Gentoo Archives: gentoo-security

From: Frank Gruellich <frank@××××××××××××.org>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 22:52:39
Message-Id: 20040108224816.GS4413@home.manuelm.org
In Reply to: Re: [gentoo-security] firewall suggestions? by Scott Taylor
* Scott Taylor <scott@××××××××××××××××.net>  8. Jan 04
> Replying in a specific manner which may have been at one point the > proper and polite way for an IP stack to behave, often turns into a > method for abuse.
Then make a new RFC. It will be discussed. (Avoid the time around 1. April).
> Spoof a bunch of syn packets to a host you know replies with a rst, > and it sends all those extra packets to a victim machine who never > sent the syn packet in the first place. So that machine sends back > "port unreachables" and further clogs up their network.
Huh, RST isn't answered... thank you for making your savvy obvious.
> Add to that all the silly microsoft products that either blatantly > ignore or just never bothered to read the appropriate RFC... For my > network, I opt to spew out as few replies to unwanted traffic as > possible. I've already got too many worms out there wasting my bandwidth > trying to infect me with the sql slammer or whatever the worm of the day > is.
There are periods you may ignore selected packets. It's your admins job to react to such things.
> I'd rather not waste any more of my bandwidth telling them that they > can't connect here. They probably aren't even checking for an icmp > unreachable message back from me anyway.
Wow, so crackers, spammers and MS's programers (all the same bunch) are dictating the rules? This net is not made for wormes or stupid implemtations, but for communication. If you don't want to communicate, plug off. Thank you, regards, Frank. -- Sigmentation fault -- gentoo-security@g.o mailing list