Re: Port Scans - grc.com vs pcflank.com Who do I believe?

"Lew Pitcher" <lpitcher@sympatico.ca> wrote in message
news:l7mbib.va6.ln@merlin.l6s4x6-4.ca...
> Joe Shmoe wrote:

> FWIW, "stealth" is GRC's way of saying that their scanner didn't receive
> /any/ response from the scanned port. TCP/IP is /supposed/ to send back
> a response, either positive or negative, to access attempts. "Stealth"
> indicates a deliberately broken TCP/IP implementation (from the POV of
> the standards). It seems to me that you either have to have /all/ ports
> stealthed, or none. The objective is to look as if you don't exist, and
> if you stealth /some/ ports, but not others, a black-hat can determine
> which ports have been stealthed (by the absence of response), and
> attempt appropriate breakins.
>
Actually stealth means that your PC doesn't exist on the internet according
to port scanners, it is the same as the DROP parameter on iptables.
If all your ports are stealthed (DROP) then a port scanner thinks that your
PC is turned off and doesn't keep trying to get in - he may try and see if
you are online later though.
of course if you have ports open (like web server etc) you will just let a
scanner know you are up on security which might stop script kiddies but
would constitute a challenge to the serious hacker.
If the port is closed the hacker knows a PC is there so may be vunerable in
the future,. Stealthed is the best you can get (and as far as I know in this
security concious world is not broken.

Mike.