Stealth ports setting - does it really help?

I just read this article which suggests that “stealthing” your ports makes no difference to your security. Just wondering what thoughts, if any, people have about this.

http://www.hansenonline.net/Networking/stealth.html

Well, stealth ports wizard in CIS also adds “block all incoming” rule in the global rules section. It protects you from random connections you didn’t requested, so it’s still increasing your security.

And even if the article is right, and you make yourself “more visible” by usiung stealth, so what? Even if a hacker knows that something must be there because pockets are dropped, what can he do, if all incoming connections are blocked anyway?

Example: DDoS if that would be a goal of the ‘hacker’. Your router/computer still has to process and then drop the packets which, if they are more than your bandwidth, will block your internet connection, however I don’t see a random hacker using DDoS on random people, more likely if you have a server for sorts that others need to access, people love to ruin that kind of stuff.

Open ports - Bad
Closed ports - Good
Stealth ports - Equal to closed ports in security as long as you do not allow something through.

At least the above is what I’ve learned about it, might be wrong.

DDoS attack is when several computers send huge ammount of requests your way each second, right? Shouldn’t firewall \ CIS protect against those? I don’t know because I never experienced one.

And if you’re hosting a server of any kind, you must open some ports, so they can’t be stealthned.

Yes, however there are several different techniques.

If it’s a small one, maybe. If it’s a big one, no. Even if you protect yourself your wire to the internet will still be bombarded with so much data that almost none of the legitimate data will come through, the filtering happens at the firewall which also needs to filter out the bad data from the good data which also takes processing so during a well performed DDoS your bandwidth will be maxed out and your router might give up if it’s a bad router.
When routers and firewalls have ‘flood protection’ I really do wonder what this implies.
If you are connected to the internet and the attacker knows your IP (or domain-name) and his goal is DDoS then it doesn’t matter if your ports are open, closed or stealthed, the attacker will still know if you’re there or not. However open ports open up for many more kind of attacks.
But honestly, I’d doubt someone would take the time to DDoS you unless you give them a reason.
But then again I am no expert in DDoS.

Indeed.

Yeah, avarage home user most likely won’t be a target of DoS or DDoS, unless it’s a personal matter \ grudge or something, but out of curiosity, how DO you protect against such attacks? Like how do companies do that, since they’re more likely targets.

I don’t really know all of the techniques but one is to absorb the data like CloudFlare did with Spamhaus (you can google that) And big companies like Google probably have the bandwidth and processing power to deal with these kind of attacks.
But usually the target is the website or service of the company and most often… it goes down, mostly for a few hours or minutes but sometimes for days, it depends on how ‘devoted’ the attackers are since they risk their identity more and more the longer the attack goes on. Something I think is a common practice is to upgrade the bandwidth and such during DDoS with the goal of having more bandwidth and processing power than the attackers generate which sometimes can be a hard thing to do when you also need to serve the legit data.
So from what I know, one does not protect oneself from these attacks, you mitigate it. However I have seen some thing claiming to be able to protect against DDoS however I do not know how or even if they work.

Edit: I just noticed we are going off-topic and it’s my fault again 88) I have to stop making opportunities for going off-topic. So further discussion about this should be over PM or have it’s own thread. Sorry for going off-topic, mods.

Ok, back on topic then, with stealthened ports naking you “more visible” to a hacker (according to an article) and CIS’ “block all incoming” global rule, assuming you don’t run any servers, can a hacker do damage to your pc? (D)DoS attack, while annoying, can’t really damage anything…at least I don’t think it can.

I don’t know if it makes you more visible, it at least doesn’t make you less visible.

A hacker can always do damage to your PC, example through already installed malware etc which calls home for instructions, doesn’t need to have incoming connections to be controlled. However blocking all incoming connections will significantly reduce the risk but it will not remove the risk.

I have no idea if it’s true or not but I’ve heard ‘tales’ of when large DDoS attacks have fried routers etc, reason being they have to work so hard and with insufficient cooling and probably bad thermal throttling it does not shut itself down before overheating too much.

Stealth is not what it says it brings. Stealth is a violation of the tcp/ip protocol with unexpected side effect

A hacker can always do damage to your PC, example through already installed malware etc which calls home for instructions, doesn't need to have incoming connections to be controlled.
That is for the situation a user is infected but that's not the scenario at hand.
However blocking all incoming connections will significantly reduce the risk but it will not remove the risk.I have no idea if it's true or not but I've heard [b][u]'tales'[/u][/b] of when large DDoS attacks have fried routers etc, reason being they have to work so hard and with insufficient cooling and probably bad thermal throttling it does not shut itself down before overheating too much.
Burning up a server under heavy load conditions only means it was badly designed or had a hardware error that came to light because of the heavy load. None of the servers that were under attack a couple of months ago, a number of bank in my country were DDOSssed, died but the attackes disrupted traffic to those web sites.

Indeed however I do not know what these side effects are, could you enlighten me?

The situation provided was Stealthed ports, no incoming connections and no servers, malware was not defined in the situation provided.

Like I said, it’s only what I’ve heard and I would assume it’s about home users with a dodgy router filled with dust, not corporate networks. However I have not seen an instance where hardware has been damaged only heard about it from third parties which I wouldn’t call reliable but I do not dismiss the eventual risk of hardware damage as a result of DDoS.

Edit:
A Question for you:
Lets assume the user has a 100Mb/s connection up and down, lets also assume that the user is a victim of DDoS and that the attacker has a botnet with a collected bandwidth of ~1Gb/s. Lets now assume that the traffic is easily filtered because it follows a static pattern, would the DDoS have no effect now? From what I can manage to find on the internet, this is what they are implying. But wouldn’t you still have traffic coming to you and wouldn’t the downwards connection still be bombarded and your bandwidth filled since the DDoS is filtered first at the firewall?

As per the article; the upstream router does not tell anything because of the stealth settings of a computer and is therefor disclosing. The router should say client is not there but it doesn’t it.

The situation provided was Stealthed ports, no incoming connections and no servers, malware was not defined in the situation provided.
It is partially related at best.
Like I said, it's only what I've heard and I would assume it's about home users with a dodgy router filled with dust, not corporate networks. However I have not seen an instance where hardware has been damaged only heard about it from third parties which I wouldn't call reliable but I do not dismiss the eventual risk of hardware damage as a result of DDoS.
The story had the smell of urban legend to me.
Edit: A Question for you: Lets assume the user has a 100Mb/s connection up and down, lets also assume that the user is a victim of DDoS and that the attacker has a botnet with a collected bandwidth of ~1Gb/s. Lets now assume that the traffic is easily filtered because it follows a static pattern, would the DDoS have no effect now? From what I can manage to find on the internet, this is what they are implying. But wouldn't you still have traffic coming to you and wouldn't the downwards connection still be bombarded and your bandwidth filled since the DDoS is filtered first at the firewall?
To be honest; I have no idea..

Yes, but is there another mode which makes the router say that the client is there? To my knowledge closed ports also give away that you are there, but I might be wrong.

The question was whether a hacker still can do damage with the settings provided and in the scenario I posted the hacker could do damage and it falls within the rules of the situation, should I otherwise only have written “No” with no explanation?

It’s not a single story, heard similar stories on different places but no references to actual sources or proof that it has happened. But for now I will regard them as false however will not assume that a DDoS can not in any way hurt the hardware.

Ok, it’s something that is bothering me at the moment. :-\