Well,there are many online security sites which offer to scan your pc[which actually means your public IP].The most famous being Steve Gibsons GRC Shields Up.There are a bunch of people everywhere who believe that the stealth mode status gives them some sort of added security...I was one of them untill recently [I hope i'm not wrong]
Stealth is often meant invisible.But that is not the case literally.
Here is the packets captured from my fav ethereal,
*img36.exs.cx/img36/8812/etherealpacketcapture5so.th.jpg
The above was taken after initiating a scan at grc's shields up test[to be specific for "all service ports"]
Although I can post the entire packet capture session here,I clearly couldnt understand the working since it did not contain a per port probe for my destination IP,thats what baffles me.
I certainly have not understood how these security online scanners probe for each port without the packet capturing tool dispalying a probe for each & every host port.
It certainly has got to do with ICMP request/reply but that doesnt seem to indicate in the capture session.I'm looking forward for someone to enlighten me on this part.
Anyways consider 2 hosts HOST A & HOST B.
Say the HOST B is stealth [or invisible as it is more likely called],when the HOST A send a ICMP echo request,under normal circumstances if the HOST B actually did not exist then the last router on the way would send a "host unreachable" message back to HOST A but that does not happen here,since the connection times-outs after around 3 tries I think[i'm not quite sure of this].This silence of any messages forwarded back to HOST A certainly seems to indicate that there is something which is dropping traffic & not replying to echo request messages which it should normally do under the proper working of the networking model.This will certainly give a sniff of a indication to any script kiddie scanning your host computer even if its under the stealth mode state.If this is certainly the case then wont having the stealth mode tag give you nothing more than just fake mental peace?
Also I've learnt that unless you have any kind of service/s running on your host computer there is nothing a script kidde can do with a bunch of closed ports in hand.Am I right over here?
I hope I'm on the right track over here,if i'm not then please do correct me if i'm wrong.
Stealth is often meant invisible.But that is not the case literally.
Here is the packets captured from my fav ethereal,
*img36.exs.cx/img36/8812/etherealpacketcapture5so.th.jpg
The above was taken after initiating a scan at grc's shields up test[to be specific for "all service ports"]
Although I can post the entire packet capture session here,I clearly couldnt understand the working since it did not contain a per port probe for my destination IP,thats what baffles me.
I certainly have not understood how these security online scanners probe for each port without the packet capturing tool dispalying a probe for each & every host port.
It certainly has got to do with ICMP request/reply but that doesnt seem to indicate in the capture session.I'm looking forward for someone to enlighten me on this part.
Anyways consider 2 hosts HOST A & HOST B.
Say the HOST B is stealth [or invisible as it is more likely called],when the HOST A send a ICMP echo request,under normal circumstances if the HOST B actually did not exist then the last router on the way would send a "host unreachable" message back to HOST A but that does not happen here,since the connection times-outs after around 3 tries I think[i'm not quite sure of this].This silence of any messages forwarded back to HOST A certainly seems to indicate that there is something which is dropping traffic & not replying to echo request messages which it should normally do under the proper working of the networking model.This will certainly give a sniff of a indication to any script kiddie scanning your host computer even if its under the stealth mode state.If this is certainly the case then wont having the stealth mode tag give you nothing more than just fake mental peace?
Also I've learnt that unless you have any kind of service/s running on your host computer there is nothing a script kidde can do with a bunch of closed ports in hand.Am I right over here?
I hope I'm on the right track over here,if i'm not then please do correct me if i'm wrong.