LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Iptables stealth patch (https://www.linuxquestions.org/questions/linux-security-4/iptables-stealth-patch-677853/)

PlatinumX 10-20-2008 01:09 PM
Iptables stealth patch
 
Hey all,

I heard about the iptables stealth patch.
I found the original site with the patch, but no information about what it is. (http://grsecurity.net/download.php)

Anybody has any idea about iptables stealth patch ?

Thanks

win32sux 10-20-2008 03:33 PM
IIRC it lets you make rules that send an inbound packet to ACCEPT only if something is listening on the destination port. If nothing is listening on the destination port the packet is instead sent to DROP.

EDIT: I wasn't sure whether my memory was working properly and I didn't wanna be giving you wrong information so I downloaded the grsecurity-2.1.11-2.4.36.2-200804211830.patch.gz file to have a look and it confirms that this is indeed what it does. I quote from the patch itself:
Code:
+CONFIG_IP_NF_MATCH_STEALTH
+  Enabling this option will drop all syn packets coming to unserved tcp
+  ports as well as all packets coming to unserved udp ports.  If you
+  are using your system to route any type of packets (ie. via NAT)
+  you should put this module at the end of your ruleset, since it will
+  drop packets that aren't going to ports that are listening on your
+  machine itself, it doesn't take into account that the packet might be
+  destined for someone on your internal network if you're using NAT for
+  instance.
+
+  If you want to compile it as a module, say M here and read
+  Documentation/modules.txt.  If unsure, say `N'.

PlatinumX 10-21-2008 04:37 AM
Quote:
IIRC it lets you make rules that send an inbound packet to ACCEPT only if something is listening on the destination port. If nothing is listening on the destination port the packet is instead sent to DROP.
I am not sure to understand it well.

In which case is it useful ?
In case of default ACCEPT policy ?

Thanks

win32sux 10-21-2008 07:26 AM
Quote:
Originally Posted by PlatinumX (Post 3317371)
I am not sure to understand it well.

In which case is it useful ?
In case of default ACCEPT policy ?
It's useful if you don't want your box to respond to port scans when your daemons aren't running.

Thus, the policy you are using isn't really that much of a factor.


All times are GMT -5. The time now is 05:20 PM.