LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-20-2008, 02:09 PM   #1
PlatinumX
Member
 
Registered: May 2008
Location: France
Distribution: Debian / Fedora / Gentoo
Posts: 178

Rep: Reputation: 15
Question Iptables stealth patch


Hey all,

I heard about the iptables stealth patch.
I found the original site with the patch, but no information about what it is. (http://grsecurity.net/download.php)

Anybody has any idea about iptables stealth patch ?

Thanks
 
Old 10-20-2008, 04:33 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
IIRC it lets you make rules that send an inbound packet to ACCEPT only if something is listening on the destination port. If nothing is listening on the destination port the packet is instead sent to DROP.

EDIT: I wasn't sure whether my memory was working properly and I didn't wanna be giving you wrong information so I downloaded the grsecurity-2.1.11-2.4.36.2-200804211830.patch.gz file to have a look and it confirms that this is indeed what it does. I quote from the patch itself:
Code:
+CONFIG_IP_NF_MATCH_STEALTH
+  Enabling this option will drop all syn packets coming to unserved tcp
+  ports as well as all packets coming to unserved udp ports.  If you
+  are using your system to route any type of packets (ie. via NAT)
+  you should put this module at the end of your ruleset, since it will 
+  drop packets that aren't going to ports that are listening on your 
+  machine itself, it doesn't take into account that the packet might be 
+  destined for someone on your internal network if you're using NAT for 
+  instance.
+
+  If you want to compile it as a module, say M here and read
+  Documentation/modules.txt.  If unsure, say `N'.

Last edited by win32sux; 10-20-2008 at 04:49 PM.
 
Old 10-21-2008, 05:37 AM   #3
PlatinumX
Member
 
Registered: May 2008
Location: France
Distribution: Debian / Fedora / Gentoo
Posts: 178

Original Poster
Rep: Reputation: 15
Quote:
IIRC it lets you make rules that send an inbound packet to ACCEPT only if something is listening on the destination port. If nothing is listening on the destination port the packet is instead sent to DROP.
I am not sure to understand it well.

In which case is it useful ?
In case of default ACCEPT policy ?

Thanks
 
Old 10-21-2008, 08:26 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by PlatinumX View Post
I am not sure to understand it well.

In which case is it useful ?
In case of default ACCEPT policy ?
It's useful if you don't want your box to respond to port scans when your daemons aren't running.

Thus, the policy you are using isn't really that much of a factor.

Last edited by win32sux; 10-21-2008 at 12:20 PM.
 
  


Reply

Tags
grsecurity, iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables to stealth <pass> shieldsup CQ1ST Linux - Security 5 04-26-2008 11:04 AM
Stealth iptables ruleset Mux Linux - Security 10 02-21-2007 03:54 AM
IPTables help needed: Can't stealth ports 0 and 1? techchiq Linux - Security 8 09-20-2004 12:24 AM
IPTables in Stealth mode bentman78 Linux - Networking 1 04-06-2004 04:43 PM
iptables - advanced port blocking/stealth mode siymann Linux - Security 1 10-26-2001 06:21 AM


All times are GMT -5. The time now is 02:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration