> Z mého pohledu (v Linuxu) se dá nastavit port na DENY (asi neviditelný) > nebo na REJECT (ve Windows nejspíš zavřený). V konečném důsledku to znamená > totéž: Služba je nepřístupná. DENY se jeví lepší proti scannerům, protože > se dozví chybu až se značným timeoutem proti REJECT, ale v konečném důsledku > je to stejné. Služba není dostupná. Nerekl bych, ze je to stejne. Z hlediska vnejsiho utocnika rozhodne ne. Nemam ted cas se rozepisovat, tak sem pastnu aspon trochu podrobnejsi vysvetleni v en. :) pako Paco. STEALTH - if all of the tested ports were shown to have stealth status, then for all intents and purposes your computer doesn't exist to scanners on the Internet! It means that either your computer is turned off or disconnected from the Net (which seems unlikely since you must be using it right now!) or an effective stealth firewall is blocking all unauthorized external contact with your computer. This means that it is completely opaque to random scans and direct assault. Even if this machine had previously been scanned and logged by a would-be intruder, a methodical return to this IP address will lead any attacker to believe that your machine is turned off, disconnected, or no longer exists. You couldn't ask for anything better. There's one additional benefit: scanners are actually hurt by probing this machine! You may have noticed how slowly the probing proceeded. This was caused by your firewall! It was required, since your firewall is discarding the connection-attempt messages sent to your ports. A non-firewalled PC responds immediately that a connection is either refused or accepted, telling a scanner that it's found a live one ... and allowing it to get on with its scanning. But your firewall is acting like a black hole for TCP/IP packets! This means that it's necessary for a scanner to sit around and wait for the maximum round-trip time possible — across the entire Net, into your machine, and back again — before it can safely conclude that there's no computer at the other end. That's very cool. NOTE: If your system did NOT show up as stealth but you wish that it could, you;ll need to use one of the inexpensive (or FREE in the case of ZoneAlarm) personal firewalls. ------------------------------------- CLOSED is the best you can hope for without a stealth firewall in place. Anyone scanning past your IP address will immediately detect your PC, but "closed" ports will quickly refuse connection attempts. Your computer might still be crashed or compromised through a number of known TCP/IP stack vulnerabilities. Also, since it's much faster for a scanner to re-scan a machine that's known to exist, the presence of your machine might be logged for further scrutiny at a later time — for example, when a new TCP/IP stack vulnerability is discovered. You should stay current with updates from your operating system vendor since new "exploits" are being continually discovered and they are first applied upon known-to-exist machines . . . like this one! AS NOTED ABOVE: If your system did NOT show up as stealth but you wish that it could, you will need to use one of the inexpensive personal firewalls or FREE ZoneAlarm. ______________________________________________________________________ Reklama: Jak si stoji kurz koruny? http://kurzy.seznam.cz
This archive was generated by hypermail 2.1.2 : 22. 07. 2002, 00:35 CEST