[sf-lug] [Cool little check]

maestro maestro415 at gmail.com
Sun Sep 2 22:23:54 PDT 2018


[Quoting Michael P.]
>>if you want to hide layer 2 and be more stealthy,
>>try disabling ARP queries and replies ... good luck with that.  ;->
>>Heck, why not block all layer 2 packets - just drop 'em on the floor ...
>>ultimate stealth.  Have fun!  Whee!!!  ;->


lmao...


niiice...


'maestro'


message ends.
__________________

On Sun, Sep 2, 2018 at 10:01 PM Michael Paoli <
Michael.Paoli at cal.berkeley.edu> wrote:

> RFC-1122:
> "
>              Every host MUST implement an ICMP Echo server function that
>              receives Echo Requests and sends corresponding Echo Replies.
> "
>
> Standards matter - it's what makes the Internet work (among other things).
> Now, you can play a bit loosey goosey ... but then all bets are off.
>
> But - if one follows the standards, it's mandatory to reply.
>
> So, yeah, disabling "ping" (responding to ICMP echo request with
> ICMP echo reply) - not generally a good idea.
> That however doesn't mean lots o' folks implement "not a good ideas"
> on The Internet.
>
> Some do better at generally following standards.
> E.g. Google - yes, can ping Google on The Internet.
> Many silly sites disable that.
> Oh, and if you want to be more stealthy ... blocking ping (ICMP
> echo request/reply) only hides a tiny part of layer 3,
> if you want to hide layer 2 and be more stealthy,
> try disabling ARP queries and replies ... good luck with that.  ;->
> Heck, why not block all layer 2 packets - just drop 'em on the floor ...
> ultimate stealth.  Have fun!  Whee!!!  ;->
>
> > From: maestro <maestro415 at gmail.com>
> > Subject: [sf-lug] [Cool little check]
> > Date: Sat, 1 Sep 2018 00:14:06 -0700
>
> > Saw this done by a Devuan [Systemd free Debian distro] user...
> > A lot of you probably know how to do this already but for those that
> > dont:
> > [Copied directly from them I left as they wrote it]
> >
> > To avoid pinging: go to:
> >
> > # nano  /etc/ufw/before.rules
> > And leave this section looking like this:
> >
> > # ok icmp codes
> > -A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
> > -A ufw-before-input -p icmp --icmp-type source-quench -j DROP
> > -A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
> > -A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
> > -A ufw-before-input -p icmp --icmp-type echo-request -j DROP
> > Next, go to www.grc.com and click on ShieldsUp, next screen scroll down
> to
> > Hot
> > Spots, and click on ShieldsUp again, next screen click on Proceed, next
> > screen
> > click on All Service Ports and let it check the ports, gives an ok
> result,
> > the
> > ports are neon green, and gives you this veredict:
> >
> >
> > I didn't paste the verdict but  it should say your system has achieved a
> > perfect "TruStealth" rating
> >
> >
> > 'maestro'
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> Information about SF-LUG is at http://www.sf-lug.org/<br>
> Related Information <br>
> http://www.shallowsky.com/blog/<br>
> http://explainshell.com/ <br>
>


-- 

*~the quieter you become, the more you are able to hear...*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20180902/08b34d5b/attachment.html>


More information about the sf-lug mailing list