: > > * don't have the SYN bit set (and the ACK bit unset) > * are not part of an established "conversation" I think that clears things up a little. > you can completely "stealth" a machine if it runs no publically > available servers. the problem with ident is similar to FTP: the > first connection goes from you out, the other party then tries > to connect to you (as far as the stack is concerned, this is a > completely unrelated connection). > > but, the question is: what is your problem? why do you need to > have identd(8) running? will anything you need break without it? > if not, the correct solution to your problem is IMO to *reject* > connection attempts to your port 113. I don't need identd. I'm actually doing a simple reject on port 113 already, but I figured that if I could keep the system as 'invisible' as possible, that would be best. I AM running various services, but only for my own personal/family use. And I am the only one that should be accessing all of these services from outside the firewall. I had wondered if there was enough benefit to this process to make it worth the overhead. I'm beginning to think it isn't. I've not been a security overreactor for some time, and I didn't intend this to be a return to that mindset, so I'm just going to drop this and leave the default reject on port 113. The other ports I had rejected are now simply being dropped. Other than that, I check my security mailings every day, and have had no problems for a very long time. Thanks for the feedback everyone. Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ "If value corrupts then absolute value corrupts absolutely."