Re: GuardDog and ICQ = Closed ports

On Fri, 04 Jul 2003 18:54:02 +0100, Richard Amuzu wrote:

> Hello folks,
> I have recently deleted muy Mandrake 9.0 installation and installed 9.1. I
> decided to use Guarddog to setup the firewall this time instead of Shorewall
> and have noticed the following.
> Allowing other chat protocols to be served from the Internet Zone such as
> Yahoo and Messenger leave all ports showing as stealthed in most scans e.g.
> sygate, grc etc. however if I enable ICQ ports
> 1024+ become closed instead of stealthed. Has anyone else seen this
> behaviour and is it a bug in the
> Guraddog iptables rules or is it to be expected.
>
> Whilst it doesn't present that much of a risk in itself I would prefer them
> to be stealthed.
>
Forget about "stealth". You cannot really hide yourself on the net this
way. You would have to make your next hop router send back a "destination
host unreachable" icmp message as an answer to others port queries. Which
you probably don't want, and obviously not can :)
In short terms, "hiding" is a sign you are there ...
--
WinXXP error#4711: TCPA/NGSCB VIOLATION: Non-approved partition-id 83 (linux)
discovered. Online-recertification and reactivation of Microsoft products
required, 3 days grace period: http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
http://moon.hipjoint.de/tcpa-palladium-faq-de.html (DE)