Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: 'Frank Gruellich' <frank@...>, gentoo-security@g.o
From: Benjamin Jury <benjamin.jury@...>
Subject: RE: firewall suggestions?
Date: Thu, 8 Jan 2004 14:54:33 -0000
> * Thomas T. Veldhouse <veldy@...>  8. Jan 04
> > Oliver Schad wrote:
> > > [DROP or REJECT]
> > One reason ... it slows down various scans.
> 
> No, it doesn't.  It would, if $scanner sends one SYN and wait for the
> answer to it.  In fact it sends you SYNs to all your ports at once and
> collects answers (or not) in parallel.  You extend the scan 
> time for one
> timeout (which is nothing (~3min?) against the time to send all
> requests).

If you reject the packet does it not allow you to be used for DOSing a host
via a spoofed IP?

--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Frank Gruellich
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.