Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: Andreas Waschbuesch <awaschb@...>
From: Mark Hurst <mark@...>
Subject: Re: firewall suggestions?
Date: Fri, 9 Jan 2004 17:31:58 +1100
> > When an exploit is found and everybody use reject more computers can
> > be scanned for the exploitable program/service in the same time... I
> > don't see why we should make it easy for the script kids...
> 
> As shown that's no advantage. One could generate many, many parallel
> ICMPs and wait for the one timeout period. Quite the opposite of Your 
> proposition is true: Ident eg. helps You to identify the "bad guys" in 
> Your network - supposed You got a propperly configured network. DENY for
> ident renders such information useless, because DENIED packets won't get
> logged anymore. So - one could even say You're going to protect the "bad
> guys".

Then why do people run tarpits? The scanner has limited outgoing
resources, having to wait for a timeout reduces the amount of ports they
can scan in a specific timeframe. 

Whether or not you run an ident server and allow access to it is another
matter.

And what's to stop you logging dropped packets?


regards

--
gentoo-security@g.o mailing list

References:
RE: firewall suggestions?
-- MA
Re: firewall suggestions?
-- Andreas Waschbuesch
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.