Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Frank Gruellich <frank@...>
Subject: Re: firewall suggestions?
Date: Thu, 8 Jan 2004 22:51:41 +0100
* Ben Cressey <ben@...>  8. Jan 04
> > To hide a host is always very stupid, why should you do this? There is no
> > advantage.  If you "hide" your computer an attacker knows there is an
> > stupid guy who doesn't know anything about network security.
> You're rather free with calling people "stupid" with little to no
> justification.

Well, let's see.

> If I am just running a web server, nobody has any business connecting to any
> port besides 80/tcp and 443/tcp.  ICMP traffic is fine, but what legitimate
> purpose is there in attempting a connection to another tcp port?

It's kinda social thing.  If you tip my shoulder asking for time I would
answer, that I have no clock.  If I give no answer at all you would call
me shy, taciturn, unsocial or, simply, stupid.

> It's not about hiding the server or some fictitious security gain  --
> although as someone pointed out replying to potentially spoofed source
> addresses could be leveraged into some form of DoS attack.

Would you please be so kind to explain that.  I am still interested in
this and still can't see how to use this in a DoS attack.  In fact,
there are many more efficient ways to DoS a host.

> As far as RFCs go, the only relevant excerpt I could find was quoted on
> [snip]

You want to read RFC1812.

 Regards, Frank.
-- 
Sigmentation fault

--
gentoo-security@g.o mailing list

Replies:
Re: firewall suggestions?
-- Julian Phillips
References:
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Ben Cressey
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Security without obscurity
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.