How important is it to be in complete stealth mode?

[Guest BooYah]

I'm running GuardDog, but when I probed my ports at Shields Up, the only ones stelathed were 23 and 80. 21, 25, 79, 110, 113, 135, 139, 143, 443, 445, and 5000 were all "closed" All the boxes in GuardDog, except for HTTP, POP3, SMTP, and DNS are unchecked.

 

I also tried iptables -A INPUT -p tcp --syn -j DROP

 

but got the same port scan results.

 

Is it possible to be in total stealth mode, meaning to get all ports to register as "stealth?"

 

BooYah!

[Guest anon]

Firestarter will put all ports in " stealth " get it here :

http://firestarter.sourceforge.net/

[Guest BooYah]

I got the same results with Firestarter.

 

Something isn't right. FS didn't even list any hits/probes from ShieldsUp, or anywhere else for that matter. The LAN card and modem blink, and I watched the Network Monitor shoot up, so I know I was probed.

 

I'm using a LAN card to connect to an ADSL modem, and don't have any problems with surfing or email. Both firewalls were setup on eth0, as is my network connection.

 

Where should I start troubleshooting this? Thanks.

[Guest anon]

FS works fine for me, all stealth. go to a term type su then type firestarter

see if there are any error messages in the term

Im assuming you have the latest iptables 1.2.6a-1mdk

[Guest BooYah]

Thanks for the reply.

 

No error messages when I run from the terminal.

 

I do get a "logfile not found or access denied...firestarter log monitoring disabled" error message when booting-up, but I assume that's because I'm not logging in as root on bootup.

 

I'm stumped. I uninstalled and reinstalled iptables and firestarter, but no luck. The only thing I can do with firestarter is stop all network traffic-and shut myself off from the internet and my POP email.

[Counterspy]

There is too much made of being stealthed as opposed to being closed. The GRC site for Shields Up makes this clear. As long as your ports are closed, you do not have anything to worry about. The difference is being invisible where the doors cannot be seen (stealth) or being closed meaning your doors can be seen but they are all locked (closed). Machine hijackers or root kit types are not going to bother with you when there are all those unprotected machines just one ping away. Also consider that most of the test sites are geared toward Windows, not Linux. If you can find a site that does Linux-specific free scans, please post it.

 

Counterspy

[Guest Maciek]

If you want to seriously test your ports, avoid grc.com. There are at least ten sites which can test all or specific ports for free. At the moment I can remember only pcflank.com, but it may not be the best.

[Germ]

http://scan.sygatetech.com/ does a lot more in-depth scanning than grc.com

[larryt]

BooYah,

If you are still having trouble or are not satified with what you have tried, do try ipkungfu. I like it because it

is perfect for people like me who don't know ZIp about how

to set up iptables by hand.:)

 

 

www.linuxkungfu.org/

 

It is small and light and stealths everything and does

not interfere with moving around on the web or restrick

anything that I have noticed.

 

Then drop over to pcflank and let it try to get in.

 

However, I am using dial-up so don't know if there are any

ASDL issues.

 

Larry