Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Mans Matulewicz <cybermans@...>
Subject: Re: firewall suggestions?
Date: Thu, 08 Jan 2004 19:59:31 +0100
Thats where the white list comes into play.
On Thu, 2004-01-08 at 19:22, Alexander Schreiber wrote:
> On Thu, Jan 08, 2004 at 06:57:28PM +0100, Daniel Privratsky wrote:
> > Wrong.
> > 
> > 1) If you don't receive "destination unreachable" packet, you know
> > nothing about the target host yet. This is not perfect-network world.
> > There can be other fw/router anywhere in the way, killing this type of
> > icmp traffic.
> > 
> > 2) It slows scans a lot.
> 
> Only for people too stupid for doing port scans (a rare defect even
> among script kiddies).
> 
> > You can of course do scannig in parallel, but
> > don't be surprised, when you find yourself killed with no mercy by IDS,
> > after matching SYN threshold. 1000+ syns/sec form IP adress to monitored
> > system is sure ban.
> 
> Cool. Your IDS just banned the IPs of your customers mail-, web- and
> proxy-servers. Spoofing IP adresses just to mess with such automatic
> systems is easy.
> 
> Regards,
>        Alex.
Attachment:
signature.asc (This is a digitally signed message part)
References:
firewall suggestions?
-- Pooh Sun Tzu
Re: firewall suggestions?
-- Mark Hurst
Re: firewall suggestions?
-- Oliver Schad
Re: firewall suggestions?
-- Daniel Privratsky
Re: firewall suggestions?
-- Alexander Schreiber
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: firewall suggestions?
Next by thread:
Re: firewall suggestions?
Previous by date:
Re: firewall suggestions?
Next by date:
Re: firewall suggestions?


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.