Is there a way, and if so how, to stealth all of my TCP/IP ports?

I want the system set up to not send a response to a scan, so it makes a scanner think my IP is not real.

Right now, most are showing closed.

Closed is good.

But not good enough. I dont want my system to respond at all to any scan.

A closed response will tell a scanner that my IP exists. And a closed port can still by easily compromised, such as buffer overflows and such.

Hi, Steph, I am using the rule set from stronger firewall, just modified to reflect my system:
http://www.tldp.org/HOWTO/IP-Masquer...-examples.html
I am on DSL - PPPoE, I scan my system with nmap to see what's up, and all the ports are filtered, according to dslreports.com security test my address is not pingable, according to grc.com ShieldsUp all Windows-weak ports are stealth - but I care less about grc goop, nmap shows that all ports are filtered
P.S. When portscanning with nmap make sure you scan from a remote machine.
P.S.2. I just pinged my machine from my another machine and I got network is unreachable response. So it works great
Ooopsie, I was off the net, now when I am on I got 100% packet lost, so it works!!!

If you are using Mdk 8.2, you can use tinyfirewall that's part of the drakxtools-newt rpm package. It used to be part of Control Centre but although that's not the case now, it's still there.

Type tinyfirewall at the command line to bring up the config window, answer a few questions, save & exit = stealth ports!


Dutch

Try Portsentry.

i use iptables on my firewall and set it to drop all incoming ICMP packets. if your firewall drops the packets, any machine attempting to connect will get "host unreachable" rather than a port blocked message. try and ping my box: endrium.com. :-)

You might want to rethink that.Ping and traceroute work like a charm

Try this:

http://monmotha.mplug.org/firewall/index.php

"MonMotha's IPTables firewall is a simple shell script written in BASH. It has no extra subs or functions that I define, it's just run from top to bottom. Hopefully this will make it fairly easy to work with. The firewall attempts to make setting up a firewall on a linux system running a 2.4 Linux kernel as easy or easier than installing most other software "

Also i see on a security article, i dont remenber what article, that they recommend install a firewall and Portsentry at the same time.

Originally posted by Stephanie
But not good enough. I dont want my system to respond at all to any scan.
TCP and UDP have distinct responses for reacting to connection requests when a port is open or closed, see for example alt.hacking FAQ, Fyodors The Art of Port Scanning and Phrack nr 49 text 15.

And a closed port can still by easily compromised, such as buffer overflows and such.
Nope :-]
If a skiddie finds a port closed it means there's no daemon to connect to or it's been shielded for (any|their) address or range etc etc. Skiddie needs an established connection (3-way handshake) before being able to inject stuff.

HTH somehow.

As unSpawn says Fyodor's great article is a must to read. You will see that when ping sweep mode is on nmap wont look at ping replies but it will look for a tcp-reset reply from the scanned host and show that port as closed.

With iptables you can trick the scanners. With iptables PSD (Port Scan Detection) module search the google there are lots of nice examples on how to use psd module.