Hi,
I believe the cloak connection failures is supposed to stealh closed ports but it doesn't seem to work... I've slightly modified the default config but ports 1153-4096 are on allow packet but the "cloak connection failures" option is ticked. However when I visit a security website e.g. ShieldsUp! (www.grc.com) these ports still show up as closed not stealthed. Why is this? I've also enabled cloak connection failures for 113 (Ident/Auth) but it also shows up as closed not steathled. The ports that I've told Wingate to drop packet e.g. 0-1152 (except 113) do show up as stealthed as expected...
Cloak connection failures not working as expected
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Cloak connection failures not working as expected
by Nil Einne » Sep 01 04 9:55 am
- Nil Einne
- Posts: 18
- Joined: Sep 28 03 12:07 am
- Location: Auckland, New Zealand
by genie » Sep 01 04 10:01 am
Hi,
If you have enabled port range then Wingate driver simply allows the packets through to the system and the OS TCP/IP stack replies whith whatever packet it thinks is suitable - like, RST, for one, which allows GRC to see that this particular port replies.
If you have enabled port range then Wingate driver simply allows the packets through to the system and the OS TCP/IP stack replies whith whatever packet it thinks is suitable - like, RST, for one, which allows GRC to see that this particular port replies.
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
by genie » Sep 01 04 10:57 am
Sorry - my last message was misleading - WG driver stops RST packets to be sent if they are initiated from WG machine - i.e. if the port is not open but driver settings allow traffic through to this port, then the system TCP stack sends RST packet which the driver effectively blocks.
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 5 guests