Gentoo Archives: gentoo-security

From: Daniel Privratsky <dsokrates@××××××.cz>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 18:10:14
Message-Id: 3FFD9A08.6010805@seznam.cz
In Reply to: Re: [gentoo-security] firewall suggestions? by Oliver Schad
Wrong.

1) If you don't receive "destination unreachable" packet, you know
nothing about the target host yet. This is not perfect-network world.
There can be other fw/router anywhere in the way, killing this type of
icmp traffic.

2) It slows scans a lot. You can of course do scannig in parallel, but
don't be surprised, when you find yourself killed with no mercy by IDS,
after matching SYN threshold. 1000+ syns/sec form IP adress to monitored
system is sure ban.

Daniel Privratsky



Oliver Schad wrote:

> Am Mittwoch, 7. Januar 2004 23:05 schrieb mir Mark Hurst: > >>It's much better to have a firewall than just have ports not open. Even >>though a port is not open it can reveal the presence of your machine by >>the manner in which the IP stack responds to a connection attempt. >>Using a firewall you can drop those packets, making all your closed >>ports invisible. > > > If you want to invisible, the next router to you have to send an ICMP > packet with "host unreachable". If you say nothing anybody with some > brain between his ears knows there is a very intelligent guy that want to > be invisible. > > mfg > Oli > > -- > gentoo-security@g.o mailing list > >
-- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Oliver Schad <o.schad@×××.de>
Re: [gentoo-security] firewall suggestions? Alexander Schreiber <als@××××××××××××.de>