RE: Re: question to dmler's concerning online hackers into pc's

From: Bernd D. Ratsch (bernd@texas.net)
Date: Sun Feb 03 2002 - 00:02:10 EST


Just ran the "ShieldsUP" utility....

"If all of the tested ports were shown to have stealth status, then for
all intents and purposes your computer doesn't exist to scanners on the
Internet!

It means that either your computer is turned off or disconnected from
the Net (which seems unlikely since you must be using it right now!) or
an effective stealth firewall is blocking all unauthorized external
contact with your computer. This means that it is completely opaque to
random scans and direct assault. Even if this machine had previously
been scanned and logged by a would-be intruder, a methodical return to
this IP address will lead any attacker to believe that your machine is
turned off, disconnected, or no longer exists. You couldn't ask for
anything better.

There's one additional benefit: scanners are actually hurt by probing
this machine! You may have noticed how slowly the probing proceeded.
This was caused by your firewall! It was required, since your firewall
is discarding the connection-attempt messages sent to your ports. A
non-firewalled PC responds immediately that a connection is either
refused or accepted, telling a scanner that it's found a live one ...
and allowing it to get on with its scanning. But your firewall is acting
like a black hole for TCP/IP packets! This means that it's necessary for
a scanner to sit around and wait for the maximum round-trip time
possible - across the entire Net, into your machine, and back again -
before it can safely conclude that there's no computer at the other end.
That's very cool. "

And to think, I left my software firewall off just to check. ;)

Hardware firewalls are the only true protection (and as Shane
stated...NOT on a Windows OS based machine.)



This archive was generated by hypermail 2b29 : Fri Jun 20 2003 - 12:03:57 EDT