 |
 |
"Stealth" Firewall?
|
|
|
|
|
Grizzled Veteran
Join Date: Jan 2005
Location: New Zealand
Status:
Offline
|
|
Hey all,
I just read over here, one user (7on) said that Tiger had a "Stealth" Firewall - does anyone know what he meant by stealth? What makes the firewall in Tiger so great, and what has it improved on from Panther?
Thanks. 
|
|
MBP 15" C2D 2.2GHz 4.0GB 500GB@5400
iPhone 4 32GB Black
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Nov 2004
Location: Belgium
Status:
Offline
|
|
When someone tries to access a computer that has a normal non-stealth firewall but gets blocked then the Firewall will send back a reply saying "no you can't come in, go away". Now while the "hacker" can't get in, he does know that there is indeed a machine that responds so he can look for alternate ways to enter the machine. With a stealth firewall the firewall will just "act dead" the access attempt of the "hacker" will just go lost just like it would when there was no computer. Now for the hacker it will seem that there is no computer there to hack.
Or something like that.
|
iMac 20" C2D 2.16 | Acer Aspire One | Flickr
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: May 2005
Status:
Offline
|
|
Gallagher,
you are quite right. You can test this very easily by trying to ping your machine from another system (you need to be on the same network though). When you turn on stealth mode, pings immediately stop as there no longer is an "answer" from your system.
Andrea
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Oct 1999
Location: North Coast
Status:
Offline
|
|
Originally Posted by andreadeca
Gallagher,
you are quite right. You can test this very easily by trying to ping your machine from another system (you need to be on the same network though). When you turn on stealth mode, pings immediately stop as there no longer is an "answer" from your system.
Andrea
Holy helpful new member. You've been Superman in a few places it appears. Welcome and thanks for the contributions.
As for the thread: I very much like that Apple added this feature!
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
It would help if people would search, since topics like this one come up multiple times over short periods. We may really need a comprehensive FAQ. As Millennium stated in the previous thread, it may be desirable to have a port report that it's closed, since it then sometimes prompts assailants to perform more comprehensive, time-consuming port scans.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2005
Location: 888500128
Status:
Offline
|
|
stealthing is also undesirable for other reasons, not the least of which is that it violates networking etiquette.
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Feb 2001
Location: zurich, switzerland
Status:
Offline
|
|
Spheric, Big Mac. You have your opinions, but stealthing is perfectly ok. If the NIC responds to ICMP stuff, there is just as much probability that someone will portscan you than if you stealth the network. The only reason someone would redouble their efforts would be if they think that there is something worth getting for their trouble.
As for net etiquette, really, what on earth do you think is stealthing supposed to have to do with etiquette? Is it somehow polite to leave your front door open so that thieves can just walk in?
|
|
weird wabbit
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Don't get me wrong, theolein, I like stealthed firewalls. My particular hardware router does not properly stealth one port, so it was nice to find out that there is some utility to that. If there is no response from a particular IP address the port scanner moves on, but if there is a response it takes extra time to scan the address thoroughly. It really does not make that much of a difference in the long run. Spheric's point was that stealth ports violate the RFC guideline, since there is supposed to be a response if there is a device present. It does not require the port to be open, so it is not analogous to leaving your door open. Stealthing is like cloaking your front door, whereas the guidelines would prefer you to simply lock it. Again, it's not a big issue. In any case, my main concern was that this thread is redundant.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Status:
Offline
|
|
Originally Posted by Big Mac
It would help if people would search, since topics like this one come up multiple times over short periods. We may really need a comprehensive FAQ. As Millennium stated in the previous thread, it may be desirable to have a port report that it's closed, since it then sometimes prompts assailants to perform more comprehensive, time-consuming port scans.
That's not really what I meant. What I meant to say is that each ping in a port scan takes so long to time out that a hacker will generally give up after the first few pings -assuming there's no machine there- and leave you alone. A full portscan can take longer, but it will still throw a fair amount of crap traffic on your network while it's in progress. Even if a hacker is very persistent and scans a fully-stealthed machine, it will go so slowly that this extra traffic will make basically no difference.
|
|
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
