-   Linux - Software (
-   -   HELP: stealthing FCP FIN, TCP XMAS, and UDP (

Cyberian 11-26-2004 08:24 PM

HELP: stealthing FCP FIN, TCP XMAS, and UDP

How do I stealth FCP FIN, TCP XMAS, and UDP?

I am currently using Firestarter firewall.

Cyberian 11-28-2004 09:30 PM


btmiller 11-28-2004 10:06 PM

You might get more luck in the networks and/or security forums. Meanwhile, though, do you know what those terms you threw out mean? If not, install nmap and read its man page. Then read man iptables, paying particular attention to the --tcp-flags option, which will help with the XMAS TREE and FIN questions. Read about the --protocol option to iptables to learn how to figure based on the transport layer protocol.

Beyond that, we can't help too much unless you're a bit more specific about what you want to do and why.

Cyberian 11-28-2004 10:51 PM

I have no idea what they stand for. All I know is they are about security. And I feel paranoid over knowing that I failed the security test because of those 3 things.

Reason why I want to stealth them is, I want a secure computer.

btmiller 11-29-2004 01:34 AM

OK, quick explanation: TCP and UDP are transport layer protocols. For instance, every time you connect to a Web site, the HTTP protocol travels over TCP. DNS uses UDP. In virtually all networks, TCP and UDP both travel over IP, the Internet Protocol.

FIN attacks and XMAS TREE scans work by setting nonsensical combinations of options in the TCP packet header (e.g. with a FIN trying to break a nonexistent connection). Older implementations would sometimes choke on these, and this was a security hole. Also, the responses sent out to these could be used to fingerprint the OS running on the remote computer, making it easier to decide how to attack it. UDP is just a transport layer protocol.

In any case, what you need to do is read the man pages I posted above. You can make your computer drop all incoming UDP traffic not from your DNS server, for instance. if you drop all incoming TCP and UDP traffic that's not part of a connection you initiated, your machine will be stealthed.

All times are GMT -5. The time now is 06:59 AM.