grsecurity forums


https://forums.grsecurity.net./

grsecurity stealth module

https://forums.grsecurity.net./viewtopic.php?f=3&t=110

Page 1 of 1

grsecurity stealth module

PostPosted: Mon Aug 12, 2002 12:55 pm
by torne
Does the grsecurity stealth module do anything different than just having my INPUT chain end with a DROP rule? My ruleset judges packets with a large number of criteria and has explicit ACCEPT rules for the servers I want to be accessible - it then passes all other packets to a ULOG/DROP chain.

I'm just curious as to if the stealth module will gain me anything. Putting it before the logdrop entry means I don't get logs of bad packets, putting it afterwards it'll never be reached.. it'd have to replace my existing rule.

Thanks in advance for information,

Torne

PostPosted: Tue Aug 13, 2002 5:53 pm
by spender
It matches packets coming to unserved TCP and UDP ports. If your default target for INPUT is DROP, it won't do anything for you. It's mainly useful for servers where users are allowed to run their own servers, and the administrator doesn't know which ports are going to be used for the servers. For these systems, using a default target of DROP would not work, you need something dynamic like the stealth module to do it.

-Brad

PostPosted: Wed Aug 14, 2002 4:58 am
by torne
That makes sense. I suspect I'll end up picking a port range in which my non-luser users can run servers (I like the 'no server sockets group' option in grsec) and using it on that. =)

T.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/