Re: individual firewalls considered useless (Re: Send local mail - how?)

From: Charles Sullivan (cwsulliv_at_triad.rr.com)
Date: 01/25/05


Date: Tue, 25 Jan 2005 13:24:09 GMT

On Mon, 24 Jan 2005 22:31:04 -0800, Keith Keller wrote:

> On 2005-01-24, Charles Sullivan <cwsulliv@triad.rr.com> wrote:
>> In my particular case I have no public services and prefer to
>> appear as invisible as possible to the outside world.
>> But this router I have refuses to stealth the Ident port (113)
>> with its normal firewall rules. (I eventually found out that I
>> could have the router forward the packets to an unused IP address
>> to accomplish this.) So I wonder what other hidden "features"
>> the router might have.
>
> ''Stealthing'' the ident port on the router won't actually do a
> whole lot except protect the router from potential exploits that
> use that port. If they can ping your IP, you're already visible;

I have ping disabled also.

> being "as visible as possible" is like being a little bit pregnant.
> They know you're there, and they'll try to come and get you.
> And if you're forwarding ports to real machines inside your network,
> dropping port 113 packets won't deter anyone from finding and
> probing the ports you do have open, and probably won't delay them
> very much, either.

I have no public servers. The only open ports I'm aware of are
for DHCP and NTP, and they're restricted to specific IPs.
 
> I'm not saying that what you did is a bad idea, just don't get
> the idea in your head that somehow attackers see you ''less''
> for having done so. All you've done is protected the router
> from ident attacks.

Someone reading this newsgroup or at a website I've visited would
know there's a computer using my (dynamic) IP. But how would
anyone know whether there is still a live connection?

Regards,
Charles Sullivan



Relevant Pages

  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... So if 3389 needs forwarded on the client end too then that is what the ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
  • Re: Cost of setting up a network
    ... A router capable of acting as a VPN endpoint for more than one user simultaneously with four Ethernet ports or a switch to suit. ... The rationale for using a server here is basically that the router doesn't need to be able to decide which PC to route the connection to. ... If you are using a router which supports it, you can set up a port-forwarding inbound rule which also _translates_ the port supplied to the receiving port. ... You can use several of these connections to different machines simultaneously. ...
    (uk.comp.homebuilt)
  • How did they get behind my NAT?
    ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ... client connection using local port number 5900 (which was also being ...
    (alt.computer.security)
  • Re: Connecting to Home Computer
    ... cannot transmit IP packets outside the local network). ... assigned by your router. ... You have to add the port too, ... Determine the ports (pcAnywhere uses 5631 for DATA, 5632 for STATUS, I ...
    (microsoft.public.windowsxp.work_remotely)
  • RE: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls
    ... connections between multiple computers. ... A Linksys NAT router box is selling for only $40 at Amazon ... Besides protecting against the MSBlaster worm, a hardware ... Then the user finds about port forwarding, and as soon as the user ...
    (Full-Disclosure)