Thread: Superhub Port 53 open by default on SH2?
View Single Post
Old 12-02-2014, 02:46   #5
qasdfdsaq
cf.mega poster
 
Join Date: Aug 2004
Posts: 11,207
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
Re: Port 53 open by default on SH2?
Quote:
Originally Posted by RainmakerRaw View Post
As for the whole stealth v closed thing though, it's not really as big a deal as is made out at times. Or at least if you listen to Kaspersky et al. who stopped their firewall 'stealthing' ports in 2009.

They argue (and I would agree) that a 'stealthed' system is the opposite of invisible. If you ping/telnet/whatever a node on the internet standard network protocol dictates you get a 'pong'/reply, or else a 'host unreachable' if it doesn't exist. With a 'stealth' machine the ping is simply dropped silently; automatically, therefore, confirming that there is a machine but that it's refusing to answer either way.
Theoretically that's how it's supposed to work but it never works that way in practice.

Virtually all major providers do not propagate "Host unreachable" messages outside the local network. Hence, in almost all cases where the source is outside the LAN, both non-existent and "stealth" machines respond in exactly the same way, both dropping silently and not giving a host unreachable response.

---------- Post added at 01:46 ---------- Previous post was at 01:42 ----------

Quote:
Originally Posted by Milambar View Post
A networking expert friend of mine reliably informs me that "stealth" breaks the internet, as the RFC says the port should reply as open or closed. A minor point I guess.

RainmakerRaw is absolutely correct that a stealthed port is more noticable than a closed one, for the very fact that it indicates there IS a machine there, in order to silently drop the packet, rather than just reply unreachable. Stealh is NOT better, despite what GRC says.
See above. As a result of the vast majority of providers already not operating in the "correct" fashion, the internet is already broken. But there is nothing of importance that relies on proper responses in this regard anyway. Host unreachable messages are only of real importance to administrators of the network concerned, and not to external/consumer applications.

That said I've repeatedly pointed out to some chagrin from others that adding various sites you don't want to access to your hosts file under "127.0.0.1" also "breaks" the internet, technically, but nobody seems to care.
qasdfdsaq is offline   Reply With Quote