Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: Ben Cressey <ben@×××××.org>, gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 21:06:51
Message-Id: 200401082155.31219.o.schad@web.de
In Reply to: Re: [gentoo-security] firewall suggestions? by Ben Cressey
1 Am Donnerstag, 8. Januar 2004 21:16 schrieb mir Ben Cressey:
2 > > To hide a host is always very stupid, why should you do this? There
3 > > is no advantage. If you "hide" your computer an attacker knows there
4 > > is an stupid guy who doesn't know anything about network security.
5 >
6 > You're rather free with calling people "stupid" with little to no
7 > justification. One could as easily turn it around and ask "why should
8 > my server reply at all to connection attempts to ports I am not running
9 > any services on?"
10
11 --------------[RFC 793 - Transmission Control Protocol]---------
12 /
13 | Reset Generation
14 |
15 | As a general rule, reset (RST) must be sent whenever a segment
16 | arrives which apparently is not intended for the current connection.
17 | A reset must not be sent if it is not clear that this is the case.
18 |
19 | There are three groups of states:
20 |
21 | 1. If the connection does not exist (CLOSED) then a reset is sent
22 | in response to any incoming segment except another reset. In
23 | particular, SYNs addressed to a non-existent connection are
24 | rejected by this means.
25 \
26 ---------------------------------------------------------------
27
28 --------------[RFC 792 - INTERNET CONTROL MESSAGE PROTOCOL]---------
29 /
30 | If, in the destination host, the IP module cannot deliver the
31 | datagram because the indicated protocol module or process port is
32 | not active, the destination host may send a destination
33 | unreachable message to the source host.
34 \
35 ---------------------------------------------------------------
36
37 What was your argument?
38
39 mfg
40 Oli
41
42 --
43 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] firewall suggestions? Paul de Vrieze <pauldv@g.o>
Re: [gentoo-security] firewall suggestions? Stewart Honsberger <blkdeath@g.o>