grsecurity stealth module

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

grsecurity stealth module

Postby torne » Mon Aug 12, 2002 12:55 pm

Does the grsecurity stealth module do anything different than just having my INPUT chain end with a DROP rule? My ruleset judges packets with a large number of criteria and has explicit ACCEPT rules for the servers I want to be accessible - it then passes all other packets to a ULOG/DROP chain.

I'm just curious as to if the stealth module will gain me anything. Putting it before the logdrop entry means I don't get logs of bad packets, putting it afterwards it'll never be reached.. it'd have to replace my existing rule.

Thanks in advance for information,

Torne
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm

Postby spender » Tue Aug 13, 2002 5:53 pm

It matches packets coming to unserved TCP and UDP ports. If your default target for INPUT is DROP, it won't do anything for you. It's mainly useful for servers where users are allowed to run their own servers, and the administrator doesn't know which ports are going to be used for the servers. For these systems, using a default target of DROP would not work, you need something dynamic like the stealth module to do it.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby torne » Wed Aug 14, 2002 4:58 am

That makes sense. I suspect I'll end up picking a port range in which my non-luser users can run servers (I like the 'no server sockets group' option in grsec) and using it on that. =)

T.
torne
 
Posts: 54
Joined: Mon Aug 12, 2002 12:52 pm


Return to grsecurity support