[FLUG] Questa è mista Win/Linux (per fare dispetto a Gecco)

• From: "Bolognini" <rlbolo@xxxxxxxxx>
• To: "fanolug" <fanolug@xxxxxxxxxxxxx>
• Date: Thu, 24 Jan 2002 16:47:24 +0100

Mailing List del Fortunae LUG
=============================

Romano wrote:

>E ricorda che Google is your friend,

Yes i know ma quando ho cercato "atd + windows" su google mi son venuti
fuori solo siti in cecoslovacco (sospetto che atd significhi qualcosa da
loro ;-) e non sapevo che altro cercare :-)

Ok questa era la reply adesso parte un'email full blown new!!

Ciao ragazzi,

se vi dicessi perché ho dovuto installare un firewall su Win mi escludereste
dal LUG ;-) e rinneghereste di avermi mai conosciuto!

Cmq sta di fatto che ho installato Sygate Personal Firewall (freeware) e per
testarlo sono andato a farmi scansionare dal sito Gibson Research
Corporation (www.grc.com) che mi ha risposto in codesto modo:

<cut>
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE!
Standard Internet behavior requires port connection attempts to be answered
with a success or refusal response. Therefore, only an attempt to connect to
a nonexistent computer results in no response of either kind. But YOUR
computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which
represents advanced computer and port stealthing capabilities. A machine
configured in this fashion is well hardened to Internet NetBIOS attack and
intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is
very uncommon for a Windows networking-based PC.) Relative to
vulnerabilities from Windows networking, this computer appears to be VERY
SECURE since it is NOT exposing ANY of its internal NetBIOS networking
protocol over the Internet.

Before You Break Out
the Champagne...
It is true that this server was unable to connect to your machine just now -
and that's definitely great news! But with the benefit of the incredible
experience I'm gaining from the impact of this site's 11,802,045 (and
counting) recent visitors, I'm rapidly evolving more robust and reliable
means of determining a remote machine's Internet vulnerability.

If all of the tested ports were shown to have stealth status, then for all
intents and purposes your computer doesn't exist to scanners on the
Internet!
It means that either your computer is turned off or disconnected from the
Net (which seems unlikely since you must be using it right now!) or an
effective stealth firewall is blocking all unauthorized external contact
with your computer. This means that it is completely opaque to random scans
and direct assault. Even if this machine had previously been scanned and
logged by a would-be intruder, a methodical return to this IP address will
lead any attacker to believe that your machine is turned off, disconnected,
or no longer exists. You couldn't ask for anything better.
There's one additional benefit: scanners are actually hurt by probing this
machine! You may have noticed how slowly the probing proceeded. This was
caused by your firewall! It was required, since your firewall is discarding
the connection-attempt messages sent to your ports. A non-firewalled PC
responds immediately that a connection is either refused or accepted,
telling a scanner that it's found a live one ... and allowing it to get on
with its scanning. But your firewall is acting like a black hole for TCP/IP
packets! This means that it's necessary for a scanner to sit around and wait
for the maximum round-trip time possible - across the entire Net, into your
machine, and back again - before it can safely conclude that there's no
computer at the other end. That's very cool.
</cut>

Anche le scansioni di Gecco e Legion con nmap non hanno portato a nessun
risultato se non quello di ritenere che nn fossi connesso. Vabbé che son due
lamer che nn fan per uno però!! ;-)

Allora la domanda è questa: come si fa a ottenere che le proprie porte siano
in stealth mode con ipchains? Could you please point me out to some docs
about it?

Altra domandina: invece di usare Norton Ghost per fare l'immagine splittata
del mio disco su tanti CD-ROM stavo pensando se fosse possibile usare il
comando dd sulla partizione Win per creare una copia del disco 1 sul mio
secondo disco in modo da ripristinarla in fretta in caso di disastri. Any
issues related to using dd on a Win2k (FAT32) partition?

Ciao,
Lo

Sia lodato Linus Torvalds!

• Follow-Ups:
  • [FLUG] Re: Questa è mista Win/Linux (per fare dispetto a Gecco)
    • From: Gecco
  • [FLUG] Re: Questa ? mista Win/Linux (per fare dispetto a Gecco)
    • From: Romano Romano

Other related posts:

• » [FLUG] Questa è mista Win/Linux (per fare dispetto a Gecco)
• » [FLUG] Re: Questa è mista Win/Linux (per fare dispetto a Gecco)
• » [FLUG] Re: Questa ? mista Win/Linux (per fare dispetto a Gecco)

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription