mguy27

So I'm not a net wiz or anything, but I get the general idea behind IP addys and such. My question is about rDNS. I have read that turning off/disabling a reverse DNS for your computer can be a good thing and essentially make you more stealthy on the net. How does one go about doing this?

Also, at work, they IT dept has some how managed to "close" every single port and hide the UDP's. How does that get done?

Thanks!

grue155

It's a site-specific management policy decision. Somebody, designated the DNS admininstrator, has responsibility for what goes into the DNS records. The data gets typed into the proper record format, loaded into the authorative DNS server, and from there, is propagated out over the Internet.

Reverse DNS is not a steathly-or-not indicator. From my own experience, its more an indicator of the competence of the site DNS admin, and some measure of how legit the site is. No rDNS is a mark in the checkbox to consider the site as rogue, and subject to being blocklisted. Malware sites don't spend the time to do rDNS setup, because most of the time, they can't (like they would provide an rDNS for their zombie bots? What's the point of having an anonymous zombie army then, if I can block the entire army with a DNS lookup?)

That's easy. Firewall it at the Internet router.

mguy27

That is pretty helpful, thanks. Another question about ports, I have several that are "closed", but not stealth. How do you change a port from closed to stealth, so that it doesn't even show up when pinged?

grue155

The TCP and UDP protocols define a response mechanism when a packet is delivered to a host with a closed port. Some operating systems provide a way to turn off that response (BSD systems and the "blackhole" sysctl setting, for example). Otherwise a firewall front-end running on the host that intercepts the packet and checks for a listening port. If no matching port exists, then the packet is dropped, and the operating system doesn't see it. With no error response, the machine is "stealthed", like it wasn't even plugged in.

Nistlerooy

Sorry for the intrusion, but I'm interested in this. If someone were running XP and IE 7, how would I go about turning these things off to make the first set of working ports as "stealth"? I also use McAfee and PC Tools spyware.

grue155

On a Windows box, you need to use a firewall. I'm not aware of any other way to do it.

Nistlerooy

Thanks for the info, grue155. I actually found a setting in my Qwest router (by typing the IP address into the address bar and connecting directly) to put it into "Stealth Mode." This did the trick.

I looked more into this reverse DNS thing, and I, too, am interested. My ISP is Qwest. If I called them up, are they able to remove the reverse DNS for just a single customer, or do they have to do it for each and every single customer (like an "all or nothing")?

Thanks,

grue155

That's the router protecting your entire LAN. You've told the router embedded firewall to not reply to packets without a destination port.

That's a policy decision that their management makes. It can be done, but would it be done? Only way to find out, is call them and ask.