Wireless Group Policy WLAN Radius Part 3 WLAN Radius Config WLAN Client Config Linksys BEFSR41 Firmware Linksys BEFSR41 101 Linksys WAP54G config More Linksys BEFSR config Security how-to Writing DNS Zonefiles Is ZoneAlarm Spyware? Linksys Wishlist Sendmail spamblock Bind


Privacy Feedback

To stealth or not to stealth

Stealth, when it comes to computer security, is when the computer (or other network equipment) does not issue any sort of reply to connection attempts, including ICMP echo requests (ping). I guess the idea was that if there's no response, they can't see that anything is there, and therefore you're "stealthed" from the outside world. For some reason, this was assumed to be a security enhancement because you cannot attack what you cannot see... Oh boy, is that ever wrong. "Stealth" doesn't mean you are invisible at all. Instead, it makes you stick out like a sore thumb.

Here's a picture showing a would-be attacker and your computer behind a firewall.

A simple "ping" from the attacker travels through the cloud, and to the router in front of your firewall. Next, the echo request gets to your firewall. A stealth firewall will simply drop the echo request, and no reply is sent back to the attackers' computer. So, you're invisible, right? Since there's no reply, there's no computer there, right? Wrong and wrong! If there really was no computer (or firewall) there, the router sitting in front would reply for you with a simple ICMP "host unreachable" message back to the attacker. The attacker would then know that there really is nothing there. The lack of this "host unreachable" message is a clear indication that something is there and it's dropping the packets rather than replying to them.

A simple telnet connection will yield the same result. If the attacker attempts to telnet to your computer, and your firewall simply drops the packets with no reply (stealth), then the connection attempt simply times out. Again, this is not an indication that there's nothing there, because the router did not send the "host unreachable" message. With a non-stealth setup, a reply packet is sent, and assuming no telnet server is running, the reply will be a loud "no service here." If you shut your computer off, the connection attempt will also time out, but then the router will send the "host unreachable" message back to the attacker, so they really know that you're not there at the moment. 

So, being "stealth" doesn't really add any security at all, nor does it really hide you from anyone else. Anyone who wants to really know if there's anyone at a give IP address will have no difficulty seeing that you're really there because you are trying too hard to appear not to be. Since stealth is violating the normal rules of network connectivity, it makes you more visible, not less.

© 2002-2005, HansenOnline.net