Gentoo Archives: gentoo-security

From: Mans Matulewicz <cybermans@××××××.nl>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 19:08:14
Message-Id: 1073588371.17206.2.camel@localhost
In Reply to: Re: [gentoo-security] firewall suggestions? by Alexander Schreiber
Thats where the white list comes into play.
On Thu, 2004-01-08 at 19:22, Alexander Schreiber wrote:
> On Thu, Jan 08, 2004 at 06:57:28PM +0100, Daniel Privratsky wrote: > > Wrong. > > > > 1) If you don't receive "destination unreachable" packet, you know > > nothing about the target host yet. This is not perfect-network world. > > There can be other fw/router anywhere in the way, killing this type of > > icmp traffic. > > > > 2) It slows scans a lot. > > Only for people too stupid for doing port scans (a rare defect even > among script kiddies). > > > You can of course do scannig in parallel, but > > don't be surprised, when you find yourself killed with no mercy by IDS, > > after matching SYN threshold. 1000+ syns/sec form IP adress to monitored > > system is sure ban. > > Cool. Your IDS just banned the IPs of your customers mail-, web- and > proxy-servers. Spoofing IP adresses just to mess with such automatic > systems is easy. > > Regards, > Alex.

Attachments

File name MIME type
signature.asc application/pgp-signature