I'm SO mad about computers sending ICMP Unreachable messages about closed UDP ports.
DON'T JUST GIVE AWAY WHAT PORTS YOU ARE USING
StackOverflow posts like "How do I turn this off" with answers like "Stop wanting to turn it off" EAT 100% OF MY ENTIRE ASS
I just want to run a service that can't be tagged on Shodan without having CAP_NET_RAW T_T
Please
@jennamagius maybe add a firewall rule blocking outbound ICMP Unreachable?
@queerhackerwitch That's what the StackOverflow advice is, and that's pretty much the best answer. It doesn't really make it possible to run a hidden service without privileges though, 'cause you need privileges to make the firewall rule.
@jennamagius it makes sense to need root privileges to be able to hide a service though, even as a one time thing to set up a firewall rule
@queerhackerwitch Kinda. I mean, it's not "hidden" from the admins of the box: it shows up in netstat. It's just hidden from people on the far side of the network. I kinda resent the notion that people on the far side of a network "have a right" to know what services you are running by default.
@jennamagius It’s not that they “have a right” it’s just from a protocol practicality point of view. It’s often better for a server to respond “nothing’s on this port, go away” than to remain silent and have the other end keep retrying (because there’s an assumption that the network can be unreliable).
@queerhackerwitch The thing is, anyone who should be accessing remote-access services on my network should have a-priori out-of-band knowledge about what services should and should not exist. There's no user that's like "Maybe there is not supposed to be a service here or maybe this is connectivity problems" because they should know FOR A FACT, BEFORE THEY START what services are and are not supposed to exist.