Gentoo Archives: gentoo-security

From: Oliver Schad <o.schad@×××.de>
To: Ben Cressey <ben@×××××.org>, gentoo-security@l.g.o
Subject: Re: [gentoo-security] firewall suggestions?
Date: Thu, 08 Jan 2004 21:06:51
In Reply to: Re: [gentoo-security] firewall suggestions? by Ben Cressey
Am Donnerstag, 8. Januar 2004 21:16 schrieb mir Ben Cressey:
> > To hide a host is always very stupid, why should you do this? There > > is no advantage. If you "hide" your computer an attacker knows there > > is an stupid guy who doesn't know anything about network security. > > You're rather free with calling people "stupid" with little to no > justification. One could as easily turn it around and ask "why should > my server reply at all to connection attempts to ports I am not running > any services on?"
--------------[RFC 793 - Transmission Control Protocol]--------- / | Reset Generation | | As a general rule, reset (RST) must be sent whenever a segment | arrives which apparently is not intended for the current connection. | A reset must not be sent if it is not clear that this is the case. | | There are three groups of states: | | 1. If the connection does not exist (CLOSED) then a reset is sent | in response to any incoming segment except another reset. In | particular, SYNs addressed to a non-existent connection are | rejected by this means. \ --------------------------------------------------------------- --------------[RFC 792 - INTERNET CONTROL MESSAGE PROTOCOL]--------- / | If, in the destination host, the IP module cannot deliver the | datagram because the indicated protocol module or process port is | not active, the destination host may send a destination | unreachable message to the source host. \ --------------------------------------------------------------- What was your argument? mfg Oli -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] firewall suggestions? Paul de Vrieze <pauldv@g.o>
Re: [gentoo-security] firewall suggestions? Stewart Honsberger <blkdeath@g.o>