List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Thats where the white list comes into play.
On Thu, 2004-01-08 at 19:22, Alexander Schreiber wrote:
> On Thu, Jan 08, 2004 at 06:57:28PM +0100, Daniel Privratsky wrote:
> > Wrong.
> > 1) If you don't receive "destination unreachable" packet, you know
> > nothing about the target host yet. This is not perfect-network world.
> > There can be other fw/router anywhere in the way, killing this type of
> > icmp traffic.
> > 2) It slows scans a lot.
> Only for people too stupid for doing port scans (a rare defect even
> among script kiddies).
> > You can of course do scannig in parallel, but
> > don't be surprised, when you find yourself killed with no mercy by IDS,
> > after matching SYN threshold. 1000+ syns/sec form IP adress to monitored
> > system is sure ban.
> Cool. Your IDS just banned the IPs of your customers mail-, web- and
> proxy-servers. Spoofing IP adresses just to mess with such automatic
> systems is easy.
signature.asc (This is a digitally signed message part)