List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
1) If you don't receive "destination unreachable" packet, you know
nothing about the target host yet. This is not perfect-network world.
There can be other fw/router anywhere in the way, killing this type of
2) It slows scans a lot. You can of course do scannig in parallel, but
don't be surprised, when you find yourself killed with no mercy by IDS,
after matching SYN threshold. 1000+ syns/sec form IP adress to monitored
system is sure ban.
Oliver Schad wrote:
> Am Mittwoch, 7. Januar 2004 23:05 schrieb mir Mark Hurst:
>>It's much better to have a firewall than just have ports not open. Even
>>though a port is not open it can reveal the presence of your machine by
>>the manner in which the IP stack responds to a connection attempt.
>>Using a firewall you can drop those packets, making all your closed
> If you want to invisible, the next router to you have to send an ICMP
> packet with "host unreachable". If you say nothing anybody with some
> brain between his ears knows there is a very intelligent guy that want to
> be invisible.
> firstname.lastname@example.org mailing list
email@example.com mailing list