Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 16:36:57
Message-Id: 200401081728.18509.o.schad@web.de
In Reply to: Re: [gentoo-security] firewall suggestions? by "Thomas T. Veldhouse"
Am Donnerstag, 8. Januar 2004 16:57 schrieb mir Thomas T. Veldhouse:
> Oliver Schad wrote: > > Not really. And why should a network scan be dangerous? Security by > > obscurity doesn't work. You can scan a well configured host all day > > long, who cares? > > True, but if you do happen to have an exploitable service (i.e. the brk > issue with the linux kernel and rsync recently), a script kiddie might > grow tired of waiting for scan results from your network and go > elsewhere. Certainly slowing down potential hackers buys time and > frustration for the attacker if nothing else. The assumption that all > potential attackers are experts is not a good one.
The brk issue is a local problem, it has nothing to do with networking. The security hole in rsync is/was still there if you deny requests to closed ports. And I don't believe that any script kid sits crying in front of his computer and runs to his mom "The f****** admin blocks all my attacks, wuaaaaaaaaaaahhhhhh!" because you have blocked all connections to closed ports. If I would search for vulnerable rsync server, I would start the ultimate hacker tool in the evening and after sweet dreams in the night I would look for my victims with a well tasting cup of tea in my hand in the next morning. And I swear, I wouldn't start to cry, because you did block any of my requests. It don't increase your security and it breaks internet standards. And is it not true, that it slow down network scans in a worthy of mention. It makes no sense to block requests to closed ports. mfg Oli -- gentoo-security@g.o mailing list