Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Wrong.
1) If you don't receive "destination unreachable" packet, you know
nothing about the target host yet. This is not perfect-network world.
There can be other fw/router anywhere in the way, killing this type of
icmp traffic.
2) It slows scans a lot. You can of course do scannig in parallel, but
don't be surprised, when you find yourself killed with no mercy by IDS,
after matching SYN threshold. 1000+ syns/sec form IP adress to monitored
system is sure ban.
Daniel Privratsky
Oliver Schad wrote:
> Am Mittwoch, 7. Januar 2004 23:05 schrieb mir Mark Hurst:
>
>>It's much better to have a firewall than just have ports not open. Even
>>though a port is not open it can reveal the presence of your machine by
>>the manner in which the IP stack responds to a connection attempt.
>>Using a firewall you can drop those packets, making all your closed
>>ports invisible.
>
>
> If you want to invisible, the next router to you have to send an ICMP
> packet with "host unreachable". If you say nothing anybody with some
> brain between his ears knows there is a very intelligent guy that want to
> be invisible.
>
> mfg
> Oli
>
> --
> gentoo-security@g.o mailing list
>
>
--
gentoo-security@g.o mailing list
|
|
