List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
* Ben Cressey <ben@...> 8. Jan 04
> > To hide a host is always very stupid, why should you do this? There is no
> > advantage. If you "hide" your computer an attacker knows there is an
> > stupid guy who doesn't know anything about network security.
> You're rather free with calling people "stupid" with little to no
Well, let's see.
> If I am just running a web server, nobody has any business connecting to any
> port besides 80/tcp and 443/tcp. ICMP traffic is fine, but what legitimate
> purpose is there in attempting a connection to another tcp port?
It's kinda social thing. If you tip my shoulder asking for time I would
answer, that I have no clock. If I give no answer at all you would call
me shy, taciturn, unsocial or, simply, stupid.
> It's not about hiding the server or some fictitious security gain --
> although as someone pointed out replying to potentially spoofed source
> addresses could be leveraged into some form of DoS attack.
Would you please be so kind to explain that. I am still interested in
this and still can't see how to use this in a DoS attack. In fact,
there are many more efficient ways to DoS a host.
> As far as RFCs go, the only relevant excerpt I could find was quoted on
You want to read RFC1812.
email@example.com mailing list