lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFnufp3xP3xjd8zy0uLKEGgbBAb0motLva=f1EbMJCfcKG=Y-w@mail.gmail.com>
Date:	Mon, 6 Jul 2015 21:44:06 +0200
From:	Matteo Croce <matteo@...nwrt.org>
To:	Valdis.Kletnieks@...edu
Cc:	Nicolas Dichtel <nicolas.dichtel@...nd.com>,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] add stealth mode

2015-07-06 12:49 GMT+02:00  <Valdis.Kletnieks@...edu>:
> On Thu, 02 Jul 2015 10:56:01 +0200, Matteo Croce said:
>> Add option to disable any reply not related to a listening socket,
>> like RST/ACK for TCP and ICMP Port-Unreachable for UDP.
>> Also disables ICMP replies to echo request and timestamp.
>> The stealth mode can be enabled selectively for a single interface.
>
> A few notes.....
>
> 1) Do you have an actual use case where an iptables '-j DROP' isn't usable?

If you mean using a default DROP policy and allowing only the traffic
do you want,
then the use case is where the port can change at runtime and you may not want
to update the firewall every time


> 2) You *do* realize that this isn't anywhere near sufficient in order
> to actually make your machine "invisible", right?  (Hint: What *other*
> packets can be sent to a machine to provoke a response?)

Other than ICMP, UDP and TCP excluding open TCP/UDP ports?

> 3) At least my copy had massive whitespace damage, where all the tab characters
> appear to have evaporated....

Sorry, I was using git sendemail first, but I got a security error from gmail,
so I copied/pasted the patch in gmail which corrupted it

-- 
Matteo Croce
OpenWrt Developer
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 CHAOS CALMER
 -----------------------------------------------------
  * 1 1/2 oz Gin            Shake with a glassful
  * 1/4 oz Triple Sec       of broken ice and pour
  * 3/4 oz Lime Juice       unstrained into a goblet.
  * 1 1/2 oz Orange Juice
  * 1 tsp. Grenadine Syrup
 -----------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ