Firewall DMZ setting to 192.168.0.0

[anacct3]

Is this a valid setting when I want incoming packets to go nowhere?

I have a DSL modem set to have the DMZ setting to 192.168.0.0 because it doesn't stealth all incoming packets according to GRC ShieldsUp.

I am wondering if there is a better way to do this, but I don't want to set it at a real IP address to later accidentally expose a real computer through DHCP.

 

[Jamsan]

Can't you just disable the DMZ option?

What model is your unit?

 

[anacct3]

Can't you just disable the DMZ option?

What model is your unit?

If I disable DMZ, then incoming packets receive a "CLOSED" response instead of "STEALTH."

 

[Nothinman]

If I disable DMZ, then incoming packets receive a "CLOSED" response instead of "STEALTH."

So?

 

[JackMDS]

With the passage of time some issues that were raises in the past are Not such a big deal any more.

When you are behind a Router ans using Software Firewall on each computer, the Close vs. Stealth is Not really such an important issue.

 

[Nothinman]

With the passage of time some issues that were raises in the past are Not such a big deal any more.

When you are behind a Router ans using Software Firewall on each computer, the Close vs. Stealth is Not really such an important issue.

It's never been an important issue. At the very best it gets some scripts to pass you over that wouldn't have before, but a closed port is a closed port whether it sends a dest unreach on connection attempt or not.

 

[JackMDS]

This isuue was actaully generated at the dawn of using Broadband Routers when the only protection was Software Firewall.

It created another degree in the evaluation of the software.

I.e. My software is Awesome it is Not just closing the ports it is also Stealthing them.

But hey, in a culture that perceives a computer that needs 500W gets better with 1200W PSU anything goes.

 

[anacct3]

This isuue was actaully generated at the dawn of using Broadband Routers when the only protection was Software Firewall.

It created another degree in the evaluation of the software.

I.e. My software is Awesome it is Not just closing the ports it is also Stealthing them.

But hey, in a culture that perceives a computer that needs 500W gets better with 1200W PSU anything goes.

I imagine it's not as big a security issue as one would make it out to be, but as between Stealth and Closed, wouldn't stealth be superior nonetheless? The person doing random port scans on random ip addresses will KNOW that ip address is closed ports is up and running whereas there is some doubt if it's Stealth. I wonder if Steve Gibson might hold the same opinion about Stealth now versus when he first created the ShieldsUp app.

Regardless, my original question was whether 192.168.0.0 is a valid setting or not since I assume the number means it goes nowhere as opposed to 192.168.255.255, which would go to all computers. So it's really a question of whether the setting is valid as opposed to how great stealth might be versus closed.

 

[Nothinman]

I imagine it's not as big a security issue as one would make it out to be, but as between Stealth and Closed, wouldn't stealth be superior nonetheless? I wonder if Steve Gibson might hold the same opinion about Stealth now versus when he first created the ShieldsUp app.

Steve Gibson's website should come with a disclaimer: he's an idiot.

Additionally, my original question was whether 192.168.0.0 is a valid setting or not since I assume the number means it goes nowhere as opposed to 192.168.255.255, which would go to all computers. So it's really a question of whether the setting is valid as opposed to how great stealth might be versus closed.

I'm actually surprised that your router lets you use 192.168.0.0 since it shouldn't be a valid choice.

 

[MindProbe]

well...since you can't really assign that number as a host. I assume you can put it in there and it will not fwd to any machine/host

 

[n0cmonkey]

Stealth means closed, it just takes longer to know that. If I attempt to connect to a port and get NO response, I know something is at that IP address and not listening on that port. I just have to wait for packets to timeout.

 

[spidey07]

Steve Gibson's website should come with a disclaimer: he's an idiot.



I'm actually surprised that your router lets you use 192.168.0.0 since it shouldn't be a valid choice.

Absolutely agree. A complete idiot with no clue about network security.

 

[JackMDS]

I would not call Gibson an Idiot, he is actually a smart guy.

There is No question that in the early days of Internet, his site and the tool that he provided, had a very important roll in making common people aware of the security trepidation for every day users while they are on the Internet.

The issue is the "chasm" between people who live in a theoretical world as oppose to the Functional World.

Yeah as pure theory Stealth is better.

However achieving, it paying for it, maintaining it, and losing the flexibility of regular Internet connection, does not merit the theoretical benefit that it is providing.

 

[Nothinman]

I would not call Gibson an Idiot, he is actually a smart guy.

Wouldn't know it to look at his site...

The issue is the "chasm" between people who live in a theoretical world as oppose to the Functional World.

And the theatrical hyperbole he tries to make his points...

 

[JackMDS]

I made a living from being capable to diciphere Functional actions from "theatrical hyperbole" in NeuroRehabilitation.

On the other hand, without people dare to Theorize we would be still in the state of long time ago, before Man separated from primates.

 

[Nothinman]

Theory and research are good things, describing a reverse DNS entry as a "supercookie" that can be used to circumvent your online privacy isn't.